From 2b8f8363392a7b337b3f67ffae93719f15952754 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 4 Jan 2017 08:36:29 +0100 Subject: [PATCH 01/95] infest/prepare: fix style inconsistencies --- krebs/4lib/infest/prepare.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index e265b0e67..3068e2b00 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -143,10 +143,10 @@ prepare_common() {( mkdir -p /mnt/boot if mount | grep -Fq ' on /boot type '; then - bootdev=$(mount | grep " on /boot type " | sed 's/ .*//') - mount $bootdev /mnt/boot + bootpart=$(mount | grep ' on /boot type ' | sed 's/ .*//') + mount $bootpart /mnt/boot else - mount --bind /boot/ /mnt/boot + mount --bind /boot /mnt/boot fi fi @@ -155,7 +155,7 @@ prepare_common() {( # prepare install directory # - rootpart=$(mount | grep " on / type" | sed 's/ .*//') + rootpart=$(mount | grep ' on / type ' | sed 's/ .*//') mkdir -p /mnt/etc/nixos mkdir -m 0555 -p /mnt/var/empty From 19f8234cef2934e0a0c43a28efbf9a057154c704 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 4 Jan 2017 08:36:55 +0100 Subject: [PATCH 02/95] infest/prepare: touch /mnt/var/src/.populate --- krebs/4lib/infest/prepare.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 3068e2b00..3f5d66431 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -159,6 +159,8 @@ prepare_common() {( mkdir -p /mnt/etc/nixos mkdir -m 0555 -p /mnt/var/empty + mkdir -p /mnt/var/src + touch /mnt/var/src/.populate if ! mount | grep -Fq "$rootpart on /mnt/root type "; then mkdir -p /mnt/root From 3607bd0832d0f47a4bf56cae7e4cb14f6e257bc9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 4 Jan 2017 11:50:37 +0100 Subject: [PATCH 03/95] cd: hart eingeCACt --- krebs/3modules/tv/default.nix | 2 +- tv/1systems/cd.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d44c322aa..1220143a7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -85,7 +85,7 @@ with import ; }; nets = { internet = { - ip4.addr = "45.62.237.203"; + ip4.addr = "64.137.177.226"; aliases = [ "cd.i" "cd.krebsco.de" diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 108006f34..b718d19b8 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -16,11 +16,11 @@ with import ; networking = { interfaces.enp2s1.ip4 = singleton { address = let - addr = "45.62.237.203"; + addr = "64.137.177.226"; in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; prefixLength = 24; }; - defaultGateway = "45.62.237.1"; + defaultGateway = "64.137.177.1"; nameservers = ["8.8.8.8"]; }; From 0d4911ce2f7b44af8e04bfd37f25593aa1c33eda Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 4 Jan 2017 12:23:42 +0100 Subject: [PATCH 04/95] tv backup: drop *-pull-cd-ejabberd --- tv/2configs/backup.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 7c91b1cf1..5cc86cfdd 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -46,12 +46,6 @@ with import ; dst = { host = config.krebs.hosts.zu; path = "/bku/xu-home"; }; startAt = "06:20"; }; - xu-pull-cd-ejabberd = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/cd-ejabberd"; }; - startAt = "07:00"; - }; xu-pull-cd-home = { method = "pull"; src = { host = config.krebs.hosts.cd; path = "/home"; }; @@ -76,12 +70,6 @@ with import ; dst = { host = config.krebs.hosts.xu; path = "/bku/zu-home"; }; startAt = "05:00"; }; - zu-pull-cd-ejabberd = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/cd-ejabberd"; }; - startAt = "06:00"; - }; zu-pull-cd-home = { method = "pull"; src = { host = config.krebs.hosts.cd; path = "/home"; }; From ef757f6e37ac02e18e04dd2fdf15d6d723a679ec Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 5 Jan 2017 21:03:23 +0100 Subject: [PATCH 05/95] tv: use body instead of out --- tv/2configs/git.nix | 6 +++--- tv/2configs/vim.nix | 7 +++---- tv/3modules/iptables.nix | 16 +++------------- 3 files changed, 9 insertions(+), 20 deletions(-) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 48d738365..9ccb0a057 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -2,9 +2,9 @@ with import ; -let +let { - out = { + body = { krebs.git = { enable = true; cgit = { @@ -123,4 +123,4 @@ let perm = fetch; }; -in out +} diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index cc59a95a5..1ffafe9c9 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: with import ; -let - out = { +let { + body = { environment.systemPackages = [ vim ]; @@ -411,5 +411,4 @@ let catch /^Vim\%((\a\+)\)\=:E484/ endtry ''; -in -out +} diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 7276726ca..803ed6fbf 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: with import ; -let +let { cfg = config.tv.iptables; - out = { + body = { options.tv.iptables = api; config = lib.mkIf cfg.enable imp; }; @@ -146,14 +146,4 @@ let )} COMMIT ''; -in out - -#let -# cfg = config.tv.iptables; -# arg' = arg // { inherit cfg; }; -#in -# -#{ -# options.tv.iptables = import ./options.nix arg'; -# config = lib.mkIf cfg.enable (import ./config.nix arg'); -#} +} From 51bbf7f5c2077a5bab74a077049db7ef3d995ca9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 7 Jan 2017 12:51:06 +0100 Subject: [PATCH 06/95] alnus nixpkgs: d745044 -> e924319 --- tv/1systems/alnus.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix index bc6e3a6d8..4bc0318e8 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus.nix @@ -22,10 +22,6 @@ with import ; devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; }; }; - loader = { - efi.canTouchEfiVariables = true; - gummiboot.enable = true; - }; }; environment.systemPackages = with pkgs; [ @@ -62,7 +58,7 @@ with import ; krebs.build = { host = config.krebs.hosts.alnus; user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "d7450443c42228832c68fba203a7c15cfcfb264e"; + source.nixpkgs.git.ref = mkForce "e924319cb6c74aa2a9c943eddeb0caef79db01bc"; }; networking.networkmanager.enable = true; From 9779351be952095ed55ad4ccee98452a8838cfb9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 7 Jan 2017 13:28:23 +0100 Subject: [PATCH 07/95] krebs.git: add authorizedKeys only for users found in rules --- krebs/3modules/git.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 164831846..a08dbb32c 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -339,9 +339,11 @@ let description = "Git repository hosting user"; shell = "/bin/sh"; openssh.authorizedKeys.keys = - mapAttrsToList (_: makeAuthorizedKey git-ssh-command) - (filterAttrs (_: user: isString user.pubkey) - config.krebs.users); + unique + (sort lessThan + (map (makeAuthorizedKey git-ssh-command) + (filter (user: isString user.pubkey) + (concatMap (getAttr "user") cfg.rules)))); }; }; From 5d7a3d0cccc260565577a6441eadf12c1463a03d Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 8 Jan 2017 13:07:58 +0100 Subject: [PATCH 08/95] wu: resurrect --- tv/1systems/wu.nix | 15 +++++++++------ tv/2configs/hw/w110er.nix | 8 +++----- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index d5be57bb8..a9d7e94eb 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -23,7 +23,6 @@ with import ; # stockholm gnumake hashPassword - haskellPackages.lentil parallel # root @@ -47,7 +46,6 @@ with import ; p7zip push qrencode - texLive tmux #ack @@ -116,18 +114,23 @@ with import ; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "xts" ]; devices = [ - { name = "home"; device = "/dev/vg840/enchome"; preLVM = false; } + { name = "wuca"; device = "/dev/sda2"; } ]; }; fileSystems = { "/" = { - device = "/dev/mapper/vg840-wuroot"; + device = "/dev/mapper/wuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/wuvga-bku"; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; "/home" = { - device = "/dev/mapper/home"; + device = "/dev/mapper/wuvga-home"; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; @@ -174,5 +177,5 @@ with import ; KERNEL=="hpet", GROUP="audio" ''; - services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; } diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix index aa8292441..787bfc6e9 100644 --- a/tv/2configs/hw/w110er.nix +++ b/tv/2configs/hw/w110er.nix @@ -12,9 +12,11 @@ boot.initrd.availableKernelModules = [ "ahci" ]; boot.kernelModules = [ "kvm-intel" ]; - boot.loader.gummiboot.enable = true; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + hardware.opengl.extraPackages = [ pkgs.vaapiIntel ]; + networking.wireless.enable = true; nix = { @@ -31,10 +33,6 @@ HandleSuspendKey=ignore ''; - services.xserver = { - vaapiDrivers = [ pkgs.vaapiIntel ]; - }; - system.activationScripts.powertopTunables = '' echo 1 > /sys/module/snd_hda_intel/parameters/power_save echo 1500 > /proc/sys/vm/dirty_writeback_centisecs From 13aa779c4422eee2af9fc686eb66a7de5d79abab Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 16:38:22 +0100 Subject: [PATCH 09/95] k 5: add telegraf we need it here until the new stable branch is released --- krebs/5pkgs/telegraf/default.nix | 27 ++ krebs/5pkgs/telegraf/deps-1.1.2.nix | 588 ++++++++++++++++++++++++++++ 2 files changed, 615 insertions(+) create mode 100644 krebs/5pkgs/telegraf/default.nix create mode 100644 krebs/5pkgs/telegraf/deps-1.1.2.nix diff --git a/krebs/5pkgs/telegraf/default.nix b/krebs/5pkgs/telegraf/default.nix new file mode 100644 index 000000000..996c839ac --- /dev/null +++ b/krebs/5pkgs/telegraf/default.nix @@ -0,0 +1,27 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "telegraf-${version}"; + version = "1.1.2"; + + goPackagePath = "github.com/influxdata/telegraf"; + + excludedPackages = "test"; + + src = fetchFromGitHub { + owner = "influxdata"; + repo = "telegraf"; + rev = "${version}"; + sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2"; + }; + + goDeps = ./. + builtins.toPath "/deps-${version}.nix"; + + meta = with lib; { + description = "The plugin-driven server agent for collecting & reporting metrics."; + license = licenses.mit; + homepage = https://www.influxdata.com/time-series-platform/telegraf/; + maintainers = with maintainers; [ mic92 roblabla ]; + platforms = platforms.linux; + }; +} diff --git a/krebs/5pkgs/telegraf/deps-1.1.2.nix b/krebs/5pkgs/telegraf/deps-1.1.2.nix new file mode 100644 index 000000000..b62ae44db --- /dev/null +++ b/krebs/5pkgs/telegraf/deps-1.1.2.nix @@ -0,0 +1,588 @@ +# This file was generated by go2nix. +[ + { + goPackagePath = "github.com/Shopify/sarama"; + fetch = { + type = "git"; + url = "https://github.com/Shopify/sarama"; + rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9"; + sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv"; + }; + } + { + goPackagePath = "github.com/Sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/Sirupsen/logrus"; + rev = "219c8cb75c258c552e999735be6df753ffc7afdc"; + sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6"; + }; + } + { + goPackagePath = "github.com/aerospike/aerospike-client-go"; + fetch = { + type = "git"; + url = "https://github.com/aerospike/aerospike-client-go"; + rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63"; + sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219"; + }; + } + { + goPackagePath = "github.com/amir/raidman"; + fetch = { + type = "git"; + url = "https://github.com/amir/raidman"; + rev = "53c1b967405155bfc8758557863bf2e14f814687"; + sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4"; + }; + } + { + goPackagePath = "github.com/aws/aws-sdk-go"; + fetch = { + type = "git"; + url = "https://github.com/aws/aws-sdk-go"; + rev = "13a12060f716145019378a10e2806c174356b857"; + sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h"; + }; + } + { + goPackagePath = "github.com/beorn7/perks"; + fetch = { + type = "git"; + url = "https://github.com/beorn7/perks"; + rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4"; + sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r"; + }; + } + { + goPackagePath = "github.com/cenkalti/backoff"; + fetch = { + type = "git"; + url = "https://github.com/cenkalti/backoff"; + rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99"; + sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w"; + }; + } + { + goPackagePath = "github.com/couchbase/go-couchbase"; + fetch = { + type = "git"; + url = "https://github.com/couchbase/go-couchbase"; + rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1"; + sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr"; + }; + } + { + goPackagePath = "github.com/couchbase/gomemcached"; + fetch = { + type = "git"; + url = "https://github.com/couchbase/gomemcached"; + rev = "a5ea6356f648fec6ab89add00edd09151455b4b2"; + sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi"; + }; + } + { + goPackagePath = "github.com/couchbase/goutils"; + fetch = { + type = "git"; + url = "https://github.com/couchbase/goutils"; + rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6"; + sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c"; + }; + } + { + goPackagePath = "github.com/dancannon/gorethink"; + fetch = { + type = "git"; + url = "https://github.com/dancannon/gorethink"; + rev = "e7cac92ea2bc52638791a021f212145acfedb1fc"; + sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g"; + }; + } + { + goPackagePath = "github.com/davecgh/go-spew"; + fetch = { + type = "git"; + url = "https://github.com/davecgh/go-spew"; + rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d"; + sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk"; + }; + } + { + goPackagePath = "github.com/docker/engine-api"; + fetch = { + type = "git"; + url = "https://github.com/docker/engine-api"; + rev = "8924d6900370b4c7e7984be5adc61f50a80d7537"; + sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n"; + }; + } + { + goPackagePath = "github.com/docker/go-connections"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-connections"; + rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb"; + sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg"; + }; + } + { + goPackagePath = "github.com/docker/go-units"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-units"; + rev = "5d2041e26a699eaca682e2ea41c8f891e1060444"; + sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i"; + }; + } + { + goPackagePath = "github.com/eapache/go-resiliency"; + fetch = { + type = "git"; + url = "https://github.com/eapache/go-resiliency"; + rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3"; + sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21"; + }; + } + { + goPackagePath = "github.com/eapache/queue"; + fetch = { + type = "git"; + url = "https://github.com/eapache/queue"; + rev = "ded5959c0d4e360646dc9e9908cff48666781367"; + sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n"; + }; + } + { + goPackagePath = "github.com/eclipse/paho.mqtt.golang"; + fetch = { + type = "git"; + url = "https://github.com/eclipse/paho.mqtt.golang"; + rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86"; + sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh"; + }; + } + { + goPackagePath = "github.com/go-sql-driver/mysql"; + fetch = { + type = "git"; + url = "https://github.com/go-sql-driver/mysql"; + rev = "1fca743146605a172a266e1654e01e5cd5669bee"; + sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38"; + }; + } + { + goPackagePath = "github.com/gobwas/glob"; + fetch = { + type = "git"; + url = "https://github.com/gobwas/glob"; + rev = "49571a1557cd20e6a2410adc6421f85b66c730b5"; + sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "552c7b9542c194800fd493123b3798ef0a832032"; + sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm"; + }; + } + { + goPackagePath = "github.com/golang/snappy"; + fetch = { + type = "git"; + url = "https://github.com/golang/snappy"; + rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380"; + sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn"; + }; + } + { + goPackagePath = "github.com/gonuts/go-shellquote"; + fetch = { + type = "git"; + url = "https://github.com/gonuts/go-shellquote"; + rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2"; + sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg"; + }; + } + { + goPackagePath = "github.com/gorilla/context"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/context"; + rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a"; + sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4"; + }; + } + { + goPackagePath = "github.com/gorilla/mux"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/mux"; + rev = "c9e326e2bdec29039a3761c07bece13133863e1e"; + sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6"; + }; + } + { + goPackagePath = "github.com/hailocab/go-hostpool"; + fetch = { + type = "git"; + url = "https://github.com/hailocab/go-hostpool"; + rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478"; + sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny"; + }; + } + { + goPackagePath = "github.com/hashicorp/consul"; + fetch = { + type = "git"; + url = "https://github.com/hashicorp/consul"; + rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2"; + sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw"; + }; + } + { + goPackagePath = "github.com/hpcloud/tail"; + fetch = { + type = "git"; + url = "https://github.com/hpcloud/tail"; + rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56"; + sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s"; + }; + } + { + goPackagePath = "github.com/influxdata/config"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/config"; + rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da"; + sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z"; + }; + } + { + goPackagePath = "github.com/influxdata/influxdb"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/influxdb"; + rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae"; + sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq"; + }; + } + { + goPackagePath = "github.com/influxdata/toml"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/toml"; + rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0"; + sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4"; + }; + } + { + goPackagePath = "github.com/influxdata/wlog"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/wlog"; + rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec"; + sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl"; + }; + } + { + goPackagePath = "github.com/kardianos/osext"; + fetch = { + type = "git"; + url = "https://github.com/kardianos/osext"; + rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc"; + sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a"; + }; + } + { + goPackagePath = "github.com/kardianos/service"; + fetch = { + type = "git"; + url = "https://github.com/kardianos/service"; + rev = "5e335590050d6d00f3aa270217d288dda1c94d0a"; + sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h"; + }; + } + { + goPackagePath = "github.com/klauspost/crc32"; + fetch = { + type = "git"; + url = "https://github.com/klauspost/crc32"; + rev = "19b0b332c9e4516a6370a0456e6182c3b5036720"; + sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r"; + }; + } + { + goPackagePath = "github.com/lib/pq"; + fetch = { + type = "git"; + url = "https://github.com/lib/pq"; + rev = "e182dc4027e2ded4b19396d638610f2653295f36"; + sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj"; + }; + } + { + goPackagePath = "github.com/matttproud/golang_protobuf_extensions"; + fetch = { + type = "git"; + url = "https://github.com/matttproud/golang_protobuf_extensions"; + rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453"; + sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r"; + }; + } + { + goPackagePath = "github.com/miekg/dns"; + fetch = { + type = "git"; + url = "https://github.com/miekg/dns"; + rev = "cce6c130cdb92c752850880fd285bea1d64439dd"; + sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx"; + }; + } + { + goPackagePath = "github.com/mreiferson/go-snappystream"; + fetch = { + type = "git"; + url = "https://github.com/mreiferson/go-snappystream"; + rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504"; + sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6"; + }; + } + { + goPackagePath = "github.com/naoina/go-stringutil"; + fetch = { + type = "git"; + url = "https://github.com/naoina/go-stringutil"; + rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b"; + sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6"; + }; + } + { + goPackagePath = "github.com/nats-io/nats"; + fetch = { + type = "git"; + url = "https://github.com/nats-io/nats"; + rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165"; + sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1"; + }; + } + { + goPackagePath = "github.com/nats-io/nuid"; + fetch = { + type = "git"; + url = "https://github.com/nats-io/nuid"; + rev = "a5152d67cf63cbfb5d992a395458722a45194715"; + sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40"; + }; + } + { + goPackagePath = "github.com/nsqio/go-nsq"; + fetch = { + type = "git"; + url = "https://github.com/nsqio/go-nsq"; + rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980"; + sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr"; + }; + } + { + goPackagePath = "github.com/opencontainers/runc"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/runc"; + rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8"; + sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1"; + }; + } + { + goPackagePath = "github.com/prometheus/client_golang"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/client_golang"; + rev = "18acf9993a863f4c4b40612e19cdd243e7c86831"; + sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv"; + }; + } + { + goPackagePath = "github.com/prometheus/client_model"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/client_model"; + rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6"; + sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9"; + }; + } + { + goPackagePath = "github.com/prometheus/common"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/common"; + rev = "e8eabff8812b05acf522b45fdcd725a785188e37"; + sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq"; + }; + } + { + goPackagePath = "github.com/prometheus/procfs"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/procfs"; + rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8"; + sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8"; + }; + } + { + goPackagePath = "github.com/samuel/go-zookeeper"; + fetch = { + type = "git"; + url = "https://github.com/samuel/go-zookeeper"; + rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f"; + sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2"; + }; + } + { + goPackagePath = "github.com/shirou/gopsutil"; + fetch = { + type = "git"; + url = "https://github.com/shirou/gopsutil"; + rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08"; + sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni"; + }; + } + { + goPackagePath = "github.com/soniah/gosnmp"; + fetch = { + type = "git"; + url = "https://github.com/soniah/gosnmp"; + rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26"; + sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib"; + }; + } + { + goPackagePath = "github.com/streadway/amqp"; + fetch = { + type = "git"; + url = "https://github.com/streadway/amqp"; + rev = "b4f3ceab0337f013208d31348b578d83c0064744"; + sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c"; + sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl"; + }; + } + { + goPackagePath = "github.com/vjeantet/grok"; + fetch = { + type = "git"; + url = "https://github.com/vjeantet/grok"; + rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2"; + sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80"; + }; + } + { + goPackagePath = "github.com/wvanbergen/kafka"; + fetch = { + type = "git"; + url = "https://github.com/wvanbergen/kafka"; + rev = "46f9a1cf3f670edec492029fadded9c2d9e18866"; + sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694"; + }; + } + { + goPackagePath = "github.com/wvanbergen/kazoo-go"; + fetch = { + type = "git"; + url = "https://github.com/wvanbergen/kazoo-go"; + rev = "0f768712ae6f76454f987c3356177e138df258f8"; + sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16"; + }; + } + { + goPackagePath = "github.com/yuin/gopher-lua"; + fetch = { + type = "git"; + url = "https://github.com/yuin/gopher-lua"; + rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808"; + sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm"; + }; + } + { + goPackagePath = "github.com/zensqlmonitor/go-mssqldb"; + fetch = { + type = "git"; + url = "https://github.com/zensqlmonitor/go-mssqldb"; + rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363"; + sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6"; + sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "6acef71eb69611914f7a30939ea9f6e194c78172"; + sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc"; + }; + } + { + goPackagePath = "golang.org/x/text"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/text"; + rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34"; + sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1"; + }; + } + { + goPackagePath = "gopkg.in/dancannon/gorethink.v1"; + fetch = { + type = "git"; + url = "https://gopkg.in/dancannon/gorethink.v1"; + rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef"; + sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi"; + }; + } + { + goPackagePath = "gopkg.in/fatih/pool.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/fatih/pool.v2"; + rev = "cba550ebf9bce999a02e963296d4bc7a486cb715"; + sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0"; + }; + } + { + goPackagePath = "gopkg.in/mgo.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/mgo.v2"; + rev = "d90005c5262a3463800497ea5a89aed5fe22c886"; + sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7"; + }; + } + { + goPackagePath = "gopkg.in/yaml.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/yaml.v2"; + rev = "a83829b6f1293c91addabc89d0571c246397bbf4"; + sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh"; + }; + } +] From 91c4f86b31941843ab4a9788dc76ebf18adc871f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:03:59 +0100 Subject: [PATCH 10/95] k 5: add kapacitor we add this here until 17.03 is released --- krebs/5pkgs/kapacitor/default.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 krebs/5pkgs/kapacitor/default.nix diff --git a/krebs/5pkgs/kapacitor/default.nix b/krebs/5pkgs/kapacitor/default.nix new file mode 100644 index 000000000..804826941 --- /dev/null +++ b/krebs/5pkgs/kapacitor/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + name = "kapacitor-${version}"; + version = "1.0.0"; + + goPackagePath = "github.com/influxdata/kapacitor"; + + src = fetchFromGitHub { + owner = "influxdata"; + repo = "kapacitor"; + rev = "v${version}"; + sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh"; + }; + + meta = with lib; { + description = "Open source framework for processing, monitoring, and alerting on time series data"; + license = licenses.mit; + homepage = https://influxdata.com/time-series-platform/kapacitor/; + maintainers = with maintainers; [offline]; + platforms = with platforms; linux; + }; +} From 43eaeee506939af8dc1d169754c5279b2372a134 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:07:59 +0100 Subject: [PATCH 11/95] l 3: add telegraf service --- lass/3modules/default.nix | 1 + lass/3modules/telegraf.nix | 67 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 lass/3modules/telegraf.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index b169fea40..1046fb7cd 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,5 +9,6 @@ _: ./urxvtd.nix ./usershadow.nix ./xresources.nix + ./telegraf.nix ]; } diff --git a/lass/3modules/telegraf.nix b/lass/3modules/telegraf.nix new file mode 100644 index 000000000..64b323460 --- /dev/null +++ b/lass/3modules/telegraf.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.telegraf; + + out = { + options.lass.telegraf = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "telegraf"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/telegraf"; + }; + user = mkOption { + type = types.str; + default = "telegraf"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + [agent] + interval = "1s" + + [outputs] + + # Configuration to send data to InfluxDB. + [outputs.influxdb] + urls = ["http://localhost:8086"] + database = "kapacitor_example" + user_agent = "telegraf" + + # Collect metrics about cpu usage + [cpu] + percpu = false + totalcpu = true + drop = ["cpu_time"] + ''; + description = "configuration telegraf is started with"; + }; + }; + + configFile = pkgs.writeText "telegraf.conf" cfg.config; + + imp = { + + systemd.services.telegraf = { + description = "telegraf"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}"; + }; + }; + }; + +in out From d8a52b784450909780f771d6550444ed66d6b667 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:09:52 +0100 Subject: [PATCH 12/95] l 3: add kapacitor service --- lass/3modules/default.nix | 1 + lass/3modules/kapacitor.nix | 101 ++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 lass/3modules/kapacitor.