From fa78b6615444e6db21045f93c2b3ae763e23aff9 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 7 Nov 2017 19:07:59 +0100 Subject: [PATCH 01/71] n nixpkgs: c99239b -> cfafd6f --- nin/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/source.nix b/nin/source.nix index 188ebafcc..bbf88d804 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "c99239b"; + ref = "cfafd6f"; }; } From 7ed6fd18bb99884889a76ad9f597193861f44dc9 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 9 Nov 2017 09:45:48 +0100 Subject: [PATCH 02/71] n 2 default: add nixos binary cache --- nin/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 0d2253c27..d7b89c80c 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -4,6 +4,7 @@ with import ; { imports = [ ../2configs/vim.nix + { users.extraUsers = From 29f9d3b86926916df63d4525f909316df5638f86 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 5 Dec 2017 21:29:45 +0000 Subject: [PATCH 03/71] boom --- jeschli/1systems/reagenzglas/.source.nix.swp | Bin 0 -> 12288 bytes jeschli/1systems/reagenzglas/config.nix | 136 ++++++++++++++++++ .../reagenzglas/hardware-configuration.nix | 33 +++++ jeschli/1systems/reagenzglas/source.nix | 4 + jeschli/2configs/vim.nix | 102 +++++++++++++ jeschli/default.nix | 9 ++ jeschli/source.nix | 22 +++ 7 files changed, 306 insertions(+) create mode 100644 jeschli/1systems/reagenzglas/.source.nix.swp create mode 100644 jeschli/1systems/reagenzglas/config.nix create mode 100644 jeschli/1systems/reagenzglas/hardware-configuration.nix create mode 100644 jeschli/1systems/reagenzglas/source.nix create mode 100644 jeschli/2configs/vim.nix create mode 100644 jeschli/default.nix create mode 100644 jeschli/source.nix diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp new file mode 100644 index 0000000000000000000000000000000000000000..8c1a75f39d683fb6b84216dbadb8acf19d3bc735 GIT binary patch literal 12288 zcmeI&Jxatt6u|Kpu@yx-u^1!RxwEUy!n*brR-%PnjN@+Bd@Pv+{6NJ6iH!&F7#_fL zh!f4C=#tJt`40@kn>X{q{2)ch9Jdd5_f)sl7S|R;`mgIpFW!pmFN=(f4To`5Wg1&< zfTy2OX>^`hZHp{C8)k8$C%KNju!TviuBw`ks@i5{9-5Zh)A#_A z2p}+Bpe#-|x^uF%*?E7}*Zftrw0JOmEwcz9fB*srAbeSj=zqB{@Ao81##vsd?VlIy LKkw4-s4IB`2E0zr literal 0 HcmV?d00001 diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix new file mode 100644 index 000000000..e75e52020 --- /dev/null +++ b/jeschli/1systems/reagenzglas/config.nix @@ -0,0 +1,136 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + + ]; + + # Use the GRUB 2 boot loader. + # boot.loader.grub.enable = true; + # boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # Define on which hard drive you want to install Grub. +# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2"; + preLVM = true; + allowDiscards = true; + } + ]; + networking.hostName = "reaganzglas"; # Define your hostname. +# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + +} diff --git a/jeschli/1systems/reagenzglas/hardware-configuration.nix b/jeschli/1systems/reagenzglas/hardware-configuration.nix new file mode 100644 index 000000000..a6ab3f16e --- /dev/null +++ b/jeschli/1systems/reagenzglas/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DA40-AC19"; + fsType = "vfat"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; +# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix new file mode 100644 index 000000000..7543de6b9 --- /dev/null +++ b/jeschli/1systems/reagenzglas/source.nix @@ -0,0 +1,4 @@ +import { + name = "reagenzglas"; + secure = true; +} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix new file mode 100644 index 000000000..43fcb1956 --- /dev/null +++ b/jeschli/2configs/vim.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: + + +# let +# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { +# name = "ultisnips"; +# src = pkgs.fetchFromGitHub { +# owner = "SirVer"; +# repo = "ultisnips"; +# rev = "3.1"; +# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; +# }; +# }; +# +let + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; + }; + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + :imap jk + :vmap v v + :map gr :GoRun + :nnoremap :bnext + :nnoremap + set autowrite + set number + set ruler + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="" + let g:UltiSnipsJumpForwardTrigger="" + let g:UltiSnipsJumpBackwardTrigger="" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } + ]; + + }) + ]; +} diff --git a/jeschli/default.nix b/jeschli/default.nix new file mode 100644 index 000000000..92de07407 --- /dev/null +++ b/jeschli/default.nix @@ -0,0 +1,9 @@ +_: +{ + imports = [ + ../krebs +# ./2configs +# ./3modules +# ./5pkgs + ]; +} diff --git a/jeschli/source.nix b/jeschli/source.nix new file mode 100644 index 000000000..d5e14a8dc --- /dev/null +++ b/jeschli/source.nix @@ -0,0 +1,22 @@ +with import ; +host@{ name, secure ? false, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "jeschli"; + _file = + "/jeschli/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + nixpkgs.git = { + url = https://github.com/nixos/nixpkgs; + ref = "f9390d6"; + }; + secrets.file = getAttr builder { + buildbot = toString ; + jeschli = "/home/jeschli/secrets/${name}"; + }; + stockholm.file = toString ; + } + override + ] From 64e0ccac92b6725a4eb1e5ef06782c07f20e44dd Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 6 Dec 2017 16:41:08 +0000 Subject: [PATCH 04/71] jeschli:+ retiolum, +lass vim --- jeschli/1systems/reagenzglas/config.nix | 18 +- jeschli/2configs/copy-vim.nix | 102 ++++++ jeschli/2configs/default.nix | 66 ++++ jeschli/2configs/retiolum.nix | 22 ++ jeschli/2configs/vim.nix | 445 +++++++++++++++++++----- jeschli/default.nix | 2 +- 6 files changed, 562 insertions(+), 93 deletions(-) create mode 100644 jeschli/2configs/copy-vim.nix create mode 100644 jeschli/2configs/default.nix create mode 100644 jeschli/2configs/retiolum.nix diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix index e75e52020..d3065b0f5 100644 --- a/jeschli/1systems/reagenzglas/config.nix +++ b/jeschli/1systems/reagenzglas/config.nix @@ -7,8 +7,8 @@ { imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix - ]; # Use the GRUB 2 boot loader. @@ -20,7 +20,7 @@ boot.loader.efi.canTouchEfiVariables = true; # Define on which hard drive you want to install Grub. # boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only - + boot.initrd.luks.devices = [ { name = "root"; @@ -64,7 +64,7 @@ rxvt_unicode # editors emacs - # internet + # internet thunderbird chromium google-chrome @@ -85,7 +85,6 @@ # Some programs need SUID wrappers, can be configured further or are # started in user sessions. - programs.bash.enableCompletion = true; # programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; @@ -95,7 +94,7 @@ services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas" - ]; + ]; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; @@ -133,4 +132,13 @@ # should. system.stateVersion = "18.03"; # Did you read the comment? + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + export GOPATH=$HOME/go + export PATH=$PATH:$GOPATH/bin + ''; + }; + + krebs.build.host = config.krebs.hosts.reagenzglas; } diff --git a/jeschli/2configs/copy-vim.nix b/jeschli/2configs/copy-vim.nix new file mode 100644 index 000000000..43fcb1956 --- /dev/null +++ b/jeschli/2configs/copy-vim.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: + + +# let +# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { +# name = "ultisnips"; +# src = pkgs.fetchFromGitHub { +# owner = "SirVer"; +# repo = "ultisnips"; +# rev = "3.1"; +# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; +# }; +# }; +# +let + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; + }; + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = '' + :imap jk + :vmap v v + :map gr :GoRun + :nnoremap :bnext + :nnoremap + set autowrite + set number + set ruler + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="" + let g:UltiSnipsJumpForwardTrigger="" + let g:UltiSnipsJumpBackwardTrigger="" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } + ]; + + }) + ]; +} diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix new file mode 100644 index 000000000..7fb240951 --- /dev/null +++ b/jeschli/2configs/default.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +with import ; +{ + imports = [ + ./vim.nix + ./retiolum.nix + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + file + kpaste + krebspaste + mosh + pciutils + psmisc + # q + # rs + tmux + untilport + usbutils + # logify + goify + + #unpack stuff + p7zip + unzip + unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') + ]; + + krebs.enable = true; +} diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix new file mode 100644 index 000000000..403300b30 --- /dev/null +++ b/jeschli/2configs/retiolum.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "gum" + "ni" + "dishfire" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; + + environment.systemPackages = [ + pkgs.tinc + ]; +} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 43fcb1956..f6c736fbc 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -1,102 +1,373 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: - -# let -# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { -# name = "ultisnips"; -# src = pkgs.fetchFromGitHub { -# owner = "SirVer"; -# repo = "ultisnips"; -# rev = "3.1"; -# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; -# }; -# }; -# +with import ; let - customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { - name = "vim-javascript"; - src = pkgs.fetchFromGitHub { - owner = "pangloss"; - repo = "vim-javascript"; - rev = "1.2.5.1"; - sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; - }; + out = { + environment.systemPackages = [ + (hiPrio vim) + pkgs.python35Packages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; }; - customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { - name = "vim-jsx"; - src = pkgs.fetchFromGitHub { - owner = "mxw"; - repo = "vim-jsx"; - rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; - }; - }; -in { -# { - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - vimrcConfig.customRC = '' - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - set autowrite - set number - set ruler + vimrc = pkgs.writeText "vimrc" '' + set nocompatible - noremap x "_x - set clipboard=unnamedplus + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set ruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full - let g:jsx_ext_required = 0 + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" + set et ts=2 sts=2 sw=2 + filetype plugin indent on - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" + set t_Co=256 + colorscheme hack + syntax on - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif - ''; + au BufRead,BufNewFile *.hs so ${hs.vim} - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai - # vim-nix handles indentation better but does not perform sanity - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode - { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } - { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } - { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } - ]; + au BufRead,BufNewFile *.nix so ${nix.vim} + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + + " search with ack + let g:ackprg = 'ag --vimgrep' + cnoreabbrev Ack Ack! + + " copy/paste from/to xclipboard + noremap x "_x + set clipboard=unnamedplus + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ack-vim + pkgs.vimPlugins.Gundo + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-go + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) ]; -} + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.symlinkJoin { + name = "vim"; + paths = [ + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + '') + pkgs.vim + ]; + }; + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out diff --git a/jeschli/default.nix b/jeschli/default.nix index 92de07407..7886fef49 100644 --- a/jeschli/default.nix +++ b/jeschli/default.nix @@ -2,7 +2,7 @@ _: { imports = [ ../krebs -# ./2configs + ./2configs # ./3modules # ./5pkgs ]; From 994d822543ecc0d49cfa9319ba21d0cbf1f78b8a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Dec 2017 15:25:05 +0100 Subject: [PATCH 05/71] l nixpkgs: f9390d6 -> b4a0c01 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 292b92a9e..b60a6cb6c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f9390d6"; + ref = "b4a0c01"; }; secrets.file = getAttr builder { buildbot = toString ; From b4fb85aa44a7094a8adb9fd60ffde75d13841ae9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Dec 2017 20:24:24 +0100 Subject: [PATCH 06/71] l: add xerxes.r --- krebs/3modules/lass/default.nix | 45 ++++++++++++++++++++++++++++++ krebs/3modules/lass/ssh/xerxes.rsa | 1 + lass/1systems/xerxes/config.nix | 40 ++++++++++++++++++++++++++ lass/1systems/xerxes/source.nix | 11 ++++++++ lass/2configs/default.nix | 1 + lass/2configs/hw/gpd-pocket.nix | 9 ++++++ 6 files changed, 107 insertions(+) create mode 100644 krebs/3modules/lass/ssh/xerxes.rsa create mode 100644 lass/1systems/xerxes/config.nix create mode 100644 lass/1systems/xerxes/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ff6ba474f..ecf549df9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -574,6 +574,47 @@ with import ; }; }; }; + xerxes = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.3"; + ip6.addr = "42::1:3"; + aliases = [ + "xerxes.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U + MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk + gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W + /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb + mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO + X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj + +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim + hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 + 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 + H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 + JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 + hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe + SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo + 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe + vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 + Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO + scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv + jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ + Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u + /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 + bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ + sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; + }; }; users = { lass = { @@ -602,6 +643,10 @@ with import ; mail = "lass@icarus.r"; pubkey = builtins.readFile ./ssh/icarus.rsa; }; + lass-xerxes = { + mail = "lass@xerxes.r"; + pubkey = builtins.readFile ./ssh/xerxes.rsa; + }; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; diff --git a/krebs/3modules/lass/ssh/xerxes.rsa b/krebs/3modules/lass/ssh/xerxes.rsa new file mode 100644 index 000000000..2b5da7b25 --- /dev/null +++ b/krebs/3modules/lass/ssh/xerxes.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix new file mode 100644 index 000000000..0669748f5 --- /dev/null +++ b/lass/1systems/xerxes/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.xerxes; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + networking.wireless.enable = true; +} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix new file mode 100644 index 000000000..11f5bf796 --- /dev/null +++ b/lass/1systems/xerxes/source.nix @@ -0,0 +1,11 @@ +with import ; +import { + name = "xerxes"; + secure = true; + override = { + nixpkgs.git = mkForce { + url = https://github.com/lassulus/nixpkgs; + ref = "3eccd0b"; + }; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f8b750093..0e00dc2fd 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -22,6 +22,7 @@ with import ; config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix index e3d212741..193c12c13 100644 --- a/lass/2configs/hw/gpd-pocket.nix +++ b/lass/2configs/hw/gpd-pocket.nix @@ -7,8 +7,11 @@ let destination = "/lib/firmware/brcm/brcmfmac4356-pcie.txt"; }; in { + #imports = [ ]; hardware.firmware = [ dummy_firmware ]; + hardware.enableRedistributableFirmware = true; + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" "sdhci_pci" ]; boot.kernelPackages = pkgs.linuxPackages_4_14; boot.kernelParams = [ "fbcon=rotate:1" @@ -16,5 +19,11 @@ in { services.tlp.enable = true; services.xserver.displayManager.sessionCommands = '' (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) + (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) ''; + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; } From 01e608ac6b76f2a1dc7316a308e30114f9b0d1d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Dec 2017 17:30:48 +0100 Subject: [PATCH 07/71] l deploy: run with --diff --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fee43f8cd..ad133802f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -179,7 +179,7 @@ with import ; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' From 8bad968312cbf384444aabcc333b802ec141b09e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Dec 2017 17:51:49 +0100 Subject: [PATCH 08/71] l prism.r: add jescli stockholm permissions --- lass/1systems/prism/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b18abf509..87270b8b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -287,6 +287,15 @@ in { } + { + krebs.git.rules = [ + { + user = [ config.krebs.users.jeschli ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; From 79d41e9f54cecd7cc0098a55a8d4b758041369e1 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 12 Dec 2017 17:03:42 +0000 Subject: [PATCH 09/71] jeschli: +bluetooth --- jeschli/1systems/reagenzglas/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix index d3065b0f5..d65e897ae 100644 --- a/jeschli/1systems/reagenzglas/config.nix +++ b/jeschli/1systems/reagenzglas/config.nix @@ -141,4 +141,6 @@ }; krebs.build.host = config.krebs.hosts.reagenzglas; + + hardware.bluetooth.enable = true; } From 7838e709d149b9bf33c542a7451e235a61a29a21 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Dec 2017 18:50:36 +0100 Subject: [PATCH 10/71] krebs.backup: restartIfChanged = false --- krebs/3modules/backup.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 6f015d66b..c0b218c15 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -83,6 +83,7 @@ let rsync utillinux ]; + restartIfChanged = false; serviceConfig = rec { ExecStart = start plan; SyslogIdentifier = ExecStart.name; From 47f3d044e4d8e45168d54dc69368a598330b76ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Dec 2017 18:53:07 +0100 Subject: [PATCH 11/71] krebs.repo-sync: restartIfChanged = false --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0211b31ba..b2e3aa7c5 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -173,6 +173,7 @@ let REPONAME = "${name}.git"; }; + restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; From fa3c5eb1d83d2948d9810e1fd9e3d6ef53830722 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Dec 2017 20:30:27 +0100 Subject: [PATCH 12/71] tv urlwatch: watch GitHub Meta --- tv/2configs/urlwatch.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index a35254345..b0e12625d 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -47,7 +47,7 @@ with import ; #http://hackage.haskell.org/package/web-page # ref , services.openssh.knownHosts.github* - https://help.github.com/articles/github-s-ip-addresses/ + https://api.github.com/meta # # is derived from `configFile` in: From 2a3a3248def505c64c3f596acefa894959d4a20d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Dec 2017 21:06:21 +0100 Subject: [PATCH 13/71] cidr2glob: init Based on https://gist.github.com/speshak/b62fa28b49377cda8047cb227837244c --- krebs/5pkgs/simple/cidr2glob.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 krebs/5pkgs/simple/cidr2glob.nix diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix new file mode 100644 index 000000000..9b0b3f86b --- /dev/null +++ b/krebs/5pkgs/simple/cidr2glob.nix @@ -0,0 +1,30 @@ +{ python, writeScriptBin, ... }: + +let + pythonEnv = python.withPackages (ps: [ ps.netaddr ]); +in + writeScriptBin "cidr2glob" '' + #! ${pythonEnv}/bin/python + + import netaddr + import re + import sys + + def cidr2glob(cidr): + net = netaddr.IPNetwork(cidr) + + if net.prefixlen <= 8: + return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8)) + elif net.prefixlen <= 16: + return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16)) + elif net.prefixlen <= 24: + return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24)) + else: + return map(lambda ip: str(ip), list(net)) + + if __name__ == "__main__": + for cidr in sys.stdin: + for glob in cidr2glob(cidr): + print glob + + '' From 19fcba24f1ef050a8f8d553f09348adb2a007041 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Dec 2017 21:08:50 +0100 Subject: [PATCH 14/71] github: generate ssh_config from API --- krebs/3modules/default.nix | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a8933e719..5bedbcf25 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -224,21 +224,26 @@ let }; }) // - # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/github-s-ip-addresses/ - # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) - # Because line length is limited by OPENSSH_LINE_MAX (= 8192), - # we split each /24 into its own entry. - listToAttrs (map - (c: { - name = "github${toString c}"; - value = { - hostNames = ["github.com"] ++ - map (d: "192.30.${toString c}.${toString d}") (range 0 255); - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - }) - (range 252 255)) + { + github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "18.195.85.27" + "18.194.104.89" + "35.159.8.160" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; + } // mapAttrs (name: host: { From 2f3f0bbb315133e777a4b1f2e70bb7d38266eb79 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 13 Dec 2017 12:23:31 +0100 Subject: [PATCH 15/71] tv urlwatch: filter simple-evcorr through jq --- tv/2configs/urlwatch.