Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2019-02-02 09:16:32 +01:00
commit bca298e1a8
22 changed files with 332 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
krebs/2configs/reaktor2.nix
View File

@ -61,7 +61,7 @@ let
];
hooks.PRIVMSG = [
{
pattern = "^bier bal(ance)*$";
pattern = "^bier bal(an(ce)?)?$";
activate = "match";
command = {
env = {
@ -134,6 +134,7 @@ in {
};
r = {
nick = "reaktor2|krebs";
sendDelaySec = null;
plugins = [
{
plugin = "register";

5
krebs/2configs/shack/mobile.mpd.nix
View File

@ -1,5 +1,8 @@
{lib,pkgs, ... }:
let
pkg = lib.overrideDerivation pkgs.ympd (old: {
patches = [ ./ympd-top-next.patch ];
});
mpdHost = "mpd.shack";
ympd = name: port: let
webPort = 10000 + port;
@ -7,7 +10,7 @@ let
systemd.services."ympd-${name}" = {
description = "mpd for ${name}";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
};
services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
serverAliases = [

16
krebs/2configs/shack/ympd-top-next.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/htdocs/index.html b/htdocs/index.html
index ed77279..eaf92b6 100644
--- a/htdocs/index.html
+++ b/htdocs/index.html
@@ -76,6 +76,11 @@
<div class="col-md-10 col-xs-12">
<div class="notifications top-right"></div>
+
+ <ul class="pager">
+ <li id="prev" class="page-btn hide"><a href="">Previous</a></li>
+ <li id="next" class="page-btn"><a href="">Next</a></li>
+ </ul>
<div class="panel panel-primary">
<!-- Default panel contents -->

29
krebs/3modules/external/default.nix vendored
View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
dpdkm = {
owner = config.krebs.users.Mic92;
@ -176,32 +177,6 @@ in {
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@ -419,8 +394,6 @@ in {
mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {
};
qubasa = {
mail = "luis.nixos@gmail.com";
};

81
krebs/3modules/external/palo.nix vendored Normal file
View File

@ -0,0 +1,81 @@
with import <stockholm/lib>;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
pepe = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.1";
tinc.port = 720;
aliases = [ "pepe.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.3";
tinc.port = 720;
aliases = [ "kruck.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
schasch = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.2";
tinc.port = 720;
aliases = [ "schasch.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workhorse = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.5";
tinc.port = 720;
aliases = [ "workhorse.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workout = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.4";
tinc.port = 720;
aliases = [ "workout.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
};
users = {
palo = {
};
};
}

13
krebs/3modules/external/tinc/palo.pub vendored Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
-----END RSA PUBLIC KEY-----

4
krebs/3modules/reaktor2.nix
View File

@ -33,6 +33,10 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
sendDelaySec = mkOption {
default = 0.7;
type = types.nullOr types.float;
};
username = mkOption {
default = self.config.systemd-service-name;
type = types.username;

14
krebs/krops.nix
View File

@ -9,13 +9,19 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
derivation = ''
with import <nixpkgs> {};
derivation = let
rev = (lib.importJSON ./nixpkgs.json).rev;
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${(lib.importJSON ./nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}";
rev = "${rev}";
sha256 = "${sha256}";
}
'';
} else {

14
lass/1systems/blue/source.nix
View File

@ -1,13 +1,19 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
derivation = ''
with import <nixpkgs> {};
derivation = let
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
sha256 = "${sha256}";
}) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
rev = "${rev}";
sha256 = "${sha256}";
}
'';
};

1
lass/1systems/mors/config.nix
View File

@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain

11
lass/2configs/hardening.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, lib, ... }:
with lib;
{
security.chromiumSuidSandbox.enable = true;
security.lockKernelModules = false;
boot.kernel.sysctl."user.max_user_namespaces" = 63414;
imports = [
<nixpkgs/nixos/modules/profiles/hardened.nix>
];
}

51
lass/2configs/radio.nix
View File

@ -170,32 +170,45 @@ in {
};
};
krebs.Reaktor.playlist = {
nickname = "the_playlist|r";
krebs.reaktor2.the_playlist = {
hostname = "irc.freenode.org";
port = "6697";
useTLS = true;
nick = "the_playlist";
plugins = [
{
plugin = "register";
config = {
channels = [
"#the_playlist"
"#krebs"
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
};
plugins = with pkgs.ReaktorPlugins; [
(buildSimpleReaktorPlugin "skip" {
script = "${skip_track}/bin/skip_track";
pattern = "^skip$";
})
(buildSimpleReaktorPlugin "current" {
script = "${print_current}/bin/print_current";
pattern = "^current$";
})
(buildSimpleReaktorPlugin "suggest" {
script = "${pkgs.writeDash "suggest" ''
echo "$@" >> $HOME/playlist_suggest
''}";
pattern = "^suggest: (?P<args>.*)$";
})
}
{
plugin = "system";
config = {
workdir = config.krebs.reaktor2.the_playlist.stateDir;
hooks.PRIVMSG = [
{
activate = "match";
pattern = ''!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
commands = {
skip.filename = "${skip_track}/bin/skip_track";
current.filename = "${print_current}/bin/print_current";
suggest.filename = pkgs.writeDash "suggest" ''
echo "$@" >> playlist_suggest
'';
};
}
];
};
}
];
};
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {