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1046fb7cd..2bf2df8b3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,6 +9,7 @@ _: ./urxvtd.nix ./usershadow.nix ./xresources.nix + ./kapacitor.nix ./telegraf.nix ]; } diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix new file mode 100644 index 000000000..023801987 --- /dev/null +++ b/lass/3modules/kapacitor.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.kapacitor; + + out = { + options.lass.kapacitor = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "kapacitor"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/kapacitor"; + }; + user = mkOption { + type = types.str; + default = "kapacitor"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + hostname = "localhost" + data_dir = "/home/lass/.kapacitor" + + [http] + bind-address = ":9092" + auth-enabled = false + log-enabled = true + write-tracing = false + pprof-enabled = false + https-enabled = false + https-certificate = "/etc/ssl/kapacitor.pem" + shutdown-timeout = "10s" + shared-secret = "" + + [replay] + dir = "${cfg.dataDir}/replay" + + [storage] + boltdb = "${cfg.dataDir}/kapacitor.db" + + [task] + dir = "${cfg.dataDir}/tasks" + snapshot-interval = "1m0s" + + [[influxdb]] + enabled = true + name = "default" + default = false + urls = ["http://localhost:8086"] + username = "" + password = "" + ssl-ca = "" + ssl-cert = "" + ssl-key = "" + insecure-skip-verify = false + timeout = "0s" + disable-subscriptions = false + subscription-protocol = "http" + udp-bind = "" + udp-buffer = 1000 + udp-read-buffer = 0 + startup-timeout = "5m0s" + subscriptions-sync-interval = "1m0s" + [influxdb.subscriptions] + [influxdb.excluded-subscriptions] + _kapacitor = ["autogen"] + + [logging] + file = "STDERR" + level = "INFO" + ''; + description = "configuration kapacitor is started with"; + }; + }; + + configFile = pkgs.writeText "kapacitor.conf" cfg.config; + + imp = { + + systemd.services.kapacitor = { + description = "kapacitor"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}"; + }; + }; + }; + +in out From 4097f5167196dadfa53865769c242126746285d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:12:50 +0100 Subject: [PATCH 13/95] l 1 shodan: reinstall with btrfs --- lass/1systems/shodan.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 095898380..232e91d90 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -59,17 +59,13 @@ with import ; fileSystems = { "/" = { device = "/dev/pool/nix"; - fsType = "ext4"; + fsType = "btrfs"; }; "/boot" = { device = "/dev/sda1"; }; - "/home/lass" = { - device = "/dev/pool/home-lass"; - fsType = "ext4"; - }; "/tmp" = { device = "tmpfs"; fsType = "tmpfs"; @@ -77,7 +73,7 @@ with import ; }; "/bku" = { device = "/dev/pool/bku"; - fsType = "ext4"; + fsType = "btrfs"; }; }; From f239cecef9497e41054ecfedde284ecbc9e8364f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:13:24 +0100 Subject: [PATCH 14/95] l 2 hfos: forward smtp --- lass/2configs/hfos.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index f6f09e226..fc211dc92 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -21,12 +21,14 @@ with import ; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; } + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } ]; krebs.iptables.tables.filter.FORWARD.rules = [ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; From 154e0cf5cd33ff4a3a5657ed7b01674ba1e6a5e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:14:09 +0100 Subject: [PATCH 15/95] l 2 websites domsen: remove obsolete ssl function --- lass/2configs/websites/domsen.nix | 32 ------------------------------- 1 file changed, 32 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2bbfe7333..9361e3978 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -7,7 +7,6 @@ let genid_signed ; inherit (import {inherit lib pkgs;}) - ssl servePage serveOwncloud serveWordpress; @@ -25,47 +24,16 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" "www.karlaskop.de" ]) (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) (servePage [ "pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" ]) - (ssl [ - "ubikmedia.de" - "aldona.ubikmedia.de" - "apanowicz.de" - "nirwanabluete.de" - "aldonasiech.com" - "360gradvideo.tv" - "ubikmedia.eu" - "facts.cloud" - "youthtube.xyz" - "illucloud.eu" - "illucloud.de" - "illucloud.com" - "www.ubikmedia.de" - "www.aldona.ubikmedia.de" - "www.apanowicz.de" - "www.nirwanabluete.de" - "www.aldonasiech.com" - "www.360gradvideo.tv" - "www.ubikmedia.eu" - "www.facts.cloud" - "www.youthtube.xyz" - "www.illucloud.eu" - "www.illucloud.de" - "www.illucloud.com" - ]) (serveWordpress [ "ubikmedia.de" "apanowicz.de" From 44800f5ca9b79d64836cb1bb4c318b64182ad6aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:14:25 +0100 Subject: [PATCH 16/95] l 2 websites domsen: add ubikmedia subdomains --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9361e3978..01699001e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,6 +56,14 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "apanowicz.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "cinevita.ubikmedia.de" + "factscloud.ubikmedia.de" + "youthtube.ubikmedia.de" + "aldona2.ubikmedia.de" + "illucloud.ubikmedia.de" ]) ]; From ab07f1082e060f2fd98f1bd4b4f2c7a05a5c1972 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 19:38:07 +0100 Subject: [PATCH 17/95] l 2 nixpkgs: 819c1ab -> d98b556 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 6885ef59d..a33e69bf8 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "819c1ab486a9c81d6a6b76c759aedece2df39037"; + ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35"; }; } From 79cfd8b26f560e0d792a392efdcc7d7a9e1daf1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 14:53:48 +0100 Subject: [PATCH 18/95] l 2 vim: add flake8 for python style checking --- lass/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index bfaae24c8..f79e6b807 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -5,6 +5,7 @@ let out = { environment.systemPackages = [ vim + pkgs.pythonPackages.flake8 ]; environment.etc.vimrc.source = vimrc; From 52044fb27391acf4645ce09fcfd2fe85ffc47a94 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 16:17:44 +0100 Subject: [PATCH 19/95] l 2 xserver: add copyq to startup --- lass/2configs/xserver/default.nix | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 53c8f9444..cba4db766 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -2,6 +2,24 @@ with import ; let user = config.krebs.build.user; + + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; in { environment.systemPackages = [ @@ -109,4 +127,21 @@ in { User = user.name; }; }; + + systemd.services.copyq = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; + }; } From 5631dc07e776c7fb9efe822e70aafe1aab716a59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 16:18:00 +0100 Subject: [PATCH 20/95] l 5 xmonad: add copyq keybinding --- lass/5pkgs/xmonad-lass.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index ec3ad82af..2f2be6762 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -144,6 +144,8 @@ myKeyMap = , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig) , ("M4-S-q", return ()) + + , ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () From 92e989f69ba14400dc059edd5819a751b19e99da Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 17:27:07 +0100 Subject: [PATCH 21/95] l 2: add sshuttle config --- lass/2configs/baseX.nix | 8 ++++++++ lass/2configs/default.nix | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1e796015a..a67c25145 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -13,6 +13,14 @@ in { systemWide = true; }; } + { + krebs.per-user.lass.packages = [ + pkgs.sshuttle + ]; + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped + ''; + } ]; users.extraUsers.mainUser.extraGroups = [ "audio" "video" ]; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 6fea97728..1cb68a985 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -56,6 +56,12 @@ with import ; SSL_CERT_FILE = ca-bundle; }; }) + { + #for sshuttle + environment.systemPackages = [ + pkgs.pythonPackages.python + ]; + } ]; networking.hostName = config.krebs.build.host.name; From 899bbbd8207679a5384f5d4d191b4072738366b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 17:28:04 +0100 Subject: [PATCH 22/95] l 2 websites domsen: add www.ubikmedia.de --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 01699001e..71eae5b71 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,6 +56,7 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "www.ubikmedia.de" "apanowicz.ubikmedia.de" "karlaskop.ubikmedia.de" "nb.ubikmedia.de" From 0e6548c6f6278f2cacdcb9b098a6a92332ecf23e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:18:11 +0100 Subject: [PATCH 23/95] l 2 hfos: update riot pubkey --- lass/2configs/hfos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index fc211dc92..7d4d544aa 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -7,7 +7,7 @@ with import ; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" config.krebs.users.lass.pubkey ]; }; From fca1c21a1adf837f5312b97e98126fef023eee60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:18:33 +0100 Subject: [PATCH 24/95] l 2 websites fritz: remove obsolete ssl function --- lass/2configs/websites/fritz.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 00e987116..9bf7e4a9c 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -7,7 +7,6 @@ let head ; inherit (import {inherit lib pkgs;}) - ssl servePage serveWordpress ; @@ -29,28 +28,20 @@ in { imports = [ ./sqlBackup.nix - (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ]) (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - (ssl [ "gs-maubach.de" "www.gs-maubach.de" ]) (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - (ssl [ "eastuttgart.de" "www.eastuttgart.de" ]) (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) - (ssl [ "goldbarrendiebstahl.radical-dreamers.de" ]) (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; From 8616bb393f7c994c78af50f10058434610157e57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:40:32 +0100 Subject: [PATCH 25/95] l 1 prism: change sequence of ip addresses --- lass/1systems/prism.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 854c98f46..d07acebee 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -12,6 +12,22 @@ let in { imports = [ ../. + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + + } ../2configs/retiolum.nix ../2configs/exim-smarthost.nix ../2configs/downloading.nix @@ -48,22 +64,6 @@ in { lock.gid = 10001; }; } - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - - } { boot.loader.grub = { devices = [ From 8884c4274ddd54364e7215f2ce051a53ac542b99 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 11 Jan 2017 23:07:15 +0100 Subject: [PATCH 26/95] k 5 bepasty-client-cli: use recent git master --- krebs/5pkgs/bepasty-client-cli/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix index 990f99af6..c58e637b3 100644 --- a/krebs/5pkgs/bepasty-client-cli/default.nix +++ b/krebs/5pkgs/bepasty-client-cli/default.nix @@ -1,17 +1,18 @@ -{ lib, pkgs, pythonPackages, fetchurl, ... }: +{ lib, pkgs, pythonPackages, fetchFromGitHub, ... }: with pythonPackages; buildPythonPackage rec { - name = "bepasty-client-cli-${version}"; - version = "0.3.0"; + name = "bepasty-client-cli"; propagatedBuildInputs = [ python_magic click requests2 ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz"; - sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw"; + src = fetchFromGitHub { + owner = "bepasty"; + repo = "bepasty-client-cli"; + rev = "4b7135ba8ba1e17501de08ad7b6aca73c0d949d2"; + sha256 = "1svchyk9zai1vip9ppm12jm7wfjbdr9ijhgcd2n10xh73jrn9cnc"; }; meta = { From 63d3dd2c8cefdac0aaa0336824b08c46b72c1505 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 12 Jan 2017 00:18:43 +0100 Subject: [PATCH 27/95] l 2 retiolum: connect to existing hosts --- lass/2configs/retiolum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index eba40532d..7a7bf95be 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,9 +16,9 @@ enable = true; connectTo = [ "prism" - "pigstarter" "gum" - "flap" + "ni" + "dishfire" ]; }; From 270f385c72beea35d797d807c28a08811ebb614b Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 12 Jan 2017 22:21:21 +0100 Subject: [PATCH 28/95] nin: init --- krebs/3modules/default.nix | 1 + krebs/3modules/nin/default.nix | 40 ++++++++ nin/1systems/hiawatha.nix | 125 +++++++++++++++++++++++++ nin/2configs/default.nix | 165 +++++++++++++++++++++++++++++++++ nin/2configs/nixpkgs.nix | 8 ++ nin/2configs/retiolum.nix | 28 ++++++ nin/default.nix | 7 ++ 7 files changed, 374 insertions(+) create mode 100644 krebs/3modules/nin/default.nix create mode 100644 nin/1systems/hiawatha.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/nixpkgs.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/default.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bf09b7424..05982bd54 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -93,6 +93,7 @@ let { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } { krebs = import ./mv { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./shared { inherit config; }; } { krebs = import ./tv { inherit config; }; } { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..6f488fd25 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,40 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.retiolum" + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + + }; + users = { + nin = { + mail = "nin@hiawatha.