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index b0e12625d..897def8c9 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -14,7 +14,10 @@ with import ; http://www.exim.org/ # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix - https://api.github.com/repos/simple-evcorr/sec/tags + { + url = https://api.github.com/repos/simple-evcorr/sec/tags; + filter = "system:${pkgs.jq}/bin/jq ."; + } # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix https://thp.io/2008/urlwatch/ From f3f61c85fd66f496bbaa850a6a01db2a79914ae6 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 13 Dec 2017 15:19:19 +0100 Subject: [PATCH 16/71] haskellPackages.nix-diff: 1.0.0 -> 1.0.0-krebs1 --- .../{nix-diff.nix => nix-diff/default.nix} | 5 ++++- .../5pkgs/haskell/nix-diff/nixos-system.patch | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) rename krebs/5pkgs/haskell/{nix-diff.nix => nix-diff/default.nix} (91%) create mode 100644 krebs/5pkgs/haskell/nix-diff/nixos-system.patch diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff/default.nix similarity index 91% rename from krebs/5pkgs/haskell/nix-diff.nix rename to krebs/5pkgs/haskell/nix-diff/default.nix index 2070dbd2e..df0315048 100644 --- a/krebs/5pkgs/haskell/nix-diff.nix +++ b/krebs/5pkgs/haskell/nix-diff/default.nix @@ -4,12 +4,15 @@ }: mkDerivation { pname = "nix-diff"; - version = "1.0.0"; + version = "1.0.0-krebs1"; src = fetchgit { url = "https://github.com/Gabriel439/nix-diff"; sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; }; + patches = [ + ./nixos-system.patch + ]; isLibrary = false; isExecutable = true; executableHaskellDepends = [ diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch new file mode 100644 index 000000000..03e186aa9 --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch @@ -0,0 +1,18 @@ +diff --git a/src/Main.hs b/src/Main.hs +index 959ab8e..d3b6077 100644 +--- a/src/Main.hs ++++ b/src/Main.hs +@@ -95,7 +95,12 @@ pathToText path = + underneath `/nix/store`, but this is the overwhelmingly common use case + -} + derivationName :: FilePath -> Text +-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText ++derivationName p = ++ if Data.Text.isPrefixOf "nixos-system" s ++ then "nixos-system" ++ else s ++ where ++ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p + + -- | Group input derivations by their name + groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text)) From 27dfb3c618003b54bd3525bf38cef7ac12a8be64 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 13 Dec 2017 15:34:47 +0100 Subject: [PATCH 17/71] tv urlwatch: add nix-diff --- tv/2configs/urlwatch.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 897def8c9..509257c48 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,6 +13,11 @@ with import ; http://www.exim.org/ + { + url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; + filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; + } + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix { url = https://api.github.com/repos/simple-evcorr/sec/tags; From 17860a36557ff31d589ad88d3f9aa98b81204d27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:20:44 +0100 Subject: [PATCH 18/71] l: ignore lidswitch only on x220 --- lass/2configs/baseX.nix | 4 ---- lass/2configs/hw/x220.nix | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 32a9f66cf..9712bafff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -112,10 +112,6 @@ in { xkbOptions = "caps:backspace"; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - services.urxvtd.enable = true; services.xresources.enable = true; lass.screenlock.enable = true; diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index bf7decc40..f5651da13 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -29,4 +29,9 @@ options = ["nosuid" "nodev" "noatime"]; }; }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } From e556f8a67c0e1840da041813585f9127d2015682 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:26:30 +0100 Subject: [PATCH 19/71] l br: fix scanner ip --- lass/2configs/br.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 35bac8fee..ad307c797 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -18,7 +18,7 @@ with import ; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.23.42.221"; + ip = "10.42.23.221"; }; }; }; From 0065b8306daf343d83379e2ea5ec461bcc933c91 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:26:49 +0100 Subject: [PATCH 20/71] l browsers: use devedition for ff --- lass/2configs/browsers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index a858d3fec..9459cfd6f 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -47,7 +47,7 @@ let createFirefoxUser = name: extraGroups: precedence: let bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ ''; in { users.extraUsers.${name} = { From 7aa1155d675186e09e663963368a1db2056aae27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:27:34 +0100 Subject: [PATCH 21/71] l dcso-dev: authorize lass-android --- lass/2configs/dcso-dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index b7fcc7aab..63702a77e 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -15,6 +15,7 @@ in { createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.lass-android.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" ]; From 7d08a64baff20c3dd62029825750f6f92bb3fd4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:27:55 +0100 Subject: [PATCH 22/71] l dcso-dev: add go to devs pkgs --- lass/2configs/dcso-dev.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index 63702a77e..2b91f91d6 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -43,6 +43,10 @@ in { }; }; + krebs.per-user.dev.packages = [ + pkgs.go + ]; + security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; From 7da08e8e1949c2d095b7ff48a45b68b853a7da54 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:29:15 +0100 Subject: [PATCH 23/71] l: add payeer@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 763633dd9..2d848773f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -48,6 +48,7 @@ with import ; { from = "tomtop@lassul.us"; to = lass.mail; } { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } + { from = "payeer@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From ca46531d1b11b5ece8acb482d40d8fd8d3b21908 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:29:40 +0100 Subject: [PATCH 24/71] l games: add df with tileset --- lass/2configs/games.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index d114a826d..6cea271c1 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,7 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress + (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 From 6d12698fe0d08b959ab92bc1a772ebd0b210bf86 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:30:04 +0100 Subject: [PATCH 25/71] l gpd-pocket: remove duplicate tlp --- lass/2configs/hw/gpd-pocket.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/hw/gpd-pocket.nix b/lass/2configs/hw/gpd-pocket.nix index 193c12c13..87b4c518b 100644 --- a/lass/2configs/hw/gpd-pocket.nix +++ b/lass/2configs/hw/gpd-pocket.nix @@ -16,7 +16,6 @@ in { boot.kernelParams = [ "fbcon=rotate:1" ]; - services.tlp.enable = true; services.xserver.displayManager.sessionCommands = '' (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output DSI1 --rotate right) (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1) From 337ae5f4890dade45b58a180b72d61c861a788eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:30:34 +0100 Subject: [PATCH 26/71] l lassul.us: fix acme --- lass/2configs/websites/lassulus.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 77f0c79e3..25ca1f455 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -153,15 +153,15 @@ in { }; security.acme.certs."cgit.lassul.us" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/acme-challenges"; + email = "lassulus@lassul.us"; + webroot = "/var/lib/acme/acme-challenge"; plugins = [ "account_key.json" - "key.pem" "fullchain.pem" + "key.pem" ]; group = "nginx"; - allowKeysForGroup = true; + user = "nginx"; }; @@ -170,6 +170,9 @@ in { addSSL = true; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; + locations."/.well-known/acme-challenge".extraConfig = '' + root /var/lib/acme/acme-challenge; + ''; }; users.users.blog = { From 7764589e876325201add9e907284335aa2d2f318 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:31:09 +0100 Subject: [PATCH 27/71] l screengrab: use display from config --- lass/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 5b668c88f..10df08e7f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -23,7 +23,7 @@ screengrab = pkgs.writeDashBin "screengrab" '' resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" - ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :0.0 -s $resolution -c:v huffyuv $1 + ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 ''; }; } From b2948a7b703a59f8a417a1b7eb74ba84f367212d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:31:55 +0100 Subject: [PATCH 28/71] l xmonad: add ewmh compliance --- lass/5pkgs/xmonad-lass.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 65bec117d..3f459999c 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -30,6 +30,7 @@ import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) @@ -59,7 +60,7 @@ main = getArgs >>= \case main' :: IO () main' = do - xmonad + xmonad $ ewmh $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm From dc7c042c6e6628465c6ab1fc48544c391ae31e44 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:32:38 +0100 Subject: [PATCH 29/71] l xmonad: simpleFloat -> simplestFloat --- lass/5pkgs/xmonad-lass.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 3f459999c..1629de3a2 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -40,10 +40,10 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) -import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown @@ -78,7 +78,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) ||| simpleFloat + defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) myKeyMap :: [([Char], X ())] myKeyMap = From 5e76c7944c4865eeebca8bdfeefe76235fed5623 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:37:13 +0100 Subject: [PATCH 30/71] l xmonad: add mute toggle button --- lass/5pkgs/xmonad-lass.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 1629de3a2..d3f76903d 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -87,6 +87,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + + , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") From 20f7a8273ce01d1a66fd73089696dd2b795bb3a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 18:51:27 +0100 Subject: [PATCH 31/71] l nixpkgs: b4a0c01 -> cb751f9 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index b60a6cb6c..710bfdf2d 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "b4a0c01"; + ref = "cb751f9"; }; secrets.file = getAttr builder { buildbot = toString ; From 04f7ae22d6d0720d06f78c712eb9cd245cefce82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Dec 2017 19:45:07 +0100 Subject: [PATCH 32/71] nixpkgs: 0c5a587 -> cb751f9 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 39a388e03..73e216900 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10 + ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13 }; } From bd63530db16dd3f90af51750d25d07cca1526aaa Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 13 Dec 2017 20:04:35 +0100 Subject: [PATCH 33/71] tv querel: add exfat-nofuse --- tv/1systems/querel/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index b564383d7..05b4d9133 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -11,6 +11,9 @@ with import ; krebs.build.host = config.krebs.hosts.querel; krebs.build.user = mkForce config.krebs.users.itak; + boot.extraModulePackages = [ + config.boot.kernelPackages.exfat-nofuse + ]; boot.initrd.availableKernelModules = [ "ahci" ]; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "xts" ]; From 7210ae20082c98a9c13b388507dee7a44fe08086 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 14 Dec 2017 13:25:09 +0100 Subject: [PATCH 34/71] krebs save-diskspace: noXlibs? no thanks! --- krebs/2configs/save-diskspace.