26
lass/2configs/reaktor-coders.nix
View File

@ -32,6 +32,7 @@ in {
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
@ -46,37 +47,22 @@ in {
-e "$@"
'';
in {
pl = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-pl" ''
pl.filename = pkgs.writeDash "lambdabot-pl" ''
${lambdabotWrapper} "@pl $1"
'';
};
type = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-type" ''
type.filename = pkgs.writeDash "lambdabot-type" ''
${lambdabotWrapper} "@type $1"
'';
};
"let" = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-let" ''
"let".filename = pkgs.writeDash "lambdabot-let" ''
${lambdabotWrapper} "@let $1"
'';
};
run = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-run" ''
run.filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
};
kind = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-kind" ''
kind.filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
};
}
{
activate = "match";

3
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.MouseResizableTile (mouseResizableTile)
import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeOne

0
makefu/0tests/data/secrets/nixos-community Normal file
View File

4
makefu/1systems/x/config.nix
View File

@ -14,10 +14,12 @@
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/dict.nix>
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
<stockholm/makefu/2configs/support-nixos.nix>
# Debugging
# <stockholm/makefu/2configs/disable_v6.nix>
@ -64,7 +66,7 @@
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
# <stockholm/makefu/2configs/remote-build/master.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>

7
makefu/2configs/bureautomation/default.nix
View File

@ -5,7 +5,7 @@ let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
@ -14,9 +14,10 @@ let
test $state = alerting || exit 0
echo $name - $state
curl 'http://bauarbeiterlampe/ay?o=1'
topic=plug
mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON
sleep 5
curl 'http://bauarbeiterlampe/ay?o=1'
mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
'';
in {
services.logstash = {

95
makefu/2configs/bureautomation/hass.nix
View File

@ -1,5 +1,40 @@
{ pkgs, lib, ... }:
let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/bam/${topic}/stat/Dimmer";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/bam/${topic}/stat/Scheme";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
};
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
@ -74,6 +109,10 @@ in {
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
(tasmota_plug "Nachtlicht" "plug5")
];
light = [
(tasmota_rgb "Status Felix" "status1")
];
binary_sensor = [
{ platform = "mqtt";
@ -169,12 +208,16 @@ in {
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
"automation.turn_off_nachtlicht_on_sunrise"
"automation.turn_on_nachtlicht_on_motion_and_dusk"
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.feuer"
"switch.nachtlicht"
"light.status_felix"
];
camera = [
"camera.Baumarkt"
@ -207,7 +250,51 @@ in {
};
action = {
service = "homeassistant.turn_on";
entity_id = [ "switch.fernseher" "switch.feuer" ];
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
}
{
alias = "Turn off Nachtlicht on sunrise";
trigger =
{
platform = "sun";
event = "sunrise";
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ "switch.nachtlicht" ];
};
}
{
alias = "Turn on Nachtlicht on motion and dusk";
trigger =
{
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
condition = # 'when dark'
{
condition = "or";
conditions = [
{ condition = "sun";
after = "sunset";
after_offset = "-00:45:00"; # on dusk
}
{ condition = "sun";
before = "sunrise";
}
];
};
action =
{
service = "homeassistant.turn_on";
entity_id = [ "switch.nachtlicht" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
@ -226,7 +313,11 @@ in {
];
action = {
service = "homeassistant.turn_off";
entity_id = [ "switch.fernseher" "switch.feuer" ];
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
condition =
{ condition = "and";

5
makefu/2configs/dict.nix Normal file
View File

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
services.dictd.enable = true;
services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ];
}

15
makefu/2configs/remote-build/aarch64-community.nix Normal file
View File

@ -0,0 +1,15 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshKey = toString <secrets/nixos-community>;
sshUser = "makefu";
system = "aarch64-linux";
supportedFeatures = [ "big-parallel" ];
}
];
};
}

1
makefu/2configs/tools/dev.nix
View File

@ -4,6 +4,7 @@
users.users.makefu.packages = with pkgs;[
python3
python3Packages.pyserial
picocom
python3Packages.virtualenv
# embedded
gi

5
makefu/2configs/virtualisation/virtualbox.nix
View File

@ -2,8 +2,7 @@
{
virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true;
virtualisation.virtualbox.host.enableHardening = false;
virtualisation.virtualbox.host.enableExtensionPack = true;
# virtualisation.virtualbox.host.enableHardening = false;
users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
}