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix new file mode 100644 index 000000000..26de00d18 --- /dev/null +++ b/nin/1systems/hiawatha.nix @@ -0,0 +1,125 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + ../. + + ../2configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + environment.etc.vimrc.source = pkgs.writeText "vimrc" '' + set nocp + ''; + + environment.systemPackages = with pkgs; [ + firefox + steam + thunderbird + vim + git + hexchat + networkmanagerapplet + ]; + + nixpkgs.config = { + + allowUnfree = true; + + firefox = { + enableGoogleTalkPlugin = true; + enableAdobeFlash = true; + }; + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 000000000..9b33e9c4a --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,165 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/nixpkgs.nix + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; + mainUser = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "retiolum"; + build = { + user = config.krebs.users.nin; + source = let inherit (config.krebs.build) host; in { + nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix"; + secrets.file = "/home/nin/secrets/${host.name}"; + stockholm.file = getEnv "PWD"; + }; + }; + }; + + nix.useSandbox = true; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + MANPAGER=most + ''; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + populate + p7zip + unzip + unrar + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix new file mode 100644 index 000000000..eceab7e7b --- /dev/null +++ b/nin/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs.git = { + url = https://github.com/nixos/nixpkgs; + ref = "fd1dbe551cf6338c5f4e4f80c2f5dde9f9e6a271"; + }; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 000000000..821e3cc00 --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 000000000..c31d6d949 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} From 89e859a2cf5a6e9cbf07b3c92cc967f0e7ac0571 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 12 Jan 2017 22:21:21 +0100 Subject: [PATCH 29/95] nin: init --- krebs/3modules/default.nix | 1 + krebs/3modules/nin/default.nix | 40 ++++++++ nin/1systems/hiawatha.nix | 125 +++++++++++++++++++++++++ nin/2configs/default.nix | 165 +++++++++++++++++++++++++++++++++ nin/2configs/nixpkgs.nix | 8 ++ nin/2configs/retiolum.nix | 28 ++++++ nin/default.nix | 7 ++ 7 files changed, 374 insertions(+) create mode 100644 krebs/3modules/nin/default.nix create mode 100644 nin/1systems/hiawatha.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/nixpkgs.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/default.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bf09b7424..05982bd54 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -93,6 +93,7 @@ let { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } { krebs = import ./mv { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./shared { inherit config; }; } { krebs = import ./tv { inherit config; }; } { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..6f488fd25 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,40 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.retiolum" + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + + }; + users = { + nin = { + mail = "nin@hiawatha.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix new file mode 100644 index 000000000..26de00d18 --- /dev/null +++ b/nin/1systems/hiawatha.nix @@ -0,0 +1,125 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + ../. + + ../2configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + environment.etc.vimrc.source = pkgs.writeText "vimrc" '' + set nocp + ''; + + environment.systemPackages = with pkgs; [ + firefox + steam + thunderbird + vim + git + hexchat + networkmanagerapplet + ]; + + nixpkgs.config = { + + allowUnfree = true; + + firefox = { + enableGoogleTalkPlugin = true; + enableAdobeFlash = true; + }; + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 000000000..9b33e9c4a --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,165 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/nixpkgs.nix + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; + mainUser = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "retiolum"; + build = { + user = config.krebs.users.nin; + source = let inherit (config.krebs.build) host; in { + nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix"; + secrets.file = "/home/nin/secrets/${host.name}"; + stockholm.file = getEnv "PWD"; + }; + }; + }; + + nix.useSandbox = true; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + MANPAGER=most + ''; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + populate + p7zip + unzip + unrar + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix new file mode 100644 index 000000000..eceab7e7b --- /dev/null +++ b/nin/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs.git = { + url = https://github.com/nixos/nixpkgs; + ref = "fd1dbe551cf6338c5f4e4f80c2f5dde9f9e6a271"; + }; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 000000000..821e3cc00 --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 000000000..c31d6d949 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} From 64a7a764198884f5bbb7d04c016c504e5998dc98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Jan 2017 13:37:12 +0100 Subject: [PATCH 30/95] l 2 websites domsen: add joemisch.ubikmedia.de --- lass/2configs/websites/domsen.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 71eae5b71..5ed73a22c 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -57,14 +57,15 @@ in { "www.illucloud.de" "www.illucloud.com" "www.ubikmedia.de" + "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" - "karlaskop.ubikmedia.de" - "nb.ubikmedia.de" "cinevita.ubikmedia.de" "factscloud.ubikmedia.de" - "youthtube.ubikmedia.de" - "aldona2.ubikmedia.de" "illucloud.ubikmedia.de" + "joemisch.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "youthtube.ubikmedia.de" ]) ]; From f4a720ea3d257ccd18e3e03b0538e6c18ce4520c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Jan 2017 15:50:57 +0100 Subject: [PATCH 31/95] l 1: update macs of some network devices --- lass/1systems/icarus.nix | 4 ++-- lass/1systems/mors.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index 3998fc177..8402613da 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -54,7 +54,7 @@ with import ; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 012bd359f..19b512dde 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -289,7 +289,7 @@ with import ; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; #TODO activationScripts seem broken, fix them! From 83dca9729928498c3b28343ab6b12b41ca7bfae8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Jan 2017 15:51:36 +0100 Subject: [PATCH 32/95] l 5 xmonad: use @DEFAULT_ sound devices --- lass/5pkgs/xmonad-lass.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 2f2be6762..debcf97a5 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -114,10 +114,10 @@ myKeyMap = [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute 0 toggle") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-source-mute 1 toggle") + , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") + , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -dec 10%") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -inc 10") , ("", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") From f907f9d330ada8956ae3ab1f80b50d657bb8fe3d Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:39:25 +0100 Subject: [PATCH 33/95] n 2: set user to nin --- nin/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 9b33e9c4a..7644d088c 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -16,7 +16,7 @@ with import ; config.krebs.users.nin.pubkey ]; }; - mainUser = { + nin = { name = "nin"; uid = 1337; home = "/home/nin"; From 44a5157845119132022ab9cbde7df2594824db24 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:40:20 +0100 Subject: [PATCH 34/95] k 3 n: set owner to nin --- krebs/3modules/nin/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 6f488fd25..375faf808 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -3,7 +3,7 @@ with import ; { - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) { hiawatha = { cores = 2; nets = { From 923570be43130c79b794182f427c040df9d7214b Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:41:22 +0100 Subject: [PATCH 35/95] n 2: use new user interface --- nin/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 7644d088c..9058757d2 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -10,7 +10,7 @@ with import ; (import ); } { - users.extraUsers = { + users.users = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.nin.pubkey From f6e6b7da2beabd9a3bcb49c152f02ee37776a3e0 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:43:28 +0100 Subject: [PATCH 36/95] n 2: set mutable users to false --- nin/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 9058757d2..4a5ebf3df 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -65,6 +65,8 @@ with import ; nix.useSandbox = true; + users.mutableUsers = false; + services.timesyncd.enable = true; #why is this on in the first place? From ed8281aaf5ff94223b1773f5da483f893a70026c Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:54:54 +0100 Subject: [PATCH 37/95] n 2: add vim.nix --- nin/1systems/hiawatha.nix | 6 - nin/2configs/default.nix | 1 + nin/2configs/vim.nix | 354 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 355 insertions(+), 6 deletions(-) create mode 100644 nin/2configs/vim.nix diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix index 26de00d18..ca7071408 100644 --- a/nin/1systems/hiawatha.nix +++ b/nin/1systems/hiawatha.nix @@ -74,12 +74,6 @@ with lib; #nixpkgs.config.steam.java = true; - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - environment.etc.vimrc.source = pkgs.writeText "vimrc" '' - set nocp - ''; - environment.systemPackages = with pkgs; [ firefox steam diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 4a5ebf3df..bb7bba424 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -4,6 +4,7 @@ with import ; { imports = [ ../2configs/nixpkgs.nix + ../2configs/vim.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 000000000..101a80cc0 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,354 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out From c25ea177769cec429b8e4d0b021cd2fc39bab21a Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:56:17 +0100 Subject: [PATCH 38/95] n 2: set PS1 to full path --- nin/2configs/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index bb7bba424..8ea9e49d8 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -113,11 +113,11 @@ with import ; ''; promptInit = '' if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' fi if test -n "$SSH_CLIENT"; then PS1='\[\033[35m\]\h'" $PS1" From c7d4d6149814a1ac11ede8575d3e4bcf72b19517 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:40:20 +0100 Subject: [PATCH 39/95] k 3 n: set owner to nin --- krebs/3modules/nin/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 6f488fd25..375faf808 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -3,7 +3,7 @@ with import ; { - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) { hiawatha = { cores = 2; nets = { From cfbbac6a7c9b0401a31eae28a645252f081cba98 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:41:22 +0100 Subject: [PATCH 40/95] n 2: use new user interface --- nin/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 9b33e9c4a..6235fb758 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -10,7 +10,7 @@ with import ; (import ); } { - users.extraUsers = { + users.users = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.nin.pubkey From 0bc3e1591d9c68601906784fe156a344273b79a2 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:43:28 +0100 Subject: [PATCH 41/95] n 2: set mutable users to false --- nin/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 6235fb758..d01a8d590 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -65,6 +65,8 @@ with import ; nix.useSandbox = true; + users.mutableUsers = false; + services.timesyncd.enable = true; #why is this on in the first place? From d099a4f6ac4ce7d57893758dde0edcda845fed9c Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:54:54 +0100 Subject: [PATCH 42/95] n 2: add vim.nix --- nin/1systems/hiawatha.nix | 6 - nin/2configs/default.nix | 1 + nin/2configs/vim.nix | 354 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 355 insertions(+), 6 deletions(-) create mode 100644 nin/2configs/vim.nix diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix index 26de00d18..ca7071408 100644 --- a/nin/1systems/hiawatha.nix +++ b/nin/1systems/hiawatha.nix @@ -74,12 +74,6 @@ with lib; #nixpkgs.config.steam.java = true; - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - environment.etc.vimrc.source = pkgs.writeText "vimrc" '' - set nocp - ''; - environment.systemPackages = with pkgs; [ firefox steam diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index d01a8d590..c71d02ada 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -4,6 +4,7 @@ with import ; { imports = [ ../2configs/nixpkgs.nix + ../2configs/vim.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 000000000..101a80cc0 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,354 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out From 920c79eb9eb5bb94f55d394f40a909c49448b3e6 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:56:17 +0100 Subject: [PATCH 43/95] n 2: set PS1 to full path --- nin/2configs/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index c71d02ada..2e6fc88b8 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -113,11 +113,11 @@ with import ; ''; promptInit = '' if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' fi if test -n "$SSH_CLIENT"; then PS1='\[\033[35m\]\h'" $PS1" From 08fd9d3ae398f6b7158d05be0bfd0122da4d4e98 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 16 Jan 2017 05:27:29 +0100 Subject: [PATCH 44/95] github: update URL to IP addresses --- krebs/3modules/default.nix | 2 +- tv/2configs/urlwatch.