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/2configs/save-diskspace.nix b/krebs/2configs/save-diskspace.nix index ab074c750..b1416a97a 100644 --- a/krebs/2configs/save-diskspace.nix +++ b/krebs/2configs/save-diskspace.nix @@ -1,7 +1,6 @@ {lib, ... }: # TODO: do not check out nixpkgs master but fetch revision from github { - environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = lib.mkDefault "03:10"; programs.info.enable = false; From 98e5141a8d43064daf6dc75fc9eefb9cb5bb29b7 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Thu, 14 Dec 2017 17:10:28 +0100 Subject: [PATCH 35/71] jeschli: +bln --- jeschli/1systems/bln/config.nix | 189 ++++++++ .../1systems/bln/hardware-configuration.nix | 34 ++ jeschli/1systems/bln/source.nix | 4 + jeschli/2configs/copy-vim.nix | 102 ---- jeschli/2configs/vim.nix | 451 ++++-------------- jeschli/source.nix | 2 +- krebs/3modules/default.nix | 3 +- krebs/3modules/jeschli/default.nix | 96 ++++ krebs/3modules/lass/default.nix | 39 -- 9 files changed, 411 insertions(+), 509 deletions(-) create mode 100644 jeschli/1systems/bln/config.nix create mode 100644 jeschli/1systems/bln/hardware-configuration.nix create mode 100644 jeschli/1systems/bln/source.nix delete mode 100644 jeschli/2configs/copy-vim.nix create mode 100644 krebs/3modules/jeschli/default.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix new file mode 100644 index 000000000..901970e81 --- /dev/null +++ b/jeschli/1systems/bln/config.nix @@ -0,0 +1,189 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + + ./hardware-configuration.nix + # ./dcso-vpn.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + boot.loader.grub.extraEntries = '' + menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { + search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 + linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro + initrd ($drive1)/initrd.img-4.9.0-4-amd64 + } + ''; + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; + preLVM = true; + allowDiscards = true; + } + ]; + + networking.hostName = "BLN02NB0154"; # Define your hostname. + networking.networkmanager.enable = true; + #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + hipchat + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + texlive.combined.scheme-full + pandoc + redis + # document viewer + zathura + ]; + + + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.bash.enableCompletion = true; + programs.vim.defaultEditor = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.xrandrHeads = [ + # { output = "eDP1"; } + # { output = "DP-2-2-8"; primary = true; } + # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } + # ]; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. +# services.xserver.displayManager.lightdm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# services.xserver.desktopManager.gnome3.enable = true; + # services.xserver.displayManager.gdm.enable = true; + services.xserver.displayManager.sddm.enable = true; + #services.xserver.desktopManager.plasma5.enable = true; +# services.xserver.displayManager.sessionCommands = '' +# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off +#''; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.markus = { + isNormalUser = true; + extraGroups = ["docker"]; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + + # Gogland Debugger workaround +# nixpkgs.config.packageOverrides = super: { +# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { +# postFixup = '' +# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" +# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv +# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv +# ''; +# }); +# }; + +# virtualisation.docker.enable = true; + + + # DCSO Certificates + security.pki.certificateFiles = [ + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + ]; + + hardware.bluetooth.enable = true; + krebs.build.host = config.krebs.hosts.bln; +} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix new file mode 100644 index 000000000..714162271 --- /dev/null +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; + fsType = "ext2"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix new file mode 100644 index 000000000..0864fd90c --- /dev/null +++ b/jeschli/1systems/bln/source.nix @@ -0,0 +1,4 @@ +import { + name = "bln"; + secure = true; +} diff --git a/jeschli/2configs/copy-vim.nix b/jeschli/2configs/copy-vim.nix deleted file mode 100644 index 43fcb1956..000000000 --- a/jeschli/2configs/copy-vim.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, pkgs, ... }: - - -# let -# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { -# name = "ultisnips"; -# src = pkgs.fetchFromGitHub { -# owner = "SirVer"; -# repo = "ultisnips"; -# rev = "3.1"; -# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; -# }; -# }; -# -let - customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { - name = "vim-javascript"; - src = pkgs.fetchFromGitHub { - owner = "pangloss"; - repo = "vim-javascript"; - rev = "1.2.5.1"; - sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; - }; - }; - customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { - name = "vim-jsx"; - src = pkgs.fetchFromGitHub { - owner = "mxw"; - repo = "vim-jsx"; - rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; - }; - }; -in { -# { - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - - vimrcConfig.customRC = '' - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - set autowrite - set number - set ruler - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif - ''; - - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai - # vim-nix handles indentation better but does not perform sanity - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode - { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } - { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } - { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } - ]; - - }) - ]; -} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index f6c736fbc..1a2231a86 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -1,373 +1,92 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: -with import ; let - out = { - environment.systemPackages = [ - (hiPrio vim) - pkgs.python35Packages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set mouse=a - set ruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set title - set titleold= - set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - let g:syntastic_python_flake8_post_args='--ignore=E501' - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - - " search with ack - let g:ackprg = 'ag --vimgrep' - cnoreabbrev Ack Ack! - - " copy/paste from/to xclipboard - noremap x "_x - set clipboard=unnamedplus - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.ack-vim - pkgs.vimPlugins.Gundo - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.vim-go - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchFromGitHub { - owner = "bogado"; - repo = "file-line"; - rev = "1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu + vimrcConfig.customRC = '' + set nocompatible - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) + :imap jk + :vmap v v + :map gr :GoRun + :nnoremap :bnext + :nnoremap + :map nf :NERDTreeToggle + set autowrite + set number + set ruler + set path+=** + set wildmenu + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="" + let g:UltiSnipsJumpForwardTrigger="" + let g:UltiSnipsJumpBackwardTrigger="" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + ]; + }) ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.symlinkJoin { - name = "vim"; - paths = [ - (pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - '') - pkgs.vim - ]; - }; - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - ''; -in -out +} diff --git a/jeschli/source.nix b/jeschli/source.nix index d5e14a8dc..d1b64b0ed 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -14,7 +14,7 @@ in }; secrets.file = getAttr builder { buildbot = toString ; - jeschli = "/home/jeschli/secrets/${name}"; + jeschli = "${getEnv "HOME"}/secrets/${name}"; }; stockholm.file = toString ; } diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7cf02cd8b..2a3a64a82 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -104,8 +104,9 @@ let }; imp = lib.mkMerge [ - { krebs = import ./lass { inherit config; }; } + { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } + { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } { krebs = import ./mv { inherit config; }; } { krebs = import ./nin { inherit config; }; } diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix new file mode 100644 index 000000000..2a3fe3cfd --- /dev/null +++ b/krebs/3modules/jeschli/default.nix @@ -0,0 +1,96 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.jeschli; + ci = true; + }) { + + bln = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.28"; + ip6.addr = "42::28"; + aliases = [ + "bln.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02 + BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8 + tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky + FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt + PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL + acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc + BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn + lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa + NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg + 2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg + H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM + 2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o + cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt + bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU + gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv + UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2 + 0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5 + fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl + B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58 + SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp + U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ + eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + users = { + jeschli = { + mail = "jeschli@gmail.com"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; + }; +} diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ecf549df9..6158882ec 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -535,45 +535,6 @@ with import ; }; }; }; - reagenzglas = { - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.27.27"; - ip6.addr = "42::27"; - aliases = [ - "reagenzglas.