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bf09b7424..c0b5f0670 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -200,7 +200,7 @@ let }) // # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ + # Refs https://help.github.com/articles/github-s-ip-addresses/ # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) # Because line length is limited by OPENSSH_LINE_MAX (= 8192), # we split each /24 into its own entry. diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index b34590908..6e11e0251 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -47,7 +47,7 @@ with import ; #http://hackage.haskell.org/package/web-page # ref , services.openssh.knownHosts.github* - https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ + https://help.github.com/articles/github-s-ip-addresses/ # # is derived from `configFile` in: From 24e2ef853beffa09a9735432cf347e1b69357a93 Mon Sep 17 00:00:00 2001 From: nin Date: Sun, 15 Jan 2017 19:39:25 +0100 Subject: [PATCH 45/95] n 2: set user to nin --- nin/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 2e6fc88b8..8ea9e49d8 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -17,7 +17,7 @@ with import ; config.krebs.users.nin.pubkey ]; }; - mainUser = { + nin = { name = "nin"; uid = 1337; home = "/home/nin"; From 242e0fcb6c6ff300d3a7780ed9cd929448ac824c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:25:21 +0100 Subject: [PATCH 46/95] l 1 prism: add (temporary) config for nin --- lass/1systems/prism.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d07acebee..313a18a9c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -226,6 +226,33 @@ in { enable = true; }; } + { + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + krebs.git.rules = [ + { + user = [ config.krebs.users.nin ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + krebs.repo-sync.repos.stockholm.nin = { + origin.url = "http://cgit.prism/stockholm"; + origin.ref = "heads/nin"; + mirror.url = "git@${config.networking.hostName}:stockholm"; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From 27744a78ff7b4479fd3e1dca6f426dec0e1be9fc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:25:48 +0100 Subject: [PATCH 47/95] l 2 git: announce more branches --- lass/2configs/git.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index ded0922b8..d7ec39f2d 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -56,7 +56,8 @@ let channel = "#retiolum"; server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; - branches = [ "master" ]; + # TODO define branches in some kind of option per repo + branches = [ "master" "newest" "nin" ]; }; }; }; From 105d9051dd74374b3ded8b22a43713841293f741 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:26:06 +0100 Subject: [PATCH 48/95] l 2 hw tp-x220: disable acpi backlight handling --- lass/2configs/hw/tp-x220.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index 4a7d0bbcd..44b2dcac1 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -36,6 +36,7 @@ with import ; boot = { kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + kernelParams = [ "acpi_backlight=none" ]; }; hardware.opengl.extraPackages = [ From ddd8ebefc6a554bb02a00a00756f19d4a07c727e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:29:20 +0100 Subject: [PATCH 49/95] l 2 vim: move vimrc to top --- lass/2configs/vim.nix | 162 +++++++++++++++++++++--------------------- 1 file changed, 81 insertions(+), 81 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f79e6b807..fb8c8ba05 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -14,6 +14,87 @@ let environment.variables.VIMINIT = ":so /etc/vimrc"; }; + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.Gundo pkgs.vimPlugins.Syntastic @@ -127,87 +208,6 @@ let exec ${pkgs.vim}/bin/vim "$@" ''; - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - hs.vim = pkgs.writeText "hs.vim" '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ From 9be93e7ac0a1f385d80452e7d2565ffe343af8dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:29:41 +0100 Subject: [PATCH 50/95] l 5 xmonad: change brightness faster --- lass/5pkgs/xmonad-lass.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index debcf97a5..cf8eaf058 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -116,8 +116,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") - , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -dec 10%") - , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -inc 10") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -inc 1") , ("", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") From 670ec1e19f18072fc660417c02bbf2b96a7d3b28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:14:13 +0100 Subject: [PATCH 51/95] l 2: set window title for bash --- lass/2configs/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1cb68a985..24f3bd2da 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -162,13 +162,17 @@ with import ; promptInit = '' if test $UID = 0; then PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' elif test $UID = 1337; then PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$PWD\007"' else PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' fi if test -n "$SSH_CLIENT"; then PS1='\[\033[35m\]\h'" $PS1" + PROMPT_COMMAND='echo -ne "\033]0;$HOSTNAME $USER@$PWD\007"' fi ''; }; From 4cb0c9b8708063cb04d567c4548f07667e5403a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:47:41 +0100 Subject: [PATCH 52/95] l 2 vim: set window title --- lass/2configs/vim.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index fb8c8ba05..c3eac8f38 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -42,6 +42,10 @@ let set wildmenu set wildmode=longest,full + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + set et ts=2 sts=2 sw=2 filetype plugin indent on From 4a21d12981e8edcd1f6ec0fd5214a62b72a2957c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:57:24 +0100 Subject: [PATCH 53/95] l 2: disable zsh --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 24f3bd2da..033fdd442 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,7 +9,6 @@ with import ; ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix - ../2configs/zsh.nix ./backups.nix { users.extraUsers = From dce67d4a03cc9c9660a7a867d96b67c1de845222 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:57:38 +0100 Subject: [PATCH 54/95] l 2: show shell PID in window title --- lass/2configs/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 033fdd442..63114cdb1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -161,17 +161,17 @@ with import ; promptInit = '' if test $UID = 0; then PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' elif test $UID = 1337; then PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' else PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' fi if test -n "$SSH_CLIENT"; then PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$HOSTNAME $USER@$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' fi ''; }; From 3759182f0c6e8a622a8aeca26a6d2e482344679b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:57:52 +0100 Subject: [PATCH 55/95] l 2 zsh: set shell of correct user --- lass/2configs/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 442a1d4d9..4d33aa79d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,5 +118,5 @@ fi ''; }; - users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh"; + users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; } From 0a104ff9df7ea99ba2dbfc5d739df1439e6ee64b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 16:24:20 +0100 Subject: [PATCH 56/95] l 4: add initscript --- lass/4lib/default.nix | 130 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 56943b7ac..0dc7fa8d7 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,4 +7,134 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); + initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: '' + #! /bin/sh + # usage: curl xu/~tv/init | sh + set -efu + # TODO nix-env -f '' -iA jq # if not exists (also version) + # install at tmp location + + + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) :;; + *) echo Error: unknown operating system >&2; exit 1;; + esac + + disk=${disk} + + bootdev=${disk}1 + + luksdev=${disk}2 + luksmap=/dev/mapper/${luksmap} + + vgname=${vgname} + + rootdev=/dev/mapper/${vgname}-root + homedev=/dev/mapper/${vgname}-home + bkudev=/dev/mapper/${vgname}-bku + + # + # partitioning + # + + # http://en.wikipedia.org/wiki/GUID_Partition_Table + # undo: + # dd if=/dev/zero bs=512 count=34 of=/dev/sda + # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) + if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then + parted "$disk" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart primary 1024MiB 100% + fi + + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + echo zonk + exit 23 + fi + + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + echo zonk2 + exit 23 + fi + + if ! cryptsetup isLuks "$luksdev"; then + # aes xts-plain64 + cryptsetup luksFormat "$luksdev" \ + -h sha512 \ + --iter-time 5000 + fi + + if ! test -e "$luksmap"; then + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + fi + # cryptsetup close + + if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then + pvcreate "$luksmap" + fi + + if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi + + lvchange -a y /dev/mapper/"$vgname" + + if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi + if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + + # lvchange -a n "$vgname" + + + # + # formatting + # + + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + mkfs.btrfs "$rootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then + mkfs.btrfs "$homedev" + fi + + if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then + mkfs.btrfs "$bkudev" + fi + + + if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mount "$rootdev" /mnt + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then + mkdir -m 0000 -p /mnt/home + mount "$homedev" /mnt/home + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then + mkdir -m 0000 -p /mnt/bku + mount "$bkudev" /mnt/bku + fi + + # umount -R /mnt + + + parted "$disk" print + lsblk "$disk" + + key='${pubkey}' + if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then + mkdir -p /root/.ssh + echo "$key" > /root/.ssh/authorized_keys + fi + systemctl start sshd + ip route + echo READY. + ''; } From 71b3e39cc51895870149f6b616b77deb27ec8ffd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 16:24:36 +0100 Subject: [PATCH 57/95] l 2 websites lassulus: add /init --- lass/2configs/websites/lassulus.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index cfdda05db..ea384195b 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,6 +5,7 @@ let inherit (import ) genid ; + inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -83,6 +84,7 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; + # TODO make this work! locations."= /ddate".extraConfig = let script = pkgs.writeBash "test" '' echo "hello world" @@ -100,6 +102,10 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; + locations."/init".extraConfig = '' + alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + ''; + enableSSL = true; extraConfig = "listen 80;"; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; From f216392665662ba375a657ae2431b70bb1ab63cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 18:44:08 +0100 Subject: [PATCH 58/95] l: move initscript to pkgs --- lass/2configs/websites/lassulus.nix | 9 +- lass/4lib/default.nix | 130 --------------------------- lass/5pkgs/default.nix | 3 +- lass/5pkgs/init/default.nix | 134 ++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+), 134 deletions(-) create mode 100644 lass/5pkgs/init/default.nix diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index ea384195b..024d2eeb2 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,7 +5,6 @@ let inherit (import ) genid ; - inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -102,8 +101,12 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; - locations."/init".extraConfig = '' - alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + locations."/init".extraConfig = let + initscript = pkgs.init.override { + pubkey = config.krebs.users.lass.pubkey; + }; + in '' + alias ${initscript}; ''; enableSSL = true; diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 0dc7fa8d7..56943b7ac 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,134 +7,4 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: '' - #! /bin/sh - # usage: curl xu/~tv/init | sh - set -efu - # TODO nix-env -f '' -iA jq # if not exists (also version) - # install at tmp location - - - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac - - disk=${disk} - - bootdev=${disk}1 - - luksdev=${disk}2 - luksmap=/dev/mapper/${luksmap} - - vgname=${vgname} - - rootdev=/dev/mapper/${vgname}-root - homedev=/dev/mapper/${vgname}-home - bkudev=/dev/mapper/${vgname}-bku - - # - # partitioning - # - - # http://en.wikipedia.org/wiki/GUID_Partition_Table - # undo: - # dd if=/dev/zero bs=512 count=34 of=/dev/sda - # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) - if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted "$disk" \ - mklabel gpt \ - mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ - mkpart primary 1024MiB 100% - fi - - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then - echo zonk - exit 23 - fi - - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then - echo zonk2 - exit 23 - fi - - if ! cryptsetup isLuks "$luksdev"; then - # aes xts-plain64 - cryptsetup luksFormat "$luksdev" \ - -h sha512 \ - --iter-time 5000 - fi - - if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close - - if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then - pvcreate "$luksmap" - fi - - if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi - - lvchange -a y /dev/mapper/"$vgname" - - if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi - if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi - - # lvchange -a n "$vgname" - - - # - # formatting - # - - if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then - mkfs.vfat "$bootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" - fi - - if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then - mkfs.btrfs "$bkudev" - fi - - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then - mount "$rootdev" /mnt - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then - mkdir -m 0000 -p /mnt/boot - mount "$bootdev" /mnt/boot - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then - mkdir -m 0000 -p /mnt/bku - mount "$bkudev" /mnt/bku - fi - - # umount -R /mnt - - - parted "$disk" print - lsblk "$disk" - - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route - echo READY. - ''; } diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 0beda7481..e47e3126a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }@args: { nixpkgs.config.packageOverrides = rec { @@ -11,6 +11,7 @@ ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; + init = pkgs.callPackage ./init/default.nix args; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; pop = pkgs.callPackage ./pop/default.nix {}; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix new file mode 100644 index 000000000..abf2528d7 --- /dev/null +++ b/lass/5pkgs/init/default.nix @@ -0,0 +1,134 @@ +{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }: + +with lib; + +pkgs.writeText "init" '' + #! /bin/sh + # usage: curl xu/~tv/init | sh + set -efu + # TODO nix-env -f '' -iA jq # if not exists (also version) + # install at tmp location + + + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) :;; + *) echo Error: unknown operating system >&2; exit 1;; + esac + + disk=${disk} + + bootdev=${disk}1 + + luksdev=${disk}2 + luksmap=/dev/mapper/${luksmap} + + vgname=${vgname} + + rootdev=/dev/mapper/${vgname}-root + homedev=/dev/mapper/${vgname}-home + bkudev=/dev/mapper/${vgname}-bku + + # + # partitioning + # + + # http://en.wikipedia.org/wiki/GUID_Partition_Table + # undo: + # dd if=/dev/zero bs=512 count=34 of=/dev/sda + # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) + if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then + parted "$disk" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart primary 1024MiB 100% + fi + + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + echo zonk + exit 23 + fi + + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + echo zonk2 + exit 23 + fi + + if ! cryptsetup isLuks "$luksdev"; then + # aes xts-plain64 + cryptsetup luksFormat "$luksdev" \ + -h sha512 \ + --iter-time 5000 + fi + + if ! test -e "$luksmap"; then + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + fi + # cryptsetup close + + if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then + pvcreate "$luksmap" + fi + + if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi + + lvchange -a y /dev/mapper/"$vgname" + + if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi + if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + + # lvchange -a n "$vgname" + + + # + # formatting + # + + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + mkfs.btrfs "$rootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then + mkfs.btrfs "$homedev" + fi + + if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then + mkfs.btrfs "$bkudev" + fi + + + if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mount "$rootdev" /mnt + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then + mkdir -m 0000 -p /mnt/home + mount "$homedev" /mnt/home + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then + mkdir -m 0000 -p /mnt/bku + mount "$bkudev" /mnt/bku + fi + + # umount -R /mnt + + + parted "$disk" print + lsblk "$disk" + + key='${pubkey}' + if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then + mkdir -p /root/.ssh + echo "$key" > /root/.ssh/authorized_keys + fi + systemctl start sshd + ip route + echo READY. +'' From a700fc2a343e8591172d6ce236d53f656e4a0643 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 17:37:59 +0100 Subject: [PATCH 59/95] l 2: add screenlock --- lass/2configs/screenlock.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lass/2configs/screenlock.nix diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix new file mode 100644 index 000000000..237127f69 --- /dev/null +++ b/lass/2configs/screenlock.nix @@ -0,0 +1,17 @@ +{ pkgs, config, ... }: + +{ + systemd.services.screenlock = { + before = [ "sleep.target" ]; + wantedBy = [ "sleep.target" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + }; + serviceConfig = { + SyslogIdentifier = "screenlock"; + ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + Type = "forking"; + User = "lass"; + }; + }; +} From 67bee70ab750600e63c75531efb0c216e2280ff3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 17:39:03 +0100 Subject: [PATCH 60/95] l 2 baseX: import screenlock.nix --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a67c25145..e879e8e58 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,6 +7,7 @@ in { ./xserver ./mpv.nix ./power-action.nix + ./screenlock.nix { hardware.pulseaudio = { enable = true; From 4075a237bcd4fb74280738b4b6feac1eeb52b47f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 19:41:22 +0100 Subject: [PATCH 61/95] l 2 fetchWallpaper: start directly after xserver --- lass/2configs/fetchWallpaper.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index a724e2e45..fc5acce31 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -8,5 +8,9 @@ in { unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/wallpaper.png"; }; + systemd.services.fetchWallpaper = { + after = [ "xserver.service" ]; + wantedBy = [ "xserver.service" ]; + }; } From 82149ebb75892267af3b9e0a290f975d15965894 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 19:54:47 +0100 Subject: [PATCH 62/95] l 2 nixpkgs: use 3909827 from 16.09 --- lass/2configs/nixpkgs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a33e69bf8..27b7c2439 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/lassulus/nixpkgs; - ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35"; + url = https://github.com/nixos/nixpkgs; + ref = "39098270855c171f0824c09d071b606ae991ff87"; }; } From 20cb28918b2b75b24e7401b718446e2e8f1701f9 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:15:43 +0100 Subject: [PATCH 63/95] k 3 n: add onondaga --- krebs/3modules/nin/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 375faf808..3231c0e23 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -29,6 +29,31 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; }; + onondaga = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.132.55"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; + aliases = [ + "onondaga.retiolum" + "onondaga.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR + OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu + htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH + xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO + kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn + hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; + }; }; users = { From af0a1c92c80e4b5d9c63bff4e075cfae0e3587b9 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:16:40 +0100 Subject: [PATCH 64/95] n 1: add onondaga --- nin/1systems/onondaga.nix | 83 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 nin/1systems/onondaga.nix diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix new file mode 100644 index 000000000..f7518aa6b --- /dev/null +++ b/nin/1systems/onondaga.nix @@ -0,0 +1,83 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../. + + ../2configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + networking.hostName = "onondaga"; + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + # environment.systemPackages = with pkgs; [ + # wget + # ]; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.kdm.enable = true; + # services.xserver.desktopManager.kde4.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.extraUsers.guest = { + # isNormalUser = true; + # uid = 1000; + # }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "16.09"; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/7238cc6e-4bea-4e52-9408-32d8aa05abff"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5e923175-854b-4bcf-97c8-f3a91806fa22"; + fsType = "ext2"; + }; + + nix.maxJobs = lib.mkDefault 1; + +} From dada3d5b2403c59d1886901974d54c65e0e9e5ae Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:18:09 +0100 Subject: [PATCH 65/95] n 1 hiawatha: add some pkgs --- nin/1systems/hiawatha.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix index ca7071408..6fa8a3388 100644 --- a/nin/1systems/hiawatha.nix +++ b/nin/1systems/hiawatha.nix @@ -82,6 +82,9 @@ with lib; git hexchat networkmanagerapplet + python + virtmanager + libvirt ]; nixpkgs.config = { From 0d286d0a493df60208fd5bbb6325c8f8880f6b98 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:19:32 +0100 Subject: [PATCH 66/95] n 2: add hashPassword to pkgs --- nin/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 8ea9e49d8..e181a6041 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -97,6 +97,7 @@ with import ; p7zip unzip unrar + hashPassword ]; programs.bash = { From b4109e8d22284a98fcff8f409b7b1968428a1520 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:20:24 +0100 Subject: [PATCH 67/95] n 2 nixpkgs: fd1dbe5 -> 6b28bd0 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index eceab7e7b..9d73afbe0 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "fd1dbe551cf6338c5f4e4f80c2f5dde9f9e6a271"; + ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff"; }; } From 2a34bf50e7e41554af6a74e1b29081924d22cac8 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:36:49 +0100 Subject: [PATCH 68/95] n 1 onondaga: fix build host --- nin/1systems/onondaga.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix index f7518aa6b..b0810366a 100644 --- a/nin/1systems/onondaga.nix +++ b/nin/1systems/onondaga.nix @@ -11,7 +11,7 @@ ../2configs/retiolum.nix ]; - krebs.build.host = config.krebs.hosts.hiawatha; + krebs.build.host = config.krebs.hosts.onondaga; boot.loader.grub.enable = true; boot.loader.grub.version = 2; From f017017d58da0da3a745aabee23d05f2278e204d Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 19 Jan 2017 23:37:26 +0100 Subject: [PATCH 69/95] n 1 onondaga: delete redundant hostname --- nin/1systems/onondaga.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix index b0810366a..92f316f66 100644 --- a/nin/1systems/onondaga.nix +++ b/nin/1systems/onondaga.nix @@ -21,7 +21,6 @@ # Define on which hard drive you want to install Grub. boot.loader.grub.device = "/dev/sda"; - networking.hostName = "onondaga"; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. From 3991331352d85d44d174a90392c0fe3d5e5dee05 Mon Sep 17 00:00:00 2001 From: nin Date: Fri, 20 Jan 2017 00:05:30 +0100 Subject: [PATCH 70/95] n 2: add weechat --- nin/2configs/weechat.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 nin/2configs/weechat.nix diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix new file mode 100644 index 000000000..6c0fb313e --- /dev/null +++ b/nin/2configs/weechat.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + weechat + tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; +} From 531807ece890f1d857304a86837ae4bc1f27076e Mon Sep 17 00:00:00 2001 From: nin Date: Fri, 20 Jan 2017 00:04:09 +0100 Subject: [PATCH 71/95] n 1 onondaga: import weechat.nix --- nin/1systems/onondaga.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix index 92f316f66..59f26c46b 100644 --- a/nin/1systems/onondaga.nix +++ b/nin/1systems/onondaga.nix @@ -9,6 +9,7 @@ ../. ../2configs/retiolum.nix + ../2configs/weechat.nix ]; krebs.build.host = config.krebs.hosts.onondaga; From c80d283a55443154d1244f83828d49e61f425c2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:29:21 +0100 Subject: [PATCH 72/95] l 5 init: extend to work with x220 seaboot --- lass/5pkgs/init/default.nix | 45 ++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index abf2528d7..d0339f811 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }: +{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }: with lib; @@ -15,11 +15,13 @@ pkgs.writeText "init" '' *) echo Error: unknown operating system >&2; exit 1;; esac + keyfile=${keyfile} + disk=${disk} - bootdev=${disk}1 + bootdev=${disk}2 - luksdev=${disk}2 + luksdev=${disk}3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} @@ -28,6 +30,14 @@ pkgs.writeText "init" '' homedev=/dev/mapper/${vgname}-home bkudev=/dev/mapper/${vgname}-bku + # + #generate keyfile + # + + if ! test -e "$keyfile"; then + dd if=/dev/urandom bs=512 count=2048 of=$keyfile + fi + # # partitioning # @@ -37,13 +47,15 @@ pkgs.writeText "init" '' # dd if=/dev/zero bs=512 count=34 of=/dev/sda # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted "$disk" \ + parted -a optimal "$disk" \ mklabel gpt \ - mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart no-fs 0 1024KiB \ + set 1 bios_grub on \ + mkpart ext2 1025KiB 1024MiB \ mkpart primary 1024MiB 100% fi - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ext2; then echo zonk exit 23 fi @@ -55,13 +67,14 @@ pkgs.writeText "init" '' if ! cryptsetup isLuks "$luksdev"; then # aes xts-plain64 - cryptsetup luksFormat "$luksdev" \ + cryptsetup luksFormat "$luksdev" "$keyfile" \ -h sha512 \ --iter-time 5000 fi if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \ + --key-file "$keyfile" fi # cryptsetup close @@ -84,8 +97,8 @@ pkgs.writeText "init" '' # formatting # - if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then - mkfs.vfat "$bootdev" + if ! test "$(blkid -o value -s TYPE "$bootdev")" = ext2; then + mkfs.ext2 "$bootdev" fi if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then @@ -119,6 +132,18 @@ pkgs.writeText "init" '' # umount -R /mnt + # + # dependencies for stockholm + # + + nix-env -iA nixos.git + + mkdir -p /mnt/var/src + touch /mnt/var/src/.populate + + # + # print all the infos + # parted "$disk" print lsblk "$disk" From bd9dddd97fe5b881ac07d52f047e775bbdaf406b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:29:49 +0100 Subject: [PATCH 73/95] l 1 icarus: now installed with init --- lass/1systems/icarus.nix | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index 8402613da..7f632e9bf 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -14,15 +14,6 @@ with import ; ../2configs/fetchWallpaper.nix ../2configs/backups.nix ../2configs/games.nix - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} ]; krebs.build.host = config.krebs.hosts.icarus; @@ -32,19 +23,28 @@ with import ; loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { - device = "/dev/pool/nix"; + device = "/dev/mapper/pool-root"; fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/boot" = { - device = "/dev/sda1"; + device = "/dev/sda2"; }; "/tmp" = { device = "tmpfs"; From c3be272e9b699033437a34c37feecd7775c84046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:37:48 +0100 Subject: [PATCH 74/95] l 1 prism: forward 1337 to onondaga --- lass/1systems/prism.