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P - bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 - utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO - 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 - hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u - mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW - 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 - aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw - pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu - 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ - lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 - +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz - 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli - PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 - ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn - GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE - hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 - ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX - vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe - G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 - 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x - Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; xerxes = { cores = 2; nets = rec { From 87015d32c913432b6505b7dad7b58b77408a0b32 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 14 Dec 2017 21:24:02 +0100 Subject: [PATCH 36/71] n nixpkgs: cfafd6f -> afe9649 --- nin/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/source.nix b/nin/source.nix index bbf88d804..ccf5e6acc 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "cfafd6f"; + ref = "afe9649"; }; } From 7d1d831b9763725496d441aee0d78de5f3fe010a Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 14 Dec 2017 21:56:31 +0100 Subject: [PATCH 37/71] nin 1 h config: delete skype --- nin/1systems/hiawatha/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index fdae354ff..57ec00a79 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -15,7 +15,6 @@ with lib; - ]; krebs.build.host = config.krebs.hosts.hiawatha; From 87ee0692a099561f23633d4f92dc3e64f82c4f03 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 14 Dec 2017 21:58:19 +0100 Subject: [PATCH 38/71] nin 2 git: change irc announce channel --- nin/2configs/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix index 6bdc857d8..2a8604689 100644 --- a/nin/2configs/git.nix +++ b/nin/2configs/git.nix @@ -40,8 +40,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; verbose = config.krebs.build.host.name == "onondaga"; # TODO define branches in some kind of option per repo branches = [ "master" ]; From 155bd9e0fbf4a6d6b75afeb307275edaad92faea Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 14 Dec 2017 22:34:28 +0100 Subject: [PATCH 39/71] nin 1 h config: add lmms --- nin/1systems/hiawatha/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index 57ec00a79..a09eed958 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -86,6 +86,7 @@ with lib; environment.systemPackages = with pkgs; [ firefox git + lmms networkmanagerapplet python steam From 939976b0cc1166f0a212b283cc1c8022a784b648 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Dec 2017 00:14:30 +0100 Subject: [PATCH 40/71] populate: 1.2.5 -> 2.0.0 --- krebs/5pkgs/simple/populate/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix index 78ee2f042..0880b1d38 100644 --- a/krebs/5pkgs/simple/populate/default.nix +++ b/krebs/5pkgs/simple/populate/default.nix @@ -1,24 +1,24 @@ -{ coreutils, fetchgit, git, jq, openssh, proot, rsync, stdenv, ... }: +{ coreutils, fetchgit, git, gnused, jq, openssh, rsync, stdenv, ... }: let PATH = stdenv.lib.makeBinPath [ coreutils git + gnused jq openssh - proot rsync ]; in stdenv.mkDerivation rec { name = "populate"; - version = "1.2.5"; + version = "2.0.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/populate; rev = "refs/tags/v${version}"; - sha256 = "10s4x117zp5whqq991xzw1i2jc1xhl580kx8hhzv8f1b4c9carx1"; + sha256 = "01cvrg3m2ypg59in1qlr3rd8yzpf002k6pzjls2qb68jwkyf0h2n"; }; phases = [ From 92a34559eebb73cd71e9aa8e11565f1a8f2cb437 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Dec 2017 03:29:00 +0100 Subject: [PATCH 41/71] populate: 2.0.0 -> 2.1.0 --- krebs/5pkgs/simple/populate/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix index 0880b1d38..62e3ab216 100644 --- a/krebs/5pkgs/simple/populate/default.nix +++ b/krebs/5pkgs/simple/populate/default.nix @@ -1,24 +1,27 @@ -{ coreutils, fetchgit, git, gnused, jq, openssh, rsync, stdenv, ... }: +{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv +}: let PATH = stdenv.lib.makeBinPath [ coreutils + findutils git gnused jq openssh + pass rsync ]; in stdenv.mkDerivation rec { name = "populate"; - version = "2.0.0"; + version = "2.1.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/populate; rev = "refs/tags/v${version}"; - sha256 = "01cvrg3m2ypg59in1qlr3rd8yzpf002k6pzjls2qb68jwkyf0h2n"; + sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh"; }; phases = [ From 51a30f41cff12fcddc7b3f488fa497d19a748570 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Dec 2017 03:33:43 +0100 Subject: [PATCH 42/71] types.source: add pass type --- lib/types.nix | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/types.nix b/lib/types.nix index c3b14d807..b85794925 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -231,7 +231,12 @@ rec { source = submodule ({ config, ... }: { options = { type = let - types = ["file" "git" "symlink"]; + types = [ + "file" + "git" + "pass" + "symlink" + ]; in mkOption { type = enum types; default = let @@ -255,6 +260,10 @@ rec { type = nullOr git-source; default = null; }; + pass = mkOption { + type = nullOr pass-source; + default = null; + }; symlink = let symlink-target = (symlink-source.getSubOptions "FIXME").target.type; in mkOption { @@ -287,6 +296,17 @@ rec { }; }; + pass-source = submodule { + options = { + dir = mkOption { + type = absolute-pathname; + }; + name = mkOption { + type = pathname; # TODO relative-pathname + }; + }; + }; + symlink-source = submodule { options = { target = mkOption { From 7f10d9526c3418197e198578eb5c4d8e7eadfc2e Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Dec 2017 03:36:30 +0100 Subject: [PATCH 43/71] krebs secrets: use brain --- krebs/source.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/krebs/source.nix b/krebs/source.nix index 73e216900..8fbdce284 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -7,9 +7,12 @@ host@{ name, secure ? false }: let in evalSource (toString _file) { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - krebs = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + secrets = getAttr builder { + buildbot.file = toString ; + krebs.pass = { + dir = "${getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; }; stockholm.file = toString ; nixpkgs.git = { From f74da2f940f02c7fcd8f722440ad3d9cafca3def Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 10:04:04 +0100 Subject: [PATCH 44/71] l xserver: fix desktopMangaer --- lass/3modules/xserver/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix index 462c6deef..92061c753 100644 --- a/lass/3modules/xserver/default.nix +++ b/lass/3modules/xserver/default.nix @@ -17,10 +17,6 @@ let imp = { services.xserver = { - # Don't install feh into systemPackages - # refs - desktopManager.session = mkForce []; - enable = true; display = 11; tty = 11; From baed728043f4897cbb8ba416d532ff2911518d21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 11:22:57 +0100 Subject: [PATCH 45/71] l hw: add broadcom driver data --- lass/2configs/hw/brcmfmac4356-pcie.txt | 125 +++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 lass/2configs/hw/brcmfmac4356-pcie.txt diff --git a/lass/2configs/hw/brcmfmac4356-pcie.txt b/lass/2configs/hw/brcmfmac4356-pcie.txt new file mode 100644 index 000000000..7a7ee45a6 --- /dev/null +++ b/lass/2configs/hw/brcmfmac4356-pcie.txt @@ -0,0 +1,125 @@ +# Sample variables file for BCM94356Z NGFF 22x30mm iPA, iLNA board with PCIe for production package +NVRAMRev=$Rev: 492104 $ +#4356 chip = 4354 A2 chip +sromrev=11 +boardrev=0x1102 +boardtype=0x073e +boardflags=0x02400201 +#0x2000 enable 2G spur WAR +boardflags2=0x00802000 +boardflags3=0x0000000a +#boardflags3 0x00000100 /* to read swctrlmap from nvram*/ +#define BFL3_5G_SPUR_WAR 0x00080000 /* enable spur WAR in 5G band */ +#define BFL3_AvVim 0x40000000 /* load AvVim from nvram */ +macaddr=00:90:4c:1a:10:01 +ccode=0x5854 +regrev=205 +antswitch=0 +pdgain5g=4 +pdgain2g=4 +tworangetssi2g=0 +tworangetssi5g=0 +paprdis=0 +femctrl=10 +vendid=0x14e4 +devid=0x43ec +manfid=0x2d0 +#prodid=0x052e +nocrc=1 +otpimagesize=502 +xtalfreq=37400 +rxgains2gelnagaina0=0 +rxgains2gtrisoa0=7 +rxgains2gtrelnabypa0=0 +rxgains5gelnagaina0=0 +rxgains5gtrisoa0=11 +rxgains5gtrelnabypa0=0 +rxgains5gmelnagaina0=0 +rxgains5gmtrisoa0=13 +rxgains5gmtrelnabypa0=0 +rxgains5ghelnagaina0=0 +rxgains5ghtrisoa0=12 +rxgains5ghtrelnabypa0=0 +rxgains2gelnagaina1=0 +rxgains2gtrisoa1=7 +rxgains2gtrelnabypa1=0 +rxgains5gelnagaina1=0 +rxgains5gtrisoa1=10 +rxgains5gtrelnabypa1=0 +rxgains5gmelnagaina1=0 +rxgains5gmtrisoa1=11 +rxgains5gmtrelnabypa1=0 +rxgains5ghelnagaina1=0 +rxgains5ghtrisoa1=11 +rxgains5ghtrelnabypa1=0 +rxchain=3 +txchain=3 +aa2g=3 +aa5g=3 +agbg0=2 +agbg1=2 +aga0=2 +aga1=2 +tssipos2g=1 +extpagain2g=2 +tssipos5g=1 +extpagain5g=2 +tempthresh=255 +tempoffset=255 +rawtempsense=0x1ff +pa2ga0=-147,6192,-705 +pa2ga1=-161,6041,-701 +pa5ga0=-194,6069,-739,-188,6137,-743,-185,5931,-725,-171,5898,-715 +pa5ga1=-190,6248,-757,-190,6275,-759,-190,6225,-757,-184,6131,-746 +subband5gver=0x4 +pdoffsetcckma0=0x4 +pdoffsetcckma1=0x4 +pdoffset40ma0=0x0000 +pdoffset80ma0=0x0000 +pdoffset40ma1=0x0000 +pdoffset80ma1=0x0000 +maxp2ga0=76 +maxp5ga0=74,74,74,74 +maxp2ga1=76 +maxp5ga1=74,74,74,74 +cckbw202gpo=0x0000 +cckbw20ul2gpo=0x0000 +mcsbw202gpo=0x99644422 +mcsbw402gpo=0x99644422 +dot11agofdmhrbw202gpo=0x6666 +ofdmlrbw202gpo=0x0022 +mcsbw205glpo=0x88766663 +mcsbw405glpo=0x88666663 +mcsbw805glpo=0xbb666665 +mcsbw205gmpo=0xd8666663 +mcsbw405gmpo=0x88666663 +mcsbw805gmpo=0xcc666665 +mcsbw205ghpo=0xdc666663 +mcsbw405ghpo=0xaa666663 +mcsbw805ghpo=0xdd666665 +mcslr5glpo=0x0000 +mcslr5gmpo=0x0000 +mcslr5ghpo=0x0000 +sb20in40hrpo=0x0 +sb20in80and160hr5glpo=0x0 +sb40and80hr5glpo=0x0 +sb20in80and160hr5gmpo=0x0 +sb40and80hr5gmpo=0x0 +sb20in80and160hr5ghpo=0x0 +sb40and80hr5ghpo=0x0 +sb20in40lrpo=0x0 +sb20in80and160lr5glpo=0x0 +sb40and80lr5glpo=0x0 +sb20in80and160lr5gmpo=0x0 +sb40and80lr5gmpo=0x0 +sb20in80and160lr5ghpo=0x0 +sb40and80lr5ghpo=0x0 +dot11agduphrpo=0x0 +dot11agduplrpo=0x0 +phycal_tempdelta=255 +temps_period=15 +temps_hysteresis=15 +rssicorrnorm_c0=4,4 +rssicorrnorm_c1=4,4 +rssicorrnorm5g_c0=1,2,3,1,2,3,6,6,8,6,6,8 +rssicorrnorm5g_c1=1,2,3,2,2,2,7,7,8,7,7,8 From 089fe59b4ad8585ade026eaa5809631410c1934a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 13:17:01 +0100 Subject: [PATCH 46/71] jeschli: add vim.nix --- jeschli/2configs/copy-vim.nix | 102 -------- jeschli/2configs/vim.nix | 451 +++++++--------------------------- 2 files changed, 85 insertions(+), 468 deletions(-) delete mode 100644 jeschli/2configs/copy-vim.nix diff --git a/jeschli/2configs/copy-vim.nix b/jeschli/2configs/copy-vim.nix deleted file mode 100644 index 43fcb1956..000000000 --- a/jeschli/2configs/copy-vim.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, pkgs, ... }: - - -# let -# customPlugins.ultisnips = pkgs.vimUtils.buildVimPlugin { -# name = "ultisnips"; -# src = pkgs.fetchFromGitHub { -# owner = "SirVer"; -# repo = "ultisnips"; -# rev = "3.1"; -# sha256 = "0p9d91h9pm0nx0d77lqsgv6158q052cyj4nm1rd6zvbay9bkkf8b"; -# }; -# }; -# -let - customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { - name = "vim-javascript"; - src = pkgs.fetchFromGitHub { - owner = "pangloss"; - repo = "vim-javascript"; - rev = "1.2.5.1"; - sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; - }; - }; - customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { - name = "vim-jsx"; - src = pkgs.fetchFromGitHub { - owner = "mxw"; - repo = "vim-jsx"; - rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; - }; - }; -in { -# { - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - - vimrcConfig.customRC = '' - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - set autowrite - set number - set ruler - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif - ''; - - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" ]; } # wanted: fatih/molokai - # vim-nix handles indentation better but does not perform sanity - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode - { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } - { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } - { names = [ "UltiSnips" ]; ft_regex = "^go\$"; } - ]; - - }) - ]; -} diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index f6c736fbc..1a2231a86 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -1,373 +1,92 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: -with import ; let - out = { - environment.systemPackages = [ - (hiPrio vim) - pkgs.python35Packages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; + customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { + name = "vim-javascript"; + src = pkgs.fetchFromGitHub { + owner = "pangloss"; + repo = "vim-javascript"; + rev = "1.2.5.1"; + sha256 = "08l7ricd3j5h2bj9i566byh39v9n5wj5mj75f2c8a5dsc732b2k7"; + }; }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set mouse=a - set ruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set title - set titleold= - set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - let g:syntastic_python_flake8_post_args='--ignore=E501' - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - - " search with ack - let g:ackprg = 'ag --vimgrep' - cnoreabbrev Ack Ack! - - " copy/paste from/to xclipboard - noremap x "_x - set clipboard=unnamedplus - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.ack-vim - pkgs.vimPlugins.Gundo - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.vim-go - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchFromGitHub { - owner = "bogado"; - repo = "file-line"; - rev = "1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + customPlugins.vim-jsx = pkgs.vimUtils.buildVimPlugin { + name = "vim-jsx"; + src = pkgs.fetchFromGitHub { + owner = "mxw"; + repo = "vim-jsx"; + rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + }; + }; +in { +# { + environment.systemPackages = [ + (pkgs.vim_configurable.customize { name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu + vimrcConfig.customRC = '' + set nocompatible - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) + :imap jk + :vmap v v + :map gr :GoRun + :nnoremap :bnext + :nnoremap + :map nf :NERDTreeToggle + set autowrite + set number + set ruler + set path+=** + set wildmenu + + noremap x "_x + set clipboard=unnamedplus + + let g:jsx_ext_required = 0 + + let g:go_list_type = "quickfix" + let g:go_test_timeout = '10s' + let g:go_fmt_command = "goimports" + let g:go_snippet_case_type = "camelcase" + let g:go_highlight_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_extra_types = 1 + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + let g:rehash256 = 1 + let g:molokai_original = 1 + colorscheme molokai + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_metalinter_autosave = 1 + " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] + " let g:go_def_mode = 'godef' + " let g:go_decls_includes = "func,type" + + + " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. + let g:UltiSnipsExpandTrigger="" + let g:UltiSnipsJumpForwardTrigger="" + let g:UltiSnipsJumpBackwardTrigger="" + + " If you want :UltiSnipsEdit to split your window. + let g:UltiSnipsEditSplit="vertical" + + if has('persistent_undo') "check if your vim version supports it + set undofile "turn on the feature + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + endif + ''; + + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode + { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } + { names = [ "vim-jsx" ]; ft_regex = "^js\$"; } + ]; + }) ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.symlinkJoin { - name = "vim"; - paths = [ - (pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - '') - pkgs.vim - ]; - }; - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - ''; -in -out +} From 0eb9ecae194cea2f59d6b3682b67f2996d2a91ac Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 13:17:46 +0100 Subject: [PATCH 47/71] jeschli: secrets are in $HOME --- jeschli/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/source.nix b/jeschli/source.nix index d5e14a8dc..d1b64b0ed 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -14,7 +14,7 @@ in }; secrets.file = getAttr builder { buildbot = toString ; - jeschli = "/home/jeschli/secrets/${name}"; + jeschli = "${getEnv "HOME"}/secrets/${name}"; }; stockholm.file = toString ; } From 26649867485a590515bc2d09a4a25ea2e6a504d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 13:33:48 +0100 Subject: [PATCH 48/71] jeschli: add bln --- jeschli/1systems/bln/config.nix | 189 ++++++++++++++++++ .../1systems/bln/hardware-configuration.nix | 34 ++++ jeschli/1systems/bln/source.nix | 4 + 3 files changed, 227 insertions(+) create mode 100644 jeschli/1systems/bln/config.nix create mode 100644 jeschli/1systems/bln/hardware-configuration.nix create mode 100644 jeschli/1systems/bln/source.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix new file mode 100644 index 000000000..901970e81 --- /dev/null +++ b/jeschli/1systems/bln/config.nix @@ -0,0 +1,189 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + + ./hardware-configuration.nix + # ./dcso-vpn.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + boot.loader.grub.extraEntries = '' + menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { + search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 + linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro + initrd ($drive1)/initrd.img-4.9.0-4-amd64 + } + ''; + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; + preLVM = true; + allowDiscards = true; + } + ]; + + networking.hostName = "BLN02NB0154"; # Define your hostname. + networking.networkmanager.enable = true; + #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.shellAliases = { n = "nix-shell"; }; + environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; + environment.systemPackages = with pkgs; [ + # system helper + ag + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + rxvt_unicode + # editors + emacs + # internet + thunderbird + hipchat + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + texlive.combined.scheme-full + pandoc + redis + # document viewer + zathura + ]; + + + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.bash.enableCompletion = true; + programs.vim.defaultEditor = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.xrandrHeads = [ + # { output = "eDP1"; } + # { output = "DP-2-2-8"; primary = true; } + # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } + # ]; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. +# services.xserver.displayManager.lightdm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# services.xserver.desktopManager.gnome3.enable = true; + # services.xserver.displayManager.gdm.enable = true; + services.xserver.displayManager.sddm.enable = true; + #services.xserver.desktopManager.plasma5.enable = true; +# services.xserver.displayManager.sessionCommands = '' +# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off +#''; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.markus = { + isNormalUser = true; + extraGroups = ["docker"]; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + + # Gogland Debugger workaround +# nixpkgs.config.packageOverrides = super: { +# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { +# postFixup = '' +# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" +# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv +# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv +# ''; +# }); +# }; + +# virtualisation.docker.enable = true; + + + # DCSO Certificates + security.pki.certificateFiles = [ + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + ]; + + hardware.bluetooth.enable = true; + krebs.build.host = config.krebs.hosts.bln; +} diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix new file mode 100644 index 000000000..714162271 --- /dev/null +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; + fsType = "ext2"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix new file mode 100644 index 000000000..0864fd90c --- /dev/null +++ b/jeschli/1systems/bln/source.nix @@ -0,0 +1,4 @@ +import { + name = "bln"; + secure = true; +} From b0da81e28a87a9a58ad576f2fa5615cb646ae0e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 13:32:32 +0100 Subject: [PATCH 49/71] add jeschli/default.nix (and move stuff from lass/) --- krebs/3modules/default.nix | 3 +- krebs/3modules/jeschli/default.nix | 99 ++++++++++++++++++++++++++++++ krebs/3modules/lass/default.nix | 42 ------------- 3 files changed, 101 insertions(+), 43 deletions(-) create mode 100644 krebs/3modules/jeschli/default.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index caeef2885..7a3c8ba4a 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -104,8 +104,9 @@ let }; imp = lib.mkMerge [ - { krebs = import ./lass { inherit config; }; } + { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } + { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } { krebs = import ./mv { inherit config; }; } { krebs = import ./nin { inherit config; }; } diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix new file mode 100644 index 000000000..be2af88c1 --- /dev/null +++ b/krebs/3modules/jeschli/default.nix @@ -0,0 +1,99 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.jeschli; + ci = true; + }) { + + bln = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.28"; + ip6.addr = "42::28"; + aliases = [ + "bln.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02 + BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8 + tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky + FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt + PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL + acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc + BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn + lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa + NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg + 2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg + H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM + 2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o + cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt + bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU + gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv + UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2 + 0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5 + fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl + B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58 + SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp + U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ + eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + users = { + jeschli = { + mail = "jeschli@gmail.com"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; + jeschli-bln = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"; + }; + }; +} diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ecf549df9..ba6d85e7a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -535,45 +535,6 @@ with import ; }; }; }; - reagenzglas = { - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.27.27"; - ip6.addr = "42::27"; - aliases = [ - "reagenzglas.