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 313a18a9c..34d81f099 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -252,6 +252,12 @@ in { origin.ref = "heads/nin"; mirror.url = "git@${config.networking.hostName}:stockholm"; }; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + ]; } ]; From 654d32383f782dbd8d3fa198583754ff1d0ca5ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:38:32 +0100 Subject: [PATCH 75/95] l 2 websites domsen: setup mail for ubikmedia --- lass/2configs/websites/domsen.nix | 41 +++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5ed73a22c..e79973a66 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -112,17 +112,26 @@ in { ''; internet-aliases = [ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } + { from = "dma@ubikmedia.de"; to = "domsen"; } + { from = "dma@ubikmedia.eu"; to = "domsen"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } + { from = "jms@ubikmedia.eu"; to = "jms"; } + { from = "ms@ubikmedia.eu"; to = "ms"; } + { from = "nrg@ubikmedia.eu"; to = "nrg"; } + { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; } + + { from = "testuser@lassul.us"; to = "testuser"; } ]; sender_domains = [ "jla-trading.com" + "ubikmedia.eu" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; users.users.domsen = { - uid = genid "domsen"; + uid = genid_signed "domsen"; description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; @@ -131,10 +140,38 @@ in { }; users.users.jla-trading = { - uid = genid "jla-trading"; + uid = genid_signed "jla-trading"; home = "/home/jla-trading"; useDefaultShell = true; createHome = true; }; + + users.users.jms = { + uid = genid_signed "jms"; + home = "/home/jms"; + useDefaultShell = true; + createHome = true; + }; + + users.users.ms = { + uid = genid_signed "ms"; + home = "/home/ms"; + useDefaultShell = true; + createHome = true; + }; + + users.users.nrg = { + uid = genid_signed "nrg"; + home = "/home/nrg"; + useDefaultShell = true; + createHome = true; + }; + + users.users.testuser = { + uid = genid_signed "testuser"; + home = "/home/testuser"; + useDefaultShell = true; + createHome = true; + }; } From a08ac6fc1770f1043446a81b2a6ce574dbd35899 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:40:39 +0100 Subject: [PATCH 76/95] l 1 mors: remove mount for /bku (nonexistant) --- lass/1systems/mors.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 19b512dde..dde867eb3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -256,11 +256,6 @@ with import ; fsType = "ext4"; }; - "/bku" = { - device = "/dev/big/backups"; - fsType = "ext4"; - }; - "/home/games/.local/share/Steam" = { device = "/dev/big/steam"; fsType = "ext4"; From 0ff2496de4acbc5b7bc009a3ea28dbcd7504ed1a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 21:55:59 +0100 Subject: [PATCH 77/95] k 3 Reaktor: allow multiple Reaktor configurations --- krebs/3modules/Reaktor.nix | 214 +++++++++++++++++++------------------ 1 file changed, 108 insertions(+), 106 deletions(-) diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index d87003ac2..a70f1ef5d 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -3,99 +3,88 @@ with import ; let - ReaktorConfig = pkgs.writeText "config.py" '' - ${if (isString cfg.overrideConfig ) then '' - # Overriden Config - ${cfg.overrideConfig} - '' else ""} - ## Extra Config - ${concatStringsSep "\n" (map (plug: plug.config) cfg.plugins)} - ${cfg.extraConfig} - ''; cfg = config.krebs.Reaktor; + workdir = "/var/lib/Reaktor"; + out = { options.krebs.Reaktor = api; - config = lib.mkIf cfg.enable imp; + config = imp; }; - api = { - enable = mkOption { - default = false; - description = '' - Start Reaktor at system boot - ''; - }; + api = mkOption { + default = {}; + type = with types; attrsOf (submodule ({ options = { - nickname = mkOption { - default = config.krebs.build.host.name + "|r"; - type = types.string; - description = '' - The nick name of the irc bot. - Defaults to {hostname}|r - ''; - }; + nickname = mkOption { + default = config.krebs.build.host.name + "|r"; + type = types.string; + description = '' + The nick name of the irc bot. + Defaults to {hostname}|r + ''; + }; - overrideConfig = mkOption { - default = null; - type = types.nullOr types.str; - description = '' - configuration to be used instead of default ones. - Reaktor default cfg can be retrieved via `reaktor get-config` - ''; - }; - plugins = mkOption { - default = [pkgs.ReaktorPlugins.nixos-version]; - }; - extraConfig = mkOption { - default = ""; - type = types.string; - description = '' - configuration appended to the default or overridden configuration - ''; - }; + overrideConfig = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + configuration to be used instead of default ones. + Reaktor default cfg can be retrieved via `reaktor get-config` + ''; + }; - workdir = mkOption { - default = "/var/lib/Reaktor"; - type = types.str; - description = '' - Reaktor working directory - ''; - }; - extraEnviron = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Environment to be provided to the service, can be: - REAKTOR_HOST - REAKTOR_PORT - REAKTOR_STATEDIR + plugins = mkOption { + default = [pkgs.ReaktorPlugins.nixos-version]; + }; - debug and nickname can be set separately via the Reaktor api - ''; - }; - channels = mkOption { - default = [ "#krebs" ]; - type = types.listOf types.str; - description = '' - Channels the Reaktor should connect to at startup. - ''; - }; - debug = mkOption { - default = false; - description = '' - Reaktor debug output - ''; - }; + extraConfig = mkOption { + default = ""; + type = types.string; + description = '' + configuration appended to the default or overridden configuration + ''; + }; + + extraEnviron = mkOption { + default = {}; + type = types.attrsOf types.str; + description = '' + Environment to be provided to the service, can be: + REAKTOR_HOST + REAKTOR_PORT + REAKTOR_STATEDIR + + debug and nickname can be set separately via the Reaktor api + ''; + }; + + channels = mkOption { + default = [ "#krebs" ]; + type = types.listOf types.str; + description = '' + Channels the Reaktor should connect to at startup. + ''; + }; + + debug = mkOption { + default = false; + description = '' + Reaktor debug output + ''; + }; + };})); }; imp = { + # TODO get user per configured bot + # TODO get home from api # for reaktor get-config users.extraUsers = singleton rec { name = "Reaktor"; uid = genid name; description = "Reaktor user"; - home = cfg.workdir; + home = workdir; createHome = true; }; @@ -104,39 +93,52 @@ let # gid = config.ids.gids.Reaktor; #}; - systemd.services.Reaktor = { - path = with pkgs; [ - utillinux #flock for tell_on-join - git # for nag - python # for caps - ]; - description = "Reaktor IRC Bot"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - REAKTOR_NICKNAME = cfg.nickname; - REAKTOR_DEBUG = (if cfg.debug then "True" else "False"); - REAKTOR_CHANNELS = lib.concatStringsSep "," cfg.channels; - state_dir = cfg.workdir; - - } // cfg.extraEnviron; - serviceConfig= { - ExecStartPre = pkgs.writeScript "Reaktor-init" '' - #! /bin/sh - ${if (isString cfg.overrideConfig) then - ''cp ${ReaktorConfig} /tmp/config.py'' - else - ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py'' - } + systemd.services = mapAttrs' (name: botcfg: + let + ReaktorConfig = pkgs.writeText "config.py" '' + ${if (isString botcfg.overrideConfig ) then '' + # Overriden Config + ${botcfg.overrideConfig} + '' else ""} + ## Extra Config + ${concatStringsSep "\n" (map (plug: plug.config) botcfg.plugins)} + ${botcfg.extraConfig} ''; - ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/config.py"; - PrivateTmp = "true"; - User = "Reaktor"; - Restart = "always"; - RestartSec= "30" ; + in nameValuePair "Reaktor-${name}" { + path = with pkgs; [ + utillinux #flock for tell_on-join + git # for nag + python # for caps + ]; + description = "Reaktor IRC Bot"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + REAKTOR_NICKNAME = botcfg.nickname; + REAKTOR_DEBUG = (if botcfg.debug then "True" else "False"); + REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels; + state_dir = workdir; + + } // botcfg.extraEnviron; + serviceConfig= { + ExecStartPre = pkgs.writeScript "Reaktor-init" '' + #! /bin/sh + ${if (isString botcfg.overrideConfig) then + ''cp ${ReaktorConfig} /tmp/reaktor-${name}-config.py'' + else + ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/reaktor-${name}-config.py'' + } + ''; + ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/reaktor-${name}-config.py"; + PrivateTmp = "true"; + User = "Reaktor"; + Restart = "always"; + RestartSec= "30" ; }; - }; + } + ) cfg; + }; in From a76c54e57b1aa7e8396753ec121d818405563134 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 21:57:43 +0100 Subject: [PATCH 78/95] l 2 radio: use new Reaktor api --- lass/2configs/radio.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 18574471e..6fa143bc7 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -138,8 +138,7 @@ in { }; }; - krebs.Reaktor = { - enable = true; + krebs.Reaktor.playlist = { nickname = "the_playlist|r"; channels = [ "#the_playlist" ]; extraEnviron = { From cc789a85d8a4de5c6505a24917b635822dc1ed96 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 21:57:59 +0100 Subject: [PATCH 79/95] m 1: use new Reaktor api --- makefu/1systems/pnp.nix | 3 +-- makefu/1systems/wry.nix | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 0c3676c8b..971676b79 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -32,8 +32,7 @@ }; }; - krebs.Reaktor = { - enable = true; + krebs.Reaktor.debug = { debug = true; extraEnviron = { REAKTOR_HOST = "ni.r"; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 03114c0e6..9fd329d10 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -32,10 +32,9 @@ in { krebs.build.host = config.krebs.hosts.wry; - krebs.Reaktor = { + krebs.Reaktor.reaktor = { nickname = "Reaktor|bot"; channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; - enable = true; plugins = with pkgs.ReaktorPlugins;[ titlebot # stockholm-issue From 94631f688c8e7418f4f0a06c70e06b203e43bd5f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 22:05:02 +0100 Subject: [PATCH 80/95] k 5 Reaktor plugins: add url-title --- krebs/5pkgs/Reaktor/plugins.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix index a483db32c..3e48ae3ba 100644 --- a/krebs/5pkgs/Reaktor/plugins.nix +++ b/krebs/5pkgs/Reaktor/plugins.nix @@ -116,4 +116,16 @@ rec { commands.insert(0,titlebot_cmd('clear')) ''; }; + + url-title = (buildSimpleReaktorPlugin "url-title" { + pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$"; + path = with pkgs; [ wget perl ]; + script = pkgs.writeDash "lambda-pl" '' + if [ "$#" -gt 0 ]; then + exec wget -qO- "$1" | + perl -l -0777 -ne 'print $1 if /\s*(.*?)(?: - youtube)?\s*<\/title/si' + fi + ''; + }); + } From fc9dbd78356cc4af53f1b3cc48e9025a44f4f764 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 22:08:12 +0100 Subject: [PATCH 81/95] l 1 prism: add #coders Reaktor config --- lass/1systems/prism.nix | 43 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 34d81f099..6d5a7c965 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -259,6 +259,49 @@ in { { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; } + { + krebs.Reaktor.coders = { + nickname = "reaktor-lass"; + channels = [ "#coders" ]; + extraEnviron = { + REAKTOR_HOST = "irc.hackint.org"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + url-title + (buildSimpleReaktorPlugin "lambdabot-pl" { + pattern = "^@pl(?P.*)$$"; + script = pkgs.writeDash "lambda-pl" '' + exec ${pkgs.lambdabot}/bin/lambdabot -e "@pl $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-type" { + pattern = "^@type(?P.*)$$"; + script = pkgs.writeDash "lambda-type" '' + exec ${pkgs.lambdabot}/bin/lambdabot -e "@type $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-let" { + pattern = "^@let(?P.*)$$"; + script = pkgs.writeDash "lambda-let" '' + exec ${pkgs.lambdabot}/bin/lambdabot -e "@let $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-run" { + pattern = "^@run(?P.*)$$"; + script = pkgs.writeDash "lambda-run" '' + exec ${pkgs.lambdabot}/bin/lambdabot -e "@run $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-kind" { + pattern = "^@kind(?P.*)$$"; + script = pkgs.writeDash "lambda-kind" '' + exec ${pkgs.lambdabot}/bin/lambdabot -e "@kind $1" + ''; + }) + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From 65de42b52ca86375e355fec7613b129df3bccbe4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 22:25:47 +0100 Subject: [PATCH 82/95] s 1 test-all-krebs-modules: use new Reaktor api --- shared/1systems/test-all-krebs-modules.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix index 0bfcff685..b42968cfb 100644 --- a/shared/1systems/test-all-krebs-modules.nix +++ b/shared/1systems/test-all-krebs-modules.nix @@ -9,7 +9,7 @@ in { enable = true; build.user = config.krebs.users.shared; build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.enable = true; + Reaktor.test = {}; apt-cacher-ng.enable = true; backup.enable = true; bepasty.enable = true; From cc928ccbc60b5c2dfcb6417d187dae78ffe7cb6f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 23:26:48 +0100 Subject: [PATCH 83/95] move indent to lib --- krebs/3modules/exim-smarthost.nix | 1 - krebs/3modules/nginx.nix | 2 -- lib/default.nix | 2 ++ 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c96b14723..bda563f8d 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -2,7 +2,6 @@ with import ; let - indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; out = { diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 933c2e513..b28e97e37 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -129,8 +129,6 @@ let }; }; - indent = replaceChars ["\n"] ["\n "]; - to-acme = { server-names, ssl, ... }: optionalAttrs ssl.acmeEnable { email = "lassulus@gmail.com"; diff --git a/lib/default.nix b/lib/default.nix index 2b12fa4bf..7e61c9413 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -39,6 +39,8 @@ let string = toJSON x; # close enough }.