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P - bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 - utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO - 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 - hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u - mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW - 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 - aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw - pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu - 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ - lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 - +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz - 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli - PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 - ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn - GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE - hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 - ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX - vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe - G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 - 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x - Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; xerxes = { cores = 2; nets = rec { @@ -667,8 +628,5 @@ with import ; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "joerg@higgsboson.tk"; }; - jeschli = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; - }; }; } From 42ed99d28a49ddfd64e2c862a79275852425b030 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 13:59:49 +0100 Subject: [PATCH 50/71] jeschli: enable ci & disable external --- krebs/3modules/jeschli/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index be2af88c1..191bd2b04 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -9,8 +9,6 @@ with import ; }) { bln = { - ci = false; - external = true; nets = { retiolum = { ip4.addr = "10.243.27.28"; @@ -48,8 +46,6 @@ with import ; }; }; reagenzglas = { - ci = false; - external = true; nets = { retiolum = { ip4.addr = "10.243.27.27"; From 6b17d9d28cb24d9c5e17d1cf58cb4976a15a1a2b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 14:17:01 +0100 Subject: [PATCH 51/71] jeschli: add empty dummy-secrets --- jeschli/2configs/tests/dummy-secrets/empty | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 jeschli/2configs/tests/dummy-secrets/empty diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty new file mode 100644 index 000000000..e69de29bb From ccf5161e7b6481c2eecccdafca07bd3640a2a3d9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 18:27:00 +0100 Subject: [PATCH 52/71] jeschli: add brauerei.r --- jeschli/1systems/brauerei/config.nix | 99 +++++++++++++++++++ .../brauerei/hardware-configuration.nix | 33 +++++++ jeschli/1systems/brauerei/source.nix | 4 + krebs/3modules/jeschli/default.nix | 38 ++++++- 4 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 jeschli/1systems/brauerei/config.nix create mode 100644 jeschli/1systems/brauerei/hardware-configuration.nix create mode 100644 jeschli/1systems/brauerei/source.nix diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix new file mode 100644 index 000000000..9988fc22a --- /dev/null +++ b/jeschli/1systems/brauerei/config.nix @@ -0,0 +1,99 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/sda2"; + preLVM = true; + allowDiscards = true; + } + ]; + + # networking.hostName = "nixos"; # Define your hostname. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = with pkgs; [ + vim + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.03"; # Did you read the comment? + +} diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix new file mode 100644 index 000000000..75fdb89fd --- /dev/null +++ b/jeschli/1systems/brauerei/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/42BF-0795"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; +} diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix new file mode 100644 index 000000000..61978768e --- /dev/null +++ b/jeschli/1systems/brauerei/source.nix @@ -0,0 +1,4 @@ +import { + name = "brauerei"; + secure = true; +} diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 191bd2b04..bc821f296 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -7,7 +7,6 @@ with import ; owner = config.krebs.users.jeschli; ci = true; }) { - bln = { nets = { retiolum = { @@ -45,6 +44,43 @@ with import ; }; }; }; + brauerei = { + nets = { + retiolum = { + ip4.addr = "10.243.27.29"; + ip6.addr = "42::29"; + aliases = [ + "brauerei.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAvC4AjkAoH01sKDXE3xVM2YUpPQ9iewIPQCCCSWYZQh2BWOfl+FFs + pW3ix5FjAzTxzkIf5NxW0usff8UTkFHB+sGZLZ9DPqvb8AM4GJsvXR06LORHtBlo + Vt/g1sndD3i3NXn5IJ2G4mZDImQjI3vuTkPyFQsR5LRAaPQgIORHBtN/X1UEVMRq + gThUeMb1kZ/y4AmUx0pepQYmAcYf0cN/7r9n68dWJCZ7DWX3q49bIz4TPG519IQp + KzoCtdXImKl6cFDepa2pRmIW4SPaDXztHDmXoJA1NBfdDOMOW67FUjzhcwZS9usM + q9x/1Tph63PJy4Vc0jsJnY29WrInx/nVAb22QuTOXQ9SfBNoOATYoFoVmY+yw1FX + 67y3bRbq8lQk1y3F2vZVYxQ52WiYLmtNtuzUMZHErL7VgFIEfQKoO2Oa/WZXdgSJ + Asmn67NSicc5QNI4rBUthju1JDuM/3ja0yCXh7trDCmPxKd94KzxMlq9VA6S2f/Q + uke3VnXEDqOWOZdcon5DnRTT1y4xjk1XHuO/9tVDcrL7x1unkdGL9BNMU6opJiLm + batAtKQ/7EJrlgIxYpEQyCNAjj0dEn0BgNZNqQSKkeGe6giVMuHtnXeTYMEraDas + DWxHmGOvYWrs3tZdELkB/h/y7DdijOabS4AlLOljKHiacw8e0D7p9qeIU2EwRaXD + ebPYaAIIWn1FU1aCYpvF4YJYbdNJZg6aKpoWNz86ZjO9t3GBkf612xB7fRO9mbTg + Ww2Hl6lir0rnlo7P9M1xhQqmZ0phaUjkqYRCaTOW1kC5ACpJJ/Jrq0oyplHVBY8Y + IvzPDA4nu/YOpyhQjlQwcVt62NgW0CZdwp3ZnMMoy7akgEo71bjoHbRxAeWy5oRB + 5CgGvQAB+qdf97XjZ5RggWQ2rglkCn49X4fXN6r4zuaIji1VVFTEZGRNsi0vt1YC + Eedz68auu1ZDO1qwNcX00n94E09B05DQBjE/6SAX6wBCY/BwUtzdQ9JnyfHNSl8i + dmHBPLssB9Dku4U0mo+LLer+bf6fiR7r5gp/KRuY/tMGFahprZRfWFtyO2Pg1cYI + HCdmDmSlbFq3EJmBl0egbU8Ym1m6t4EvPcoTxwy3ljZWybHlhm4wvhGcA/2bDRZA + jcXSL3G7buBOf8WJNYnMXCtPEyIYUdRyNvz3EUfvmbzZDhHd/bc0pJRrrtI7HqoF + +g67gCrtXx6i9PD0LSDJ1jExMZcmU1+DPg0dzDEmLHvW+HW538/HXGJ8FsunWBwD + /8wsQfoqAwlBSucLHDDrYVvfSp0+TLzg/HDMhNkcN7d5hm3syrI+IN4gEEjYeZIO + g7fjR1X7g5FGCDQnRA/dzNsZVnk6UFpCRwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; reagenzglas = { nets = { retiolum = { From 5b86fe1cd63a5c4cf5a83b7afabe5be34016e8a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 19:55:02 +0100 Subject: [PATCH 53/71] services.xresources -> krebs.xresources --- krebs/3modules/default.nix | 1 + {lass => krebs}/3modules/xresources.nix | 0 lass/2configs/baseX.nix | 4 ++-- lass/2configs/urxvt.nix | 2 +- lass/3modules/default.nix | 1 - lass/3modules/xserver/default.nix | 2 +- 6 files changed, 5 insertions(+), 5 deletions(-) rename {lass => krebs}/3modules/xresources.nix (100%) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7a3c8ba4a..9c343309a 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -44,6 +44,7 @@ let ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix + ./xresources.nix ./zones.nix ]; options.krebs = api; diff --git a/lass/3modules/xresources.nix b/krebs/3modules/xresources.nix similarity index 100% rename from lass/3modules/xresources.nix rename to krebs/3modules/xresources.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9712bafff..0ff47407a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -41,7 +41,7 @@ in { default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; }; - config.services.xresources.resources.X = '' + config.krebs.xresources.resources.X = '' *.font: ${config.lass.fonts.regular} *.boldFont: ${config.lass.fonts.bold} *.italicFont: ${config.lass.fonts.italic} @@ -113,6 +113,6 @@ in { }; services.urxvtd.enable = true; - services.xresources.enable = true; + krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index ee50b3381..fc4537140 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -4,7 +4,7 @@ with import ; { services.urxvtd.enable = true; - services.xresources.resources.urxvt = '' + krebs.xresources.resources.urxvt = '' URxvt*SaveLines: 4096 URxvt*scrollBar: false URxvt*urgentOnBell: true diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 81b52c306..fd77b2262 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -12,6 +12,5 @@ _: ./umts.nix ./usershadow.nix ./xserver - ./xresources.nix ]; } diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix index 92061c753..d16f89f45 100644 --- a/lass/3modules/xserver/default.nix +++ b/lass/3modules/xserver/default.nix @@ -76,7 +76,7 @@ let ]; }; }; - services.xresources.resources.dpi = '' + krebs.xresources.resources.dpi = '' ${optionalString (xcfg.dpi != null) "Xft.dpi: ${toString xcfg.dpi}"} ''; systemd.services.urxvtd = { From ac9755964e096779b96aee9b00e1fb25aedff38f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 20:05:06 +0100 Subject: [PATCH 54/71] xresources: fix api name --- krebs/3modules/xresources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/xresources.nix b/krebs/3modules/xresources.nix index 017dbff2b..b2d38b972 100644 --- a/krebs/3modules/xresources.nix +++ b/krebs/3modules/xresources.nix @@ -17,7 +17,7 @@ in { options = { - services.xresources.enable = mkOption { + krebs.xresources.enable = mkOption { type = types.bool; default = false; description = '' @@ -25,7 +25,7 @@ in ''; }; - services.xresources.resources = mkOption { + krebs.xresources.resources = mkOption { default = {}; type = types.attrsOf types.str; example = { @@ -42,7 +42,7 @@ in config = let - cfg = config.services.xresources; + cfg = config.krebs.xresources; xres = writeText "xresources" (concatStringsSep "\n" (attrValues cfg.resources)); in mkIf cfg.enable { From ddf7c81f90434238ee4697471f82232782665393 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 15 Dec 2017 20:08:06 +0100 Subject: [PATCH 55/71] jeschli:+urxvt --- jeschli/2configs/urxvt.nix | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 jeschli/2configs/urxvt.nix diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix new file mode 100644 index 000000000..482153e7a --- /dev/null +++ b/jeschli/2configs/urxvt.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: +with import ; + +{ + services.urxvtd.enable = true; + + krebs.xresources.resources.urxvt = '' + *foreground: rgb:a8/a8/a8 + *background: rgb:00/00/00 + *faceName: DejaVu Sans Mono + *faceSize: 12 + *color0: rgb:00/00/00 + *color1: rgb:a8/00/00 + *color2: rgb:00/a8/00 + *color3: rgb:a8/54/00 + *color4: rgb:00/00/a8 + *color5: rgb:a8/00/a8 + *color6: rgb:00/a8/a8 + *color7: rgb:a8/a8/a8 + *color8: rgb:54/54/54 + *color9: rgb:fc/54/54 + *color10: rgb:54/fc/54 + *color11: rgb:fc/fc/54 + *color12: rgb:54/54/fc + *color13: rgb:fc/54/fc + *color14: rgb:54/fc/fc + *color15: rgb:fc/fc/fc + + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: xft:DejaVu Sans Mono:pixelsize=22 + URXvt*faceSize: 12 + ''; +} From e500da85e96c1fa25e0b1717a1e0402de591a0e8 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 15 Dec 2017 20:23:01 +0100 Subject: [PATCH 56/71] jeschli:+brauerei --- krebs/3modules/jeschli/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index bc821f296..0d161e1c8 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -127,5 +127,8 @@ with import ; jeschli-bln = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"; }; + jeschli-brauerei = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"; + }; }; } From 1ff6397b25777c803f03acac290ad1627ca1e30d Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 15 Dec 2017 20:43:04 +0100 Subject: [PATCH 57/71] jeschli brauerei.r: bootstrap --- jeschli/1systems/brauerei/config.nix | 98 ++++++++++++++++++---------- 1 file changed, 62 insertions(+), 36 deletions(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 9988fc22a..791c6a954 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -1,58 +1,81 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: - { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + imports = [ + + ./hardware-configuration.nix + + ]; + krebs.build.host = config.krebs.hosts.brauerei; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/sda2"; - preLVM = true; - allowDiscards = true; - } - ]; - - # networking.hostName = "nixos"; # Define your hostname. - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - + boot.loader.grub.device = "/dev/sda"; + # or "nodev" for efi only + boot.initrd.luks.devices = [ { + name = "root"; + device = "/dev/sda2"; + preLVM = true; + allowDiscards = true; + } ]; + # networking.hostName = "nixos"; + # Define your hostname. + networking.wireless.enable = true; + # Enables wireless support via wpa_supplicant. # Select internationalisation properties. # i18n = { # consoleFont = "Lat2-Terminus16"; # consoleKeyMap = "us"; # defaultLocale = "en_US.UTF-8"; # }; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget + # Set your time zone. # + time.timeZone = "Europe/Amsterdam"; + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ - vim + # system helper + ag + curl + copyq + dmenu git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + # rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + # document viewer + zathura ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.bash.enableCompletion = true; # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: @@ -69,7 +92,7 @@ # services.printing.enable = true; # Enable the X11 windowing system. - # services.xserver.enable = true; + services.xserver.enable = true; # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; @@ -79,7 +102,10 @@ # Enable the KDE Desktop Environment. # services.xserver.displayManager.sddm.enable = true; # services.xserver.desktopManager.plasma5.enable = true; - + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; +# # Define a user account. Don't forget to set a password with ‘passwd’. users.extraUsers.jeschli = { isNormalUser = true; @@ -94,6 +120,6 @@ # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. - system.stateVersion = "18.03"; # Did you read the comment? + system.stateVersion = "17.09"; # Did you read the comment? } From 77bd5f270a2ad6a8fff8973b822b44c51698b920 Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 15 Dec 2017 20:44:05 +0100 Subject: [PATCH 58/71] jeschli urxvt: enable xressources --- jeschli/2configs/urxvt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix index 482153e7a..d276933b2 100644 --- a/jeschli/2configs/urxvt.nix +++ b/jeschli/2configs/urxvt.nix @@ -3,7 +3,7 @@ with import ; { services.urxvtd.enable = true; - + krebs.xresources.enable = true; krebs.xresources.resources.urxvt = '' *foreground: rgb:a8/a8/a8 *background: rgb:00/00/00 From 2ada22a8b258e8f373d587dcceffac7c956e36ac Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 15 Dec 2017 20:44:26 +0100 Subject: [PATCH 59/71] jeschli: add jeschli-brauerei user --- krebs/3modules/jeschli/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index bc821f296..0d161e1c8 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -127,5 +127,8 @@ with import ; jeschli-bln = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"; }; + jeschli-brauerei = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"; + }; }; } From df0699de0a718cdd8b98753b80f58e76e1e7eb2a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 21:30:33 +0100 Subject: [PATCH 60/71] l prism.r: enable git for all jeschlis --- lass/1systems/prism/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 87270b8b8..a318ce412 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -290,7 +290,11 @@ in { { krebs.git.rules = [ { - user = [ config.krebs.users.jeschli ]; + user = with config.krebs.users; [ + jeschli + jeschli-bln + jeschli-brauerei + ]; repo = [ config.krebs.git.repos.stockholm ]; perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; } From 9ba0b86a7b7ce6fa6d6b5976f2c6778324a4ee02 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 21:31:23 +0100 Subject: [PATCH 61/71] l helios.r: add /tmp --- lass/1systems/helios/config.nix | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index b14ef2a3e..03a065d9c 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -20,20 +20,26 @@ with import ; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "btrfs"; - }; + fileSystems."/" = { + device = "/dev/pool/root"; + fsType = "btrfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; - fileSystems."/home" = - { device = "/dev/pool/home"; - fsType = "btrfs"; - }; + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; nix.maxJobs = lib.mkDefault 8; } From 9f152f2134ea0f48e9ba7db9d1d16773f26fabcd Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 21:32:02 +0100 Subject: [PATCH 62/71] l dcso-dev: add rob --- lass/2configs/dcso-dev.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index 2b91f91d6..cbf853d64 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -16,8 +16,9 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-android.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de" + config.krebs.users.jeschli-bln.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB" ]; packages = with pkgs; [ emacs25-nox From b0a14795b53588788361d34faea13a8a41be018c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Dec 2017 21:33:56 +0100 Subject: [PATCH 63/71] l domsen: cleanup websites --- lass/2configs/websites/domsen.nix | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 6fbd4d0df..9ece2af77 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,15 +26,6 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ - "karlaskop.de" - "www.karlaskop.de" - ]) - (servePage [ "makeup.apanowicz.de" ]) - (servePage [ - "pixelpocket.de" - "www.pixelpocket.de" - ]) (servePage [ "habsys.de" "habsys.eu" @@ -48,22 +39,18 @@ in { "nirwanabluete.de" "aldonasiech.com" "ubikmedia.eu" - "facts.cloud" "youthtube.xyz" - "illucloud.eu" - "illucloud.de" - "illucloud.com" "joemisch.com" + "weirdwednesday.de" + "www.apanowicz.de" "www.nirwanabluete.de" "www.aldonasiech.com" "www.ubikmedia.eu" - "www.facts.cloud" "www.youthtube.xyz" - "www.illucloud.eu" - "www.illucloud.de" - "www.illucloud.com" "www.ubikmedia.de" + "www.weirdwednesday.de" + "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" "cinevita.ubikmedia.de" @@ -74,8 +61,6 @@ in { "nb.ubikmedia.de" "youthtube.ubikmedia.de" "weirdwednesday.ubikmedia.de" - "weirdwednesday.de" - "www.weirdwednesday.de" "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" ]) From bd93879ed249f535518e6d1af9d2fd1d74118d76 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 16 Dec 2017 15:58:35 +0100 Subject: [PATCH 64/71] jeschli brauerei: +jetbrains --- jeschli/1systems/brauerei/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 791c6a954..45e69db5a 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -67,6 +67,9 @@ gotools # dev tools gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland # document viewer zathura ]; From a7e47e0bf5258fd125a93077f1d82af900816152 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 16 Dec 2017 16:18:17 +0100 Subject: [PATCH 65/71] jeschli urxvt: *font-size --- jeschli/2configs/urxvt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix index d276933b2..a2e02de35 100644 --- a/jeschli/2configs/urxvt.nix +++ b/jeschli/2configs/urxvt.nix @@ -28,7 +28,7 @@ with import ; URxvt*scrollBar: false URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=22 + URxvt*font: xft:DejaVu Sans Mono:pixelsize=20 URXvt*faceSize: 12 ''; } From 06b7cfbae610ba3c5f585a1e80555a6cda732664 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 16 Dec 2017 16:55:53 +0100 Subject: [PATCH 66/71] jeschli brauerei: +user.jamie --- jeschli/1systems/brauerei/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 45e69db5a..171a002da 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -114,6 +114,10 @@ isNormalUser = true; uid = 1000; }; + users.extraUsers.jamie = { + isNormalUser = true; + uid = 1001; + }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" From bf9d3272d1185c57c9f0a5843a1212205da67a14 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Dec 2017 01:04:32 +0100 Subject: [PATCH 67/71] l prism.r: add git to containers --- lass/1systems/prism/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a318ce412..1cca76331 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -186,6 +186,7 @@ in { #hotdog containers.hotdog = { config = { ... }: { + environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey @@ -201,6 +202,7 @@ in { #kaepsele containers.kaepsele = { config = { ... }: { + environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey @@ -217,6 +219,7 @@ in { #onondaga containers.onondaga = { config = { ... }: { + environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey From 2a441c59adcec203091401f5f6b72c5ac1e87c51 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Dec 2017 01:05:30 +0100 Subject: [PATCH 68/71] l: get secrets from pass --- lass/source.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lass/source.nix b/lass/source.nix index 710bfdf2d..66cdacea8 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -12,9 +12,12 @@ in url = https://github.com/nixos/nixpkgs; ref = "cb751f9"; }; - secrets.file = getAttr builder { - buildbot = toString ; - lass = "/home/lass/secrets/${name}"; + secrets = getAttr builder { + buildbot.file = toString ; + lass.pass = { + dir = "${getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; }; stockholm.file = toString ; } From 8f80cd6fb41f963362d8044187f38b54244c227a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Dec 2017 11:01:35 +0100 Subject: [PATCH 69/71] l nixpkgs: cb751f9 -> af7e479 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 66cdacea8..bf992d4d2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "cb751f9"; + ref = "af7e479"; }; secrets = getAttr builder { buildbot.file = toString ; From 2500fb454b12782792cdd5945278bdcae1b0805d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Dec 2017 18:52:35 +0100 Subject: [PATCH 70/71] l helios.r: ignore lidswitch --- krebs/3modules/lass/default.nix | 2 +- lass/1systems/helios/config.nix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ba6d85e7a..0567d58ba 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,7 +44,7 @@ with import ; cores = 2; nets = rec { internet = { - ip4.addr = "45.62.226.163"; + ip4.addr = "64.137.242.41"; aliases = [ "echelon.i" ]; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 03a065d9c..8bd9735a9 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -156,4 +156,7 @@ with import ; services.printing.drivers = [ pkgs.postscript-lexmark ]; + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; } From 676c76dd8e0b5cbe3d1bdba49b21b1b5cfc578a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Dec 2017 18:53:15 +0100 Subject: [PATCH 71/71] l: hledger -> bank --- lass/2configs/baseX.nix | 2 +- lass/5pkgs/default.nix | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0ff47407a..6f5533b0d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -66,12 +66,12 @@ in { environment.systemPackages = with pkgs; [ acpi + bank dic dmenu gi git-preview gitAndTools.qgit - haskellPackages.hledger lm_sensors mpv-poll much diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 10df08e7f..a158cd3c6 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -21,6 +21,17 @@ xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; + bank = pkgs.writeDashBin "bank" '' + tmp=$(mktemp) + ${pkgs.pass}/bin/pass show hledger > $tmp + ${pkgs.hledger}/bin/hledger --file=$tmp "$@" + ${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then + exit 0 + else + ${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger + fi + ${pkgs.coreutils}/bin/rm $tmp + ''; screengrab = pkgs.writeDashBin "screengrab" '' resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1