${type} or reject; + indent = replaceChars ["\n"] ["\n "]; + }; in From 13e5a3d41ae42e8d2ef623dcbb26c66b409c66d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 23:50:02 +0100 Subject: [PATCH 84/95] l 3 fetchWallpaper: set wallpaper everytime --- krebs/3modules/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 94bcbed9d..aed5f595c 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -45,7 +45,7 @@ let mkdir -p ${shell.escape cfg.stateDir} cd ${shell.escape cfg.stateDir} - curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper + (curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper ''; From 1f4becad4dbbb512684045f55a42021ab7695c24 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 23:50:48 +0100 Subject: [PATCH 85/95] l 1 prism: add some flags to lambdabot --- lass/1systems/prism.nix | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6d5a7c965..83f669a3d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -266,37 +266,52 @@ in { extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; - plugins = with pkgs.ReaktorPlugins; [ + plugins = with pkgs.ReaktorPlugins; let + lambdabotflags = '' + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \''; + in [ sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl(?P.*)$$"; script = pkgs.writeDash "lambda-pl" '' - exec ${pkgs.lambdabot}/bin/lambdabot -e "@pl $1" + exec ${pkgs.lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@pl $1" ''; }) (buildSimpleReaktorPlugin "lambdabot-type" { pattern = "^@type(?P.*)$$"; script = pkgs.writeDash "lambda-type" '' - exec ${pkgs.lambdabot}/bin/lambdabot -e "@type $1" + exec ${pkgs.lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@type $1" ''; }) (buildSimpleReaktorPlugin "lambdabot-let" { pattern = "^@let(?P.*)$$"; script = pkgs.writeDash "lambda-let" '' - exec ${pkgs.lambdabot}/bin/lambdabot -e "@let $1" + exec ${pkgs.lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@let $1" ''; }) (buildSimpleReaktorPlugin "lambdabot-run" { pattern = "^@run(?P.*)$$"; script = pkgs.writeDash "lambda-run" '' - exec ${pkgs.lambdabot}/bin/lambdabot -e "@run $1" + exec ${pkgs.lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@run $1" ''; }) (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind(?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot -e "@kind $1" + exec ${pkgs.lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@kind $1" ''; }) ]; From 6b910af11a4dabdc9685f72a073b0e2a57c1e5b8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 23:51:24 +0100 Subject: [PATCH 86/95] l 2: remove broken tmpfs option with this option enabled /tmp was not mounted on boot --- lass/2configs/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 63114cdb1..911b7738a 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -91,8 +91,6 @@ with import ; #why is this on in the first place? services.nscd.enable = false; - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; From 8d527f99be68714ab68a09a02b8b3f06f70a7070 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 01:18:31 +0100 Subject: [PATCH 87/95] l 2 radio: stream now in stereo! this also fixes the slowmotion playback issue --- lass/2configs/radio.nix | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6fa143bc7..6e96f8845 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -60,28 +60,20 @@ in { musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' audio_output { - type "shout" - encoding "ogg" - name "the_playlist" - host "localhost" - port "8000" - mount "/radio.ogg" + type "shout" + encoding "ogg" + name "the_playlist" + host "localhost" + port "8000" + mount "/radio.ogg" + password "${source-password}" + bitrate "128" - # This is the source password in icecast.xml - password "${source-password}" - - # Set either quality or bit rate - # quality "5.0" - bitrate "128" - - format "44100:16:1" - - # Optional Parameters - user "source" - # description "here is my long description" - genre "good music" - } # end of audio_output + format "44100:16:2" + user "source" + genre "good music" + } ''; }; From 42b3396858becd384ddc5e5f08449874a4c2649f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 12:53:15 +0100 Subject: [PATCH 88/95] k 5 Reaktor plugins url-title: timeout after 5s --- krebs/5pkgs/Reaktor/plugins.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix index 3e48ae3ba..d4774dd69 100644 --- a/krebs/5pkgs/Reaktor/plugins.nix +++ b/krebs/5pkgs/Reaktor/plugins.nix @@ -119,10 +119,10 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$"; - path = with pkgs; [ wget perl ]; + path = with pkgs; [ curl perl ]; script = pkgs.writeDash "lambda-pl" '' if [ "$#" -gt 0 ]; then - exec wget -qO- "$1" | + curl -SsL --max-time 5 "$1" | perl -l -0777 -ne 'print $1 if /\s*(.*?)(?: - youtube)?\s*<\/title/si' fi ''; From e509fd2de8171d80c11760c0e3a531c596e5ccf7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 17:47:45 +0100 Subject: [PATCH 89/95] l 2 fetchWallpaper: start after xmonad --- lass/2configs/fetchWallpaper.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index fc5acce31..cf084ea8f 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -9,8 +9,8 @@ in { url = "prism/wallpaper.png"; }; systemd.services.fetchWallpaper = { - after = [ "xserver.service" ]; - wantedBy = [ "xserver.service" ]; + after = [ "xmonad.service" ]; + wantedBy = [ "xmonad.service" ]; }; } From a5134ea9ec5c0ac67761141c4f3ecd871ac3e9ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 17:48:27 +0100 Subject: [PATCH 90/95] l 3 usershadow: user passwd passwords for sshd --- lass/3modules/usershadow.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index c0be053ab..fc9e63e31 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -22,10 +22,13 @@ environment.systemPackages = [ usershadow ]; lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so account required pam_permit.so + auth required pam_env.so envfile=${config.system.build.pamEnvironment} + auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} + auth sufficient pam_unix.so likeauth try_first_pass + session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_permit.so + session required pam_loginuid.so ''; security.pam.services.dovecot2.text = '' From 261f7f7148acb8197b1296b0809342fe681a6d82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 18:03:12 +0100 Subject: [PATCH 91/95] l 2: add smartd.nix & import in tp-x220 --- lass/2configs/hw/tp-x220.nix | 3 +++ lass/2configs/smartd.nix | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 lass/2configs/smartd.nix diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index 44b2dcac1..ec36fa96a 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -2,6 +2,9 @@ with import ; { + imports = [ + ../smartd.nix + ]; networking.wireless.enable = lib.mkDefault true; hardware.enableAllFirmware = true; diff --git a/lass/2configs/smartd.nix b/lass/2configs/smartd.nix new file mode 100644 index 000000000..859812bed --- /dev/null +++ b/lass/2configs/smartd.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + services.smartd = { + enable = true; + devices = [ + { + device = "DEVICESCAN"; + options = toString [ + "-a" + "-m ${config.krebs.users.lass.mail}" + "-s (O/../.././09|S/../.././04|L/../../6/05)" + ]; + } + ]; + }; +} From 57be590db640eac4a1c34e5ccca3990f9ddfbb74 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 23:15:20 +0100 Subject: [PATCH 92/95] l 5 init: remove deprecated /boot --- lass/5pkgs/init/default.nix | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index d0339f811..b484d2c38 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -19,9 +19,7 @@ pkgs.writeText "init" '' disk=${disk} - bootdev=${disk}2 - - luksdev=${disk}3 + luksdev=${disk}2 luksmap=/dev/mapper/${luksmap} vgname=${vgname} @@ -51,13 +49,7 @@ pkgs.writeText "init" '' mklabel gpt \ mkpart no-fs 0 1024KiB \ set 1 bios_grub on \ - mkpart ext2 1025KiB 1024MiB \ - mkpart primary 1024MiB 100% - fi - - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ext2; then - echo zonk - exit 23 + mkpart primary 1025KiB 100% fi if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then @@ -97,10 +89,6 @@ pkgs.writeText "init" '' # formatting # - if ! test "$(blkid -o value -s TYPE "$bootdev")" = ext2; then - mkfs.ext2 "$bootdev" - fi - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then mkfs.btrfs "$rootdev" fi @@ -117,10 +105,6 @@ pkgs.writeText "init" '' if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then mount "$rootdev" /mnt fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then - mkdir -m 0000 -p /mnt/boot - mount "$bootdev" /mnt/boot - fi if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then mkdir -m 0000 -p /mnt/home mount "$homedev" /mnt/home From 705bf2c5e3f5a903a705cad70e9f8df5e904580d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Jan 2017 23:40:38 +0100 Subject: [PATCH 93/95] l 1 icarus: use grubs crytpodisk & remove /boot --- lass/1systems/icarus.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index 7f632e9bf..b869a67a7 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -22,8 +22,9 @@ with import ; loader.grub.enable = true; loader.grub.version = 2; loader.grub.device = "/dev/sda"; + loader.grub.enableCryptodisk = true; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; @@ -43,9 +44,6 @@ with import ; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/boot" = { - device = "/dev/sda2"; - }; "/tmp" = { device = "tmpfs"; fsType = "tmpfs"; From f07d696cd8ecde00a6a5388f9609d57d4142a9c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 23 Jan 2017 13:37:52 +0100 Subject: [PATCH 94/95] l 1 prism: do more stuff in #coders --- lass/1systems/prism.nix | 43 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 83f669a3d..d8980a10c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -275,7 +275,7 @@ in { sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl(?P.*)$$"; + pattern = "^@pl (?P.*)$$"; script = pkgs.writeDash "lambda-pl" '' exec ${pkgs.lambdabot}/bin/lambdabot \ ${indent lambdabotflags} @@ -283,7 +283,7 @@ in { ''; }) (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type(?P.*)$$"; + pattern = "^@type (?P.*)$$"; script = pkgs.writeDash "lambda-type" '' exec ${pkgs.lambdabot}/bin/lambdabot \ ${indent lambdabotflags} @@ -291,7 +291,7 @@ in { ''; }) (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let(?P.*)$$"; + pattern = "^@let (?P.*)$$"; script = pkgs.writeDash "lambda-let" '' exec ${pkgs.lambdabot}/bin/lambdabot \ ${indent lambdabotflags} @@ -299,7 +299,7 @@ in { ''; }) (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run(?P.*)$$"; + pattern = "^@run (?P.*)$$"; script = pkgs.writeDash "lambda-run" '' exec ${pkgs.lambdabot}/bin/lambdabot \ ${indent lambdabotflags} @@ -307,13 +307,46 @@ in { ''; }) (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind(?P.*)$$"; + pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' exec ${pkgs.lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; }) + (buildSimpleReaktorPlugin "lambdabot-kind" { + pattern = "^@kind (?P.*)$$"; + script = pkgs.writeDash "lambda-kind" '' + exec ${pkgs.lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@kind $1" + ''; + }) + (buildSimpleReaktorPlugin "random-unicorn-porn" { + pattern = "^!rup$$"; + script = pkgs.writePython2 "rup" '' + #!${pkgs.python2}/bin/python + t1 = """ + _. + ;=',_ () + 8===D~~ S" .--`|| + sS \__ || + __.' ( \-->|| + _=/ _./-\/ || + 8===D~~ ((\( /-' -'l || + ) |/ \\ (_)) + \\ \\ + '~ '~ + """ + print(t1) + ''; + }) + (buildSimpleReaktorPlugin "ping" { + pattern = "^!ping (?P.*)$$"; + script = pkgs.writeDash "ping" '' + exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + }) ]; }; } From 89c5b22129d3cb875d16a3171a4e3ab3bee9cb0a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 24 Jan 2017 15:15:32 +0100 Subject: [PATCH 95/95] l 3 kapacitor: use more defaults --- lass/3modules/kapacitor.nix | 122 +++++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 1 deletion(-) diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix index 023801987..8524c8198 100644 --- a/lass/3modules/kapacitor.nix +++ b/lass/3modules/kapacitor.nix @@ -26,7 +26,7 @@ let #TODO: find a good default default = '' hostname = "localhost" - data_dir = "/home/lass/.kapacitor" + data_dir = "${cfg.dataDir}" [http] bind-address = ":9092" @@ -75,6 +75,126 @@ let [logging] file = "STDERR" level = "INFO" + + [collectd] + enabled = false + bind-address = ":25826" + database = "collectd" + retention-policy = "" + batch-size = 5000 + batch-pending = 10 + batch-timeout = "10s" + read-buffer = 0 + typesdb = "/usr/share/collectd/types.db" + + [opentsdb] + enabled = false + bind-address = ":4242" + database = "opentsdb" + retention-policy = "" + consistency-level = "one" + tls-enabled = false + certificate = "/etc/ssl/influxdb.pem" + batch-size = 1000 + batch-pending = 5 + batch-timeout = "1s" + log-point-errors = true + + [smtp] + enabled = false + host = "localhost" + port = 25 + username = "" + password = "" + no-verify = false + global = false + state-changes-only = false + from = "" + idle-timeout = "30s" + + [opsgenie] + enabled = false + api-key = "" + url = "https://api.opsgenie.com/v1/json/alert" + recovery_url = "https://api.opsgenie.com/v1/json/alert/note" + global = false + + [victorops] + enabled = false + api-key = "" + routing-key = "" + url = "https://alert.victorops.com/integrations/generic/20131114/alert" + global = false + + [pagerduty] + enabled = false + url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json" + service-key = "" + global = false + + [sensu] + enabled = false + addr = "" + source = "Kapacitor" + + [slack] + enabled = false + url = "" + channel = "" + global = false + state-changes-only = false + + [telegram] + enabled = false + url = "https://api.telegram.org/bot" + token = "" + chat-id = "" + parse-mode = "" + disable-web-page-preview = false + disable-notification = false + global = false + state-changes-only = false + + [hipchat] + enabled = false + url = "" + token = "" + room = "" + global = false + state-changes-only = false + + [alerta] + enabled = false + url = "" + token = "" + environment = "" + origin = "" + + [reporting] + enabled = true + url = "https://usage.influxdata.com" + + [stats] + enabled = true + stats-interval = "10s" + database = "_kapacitor" + retention-policy = "autogen" + timing-sample-rate = 0.1 + timing-movavg-size = 1000 + + [udf] + + [deadman] + interval = "10s" + threshold = 0.0 + id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'" + message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL." + global = false + + [talk] + enabled = false + url = "" + author_name = "" ''; description = "configuration kapacitor is started with"; };