Merge remote-tracking branch 'cloudkrebs/master'
This commit is contained in:
commit
c1971f5aa0
@ -40,8 +40,7 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
|
||||
set -euf
|
||||
|
||||
mkdir -p ${shell.escape cfg.stateDir}
|
||||
|
@ -20,6 +20,7 @@ let
|
||||
flatten
|
||||
length
|
||||
hasAttr
|
||||
hasPrefix
|
||||
mkEnableOption
|
||||
mkOption
|
||||
mkIf
|
||||
@ -123,7 +124,7 @@ let
|
||||
|
||||
buildRule = tn: cn: rule:
|
||||
#target validation test:
|
||||
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
|
||||
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
|
||||
|
||||
#predicate validation test:
|
||||
#maybe use iptables-test
|
||||
|
@ -12,6 +12,7 @@ with config.krebs.lib;
|
||||
aliases = [
|
||||
"dishfire.internet"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
@ -40,10 +41,11 @@ with config.krebs.lib;
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "162.252.241.33";
|
||||
ip4.addr = "104.233.79.118";
|
||||
aliases = [
|
||||
"echelon.internet"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
@ -79,6 +81,7 @@ with config.krebs.lib;
|
||||
aliases = [
|
||||
"prism.internet"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
@ -143,6 +146,7 @@ with config.krebs.lib;
|
||||
aliases = [
|
||||
"cloudkrebs.internet"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
@ -174,6 +178,7 @@ with config.krebs.lib;
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.12";
|
||||
aliases = ["uriel.gg23"];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.81.176";
|
||||
@ -205,6 +210,7 @@ with config.krebs.lib;
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.11";
|
||||
aliases = ["mors.gg23"];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.2";
|
||||
@ -257,21 +263,53 @@ with config.krebs.lib;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
|
||||
};
|
||||
shodan = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.4";
|
||||
ip6.addr = "42:0:0:0:0:0:0:50d4";
|
||||
aliases = [
|
||||
"shodan.retiolum"
|
||||
"shodan.r"
|
||||
"cgit.shodan.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
|
||||
YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
|
||||
ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
|
||||
7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
|
||||
xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
|
||||
V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
||||
};
|
||||
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
||||
mail = "lass@mors.retiolum";
|
||||
pgp.pubkeys.default = builtins.readFile ./default.pgp;
|
||||
pubkey = builtins.readFile ./ssh/mors.rsa;
|
||||
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
|
||||
};
|
||||
lass-uriel = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
||||
mail = "lass@uriel.retiolum";
|
||||
pubkey = builtins.readFile ./ssh/uriel.rsa;
|
||||
};
|
||||
lass-helios = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
|
||||
mail = "lass@helios.retiolum";
|
||||
pubkey = builtins.readFile ./ssh/helios.rsa;
|
||||
};
|
||||
lass-shodan = {
|
||||
mail = "lass@shodan.retiolum";
|
||||
pubkey = builtins.readFile ./ssh/shodan.rsa;
|
||||
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,52 +0,0 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
|
||||
gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
|
||||
e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
|
||||
+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
|
||||
Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
|
||||
UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
|
||||
+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
|
||||
my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
|
||||
DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
|
||||
ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
|
||||
/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
|
||||
tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
|
||||
+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
|
||||
D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
|
||||
kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
|
||||
2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
|
||||
0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
|
||||
u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
|
||||
HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
|
||||
1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
|
||||
NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
|
||||
cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
|
||||
IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
|
||||
4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
|
||||
/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
|
||||
/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
|
||||
MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
|
||||
0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
|
||||
gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
|
||||
75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
|
||||
AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
|
||||
WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
|
||||
02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
|
||||
MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
|
||||
ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
|
||||
+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
|
||||
XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
|
||||
VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
|
||||
Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
|
||||
Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
|
||||
8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
|
||||
laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
|
||||
2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
|
||||
aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
|
||||
PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
|
||||
4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
|
||||
It6jrzDh3+COSQ==
|
||||
=0gFT
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
51
krebs/3modules/lass/pgp/mors.pgp
Normal file
51
krebs/3modules/lass/pgp/mors.pgp
Normal file
@ -0,0 +1,51 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQINBFcWQhEBEADwt+hHRZxZx05USejn4x5LVWqqg5I2nIzjwI8pVyBra2AmXaMA
|
||||
SAImFk1W6oM35rwYmez6TG8QC7RPRUrMHX2aAdDwJ/VtU/b87q0ICwlMxYUnikg1
|
||||
tsHV4kRB7ukm+Rs0ECMqZzjwdlbiEEfQ6VPUrIBzDHeD0idkC82DonZ6xe083klH
|
||||
LpO36ckBOtyaoZZspzRu5yB76vsbeviVqsQ9WTQ8GoQk1i6FUbTbtOlvjhtx05Rk
|
||||
ic66RrfFSM/ElLe5yA96kZd7m/Sn9WIRwRj3clxnT1vAVpMlpISsTutEQtuG3MDX
|
||||
tT3EPVSSZEEcY1xxlJF+u1JZu4QqqtH+nczjshv+z3HZdmGd7OGqmgI8D3Ly/Ufi
|
||||
Uyz+ewZbhbgy/XSHqwriUbnMuE9OKxx0LqlQLA59+/icT+upW4TexiHKd6PYeSeJ
|
||||
kCxUEAmzqxsnilmwbehQrmmhI7uzxT8YxNGjF5mRJ1zOY55praTMKlp3MOxKvVPn
|
||||
EZSyWm/22CuUZZEX0XR6TBgkL71VoGrlaezADzhHu9i5yBwbNCuiE2CYcS5IuDf+
|
||||
GkoKGtWeLbXTXccWOaIItSzlVUcJx3D009kTXeLEo2T1RPpz41LMvqWkUlZg4CA1
|
||||
zMAcudsXDtXGJEvS3dZAaiUUdASktzNL/ltuW/CXITJ0V7UjmA0pOyLDOQARAQAB
|
||||
tBlsYXNzdWx1cyA8bGFzc0BsYXNzdWwudXM+iQI3BBMBCAAhBQJXFkIRAhsDBQsJ
|
||||
CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEInoKVKXan5NFVsP/RfU4dychz5eadnN
|
||||
/iCybL2eXCkpNbSJaPVqKKmBqY4oDEqK0NekwgOiWXFuFI6BpNyTW5z1a2PaBgF2
|
||||
bG5K/k/aGnzUUqH+LhtMCYr90UjJPtsrgi+C5poL4e2EsPN1SASSOSYFtYY1EQCe
|
||||
NcYut2foM/PjviJKuS9t/kJxmZn8Vi3+qQKSwys219IQuXqos44aihjnwEL+TR6D
|
||||
MgcDCW2QSCqB5kfksjustSihDck8ZkT+nISTrSdZVPzROcyBeswN/UqjOUBZd1p1
|
||||
sO7SqDaBnzovRD3G4kyscepPWChnOFCIq9tuE2Mai2QliQ4q1Bn0+8uhLPLG+nQI
|
||||
leL/6pFXY9ecjmpqrSAXEysDUgfpiqJzDtv8WC3fY7wl88/ROiHrgF8x5P4PmUMl
|
||||
oTfe+BGQar6BNV3rStPsW6Ogm6Mu6WNVXCRIJboM+ev3JdVSGF/ehnmb06EGCIrI
|
||||
ahWbMViDSAjOvM92By/RJkP8ADCN2ezvdf86Ubyib5EyRoleu0WHvtO1mLQn0pIP
|
||||
cYCGXrnQlkduC7ENS942hLUq976LPH1ZatM26gaN1MKxN03v+6e9E6jtxUH3wWk1
|
||||
oDGddTl+zu4fqUxEAA391sPMhp+DTVxXmPKvpnJivKAsL2Hkg0vKQt6VQNEv2Lgm
|
||||
G8vdqOcapWLBcddR9d0DpFgkZNQCuQINBFcWQhEBEADgv6HfZQyxuiFpHQbt59s4
|
||||
7mA4AmzgjA1GiS73xo16qjwLieKPJWlrgPk4OOwqQpdygZ9LAhH+FIqcGo4wCNKL
|
||||
1qiMQeQcFOACvLOfxpv8F1TkOc9IbQUoMPxXEYRK/c0ZtaWpe8dy4QL3tDwS/ovk
|
||||
sCZBpvXdpJXDuccfTQ23UPozWKs21JAIKqbO7p5n86VGr0Co07xmBsxOK6ylK8YM
|
||||
ftBjugfbxfmFApW2lAsjeDe7J5RY6W5NaeMg/IxTy6wkfoz1UjwtQaRvp1XbWqPz
|
||||
Ib+mx8AeRQQXzuVKxS20ZVgazSZHg1PYu9PoKTIWK0NLd68CydcQ4q6F3PjNytFH
|
||||
tDM13q5kWmTU0yFy2OWvy4JAq2z02C+Z+/+nffp0ZfsdEeVNm5ZvlDLmOYMWFzDj
|
||||
OScYgBYIAvAs3pYV+xl6pxvdTyI3JXed7Q889e36TC3mwUIR4sL+oOfctA7Swzkr
|
||||
aU8uMCwIE6ppGsxIcXQt15sUjgM5THXzAQXVkbM8i1x9F0JjP7bFMWcIP1pmqcaO
|
||||
6znM2D/wocY+RO3xYj0GLFgRBW2O/pJUWrWHInpO3mrwZeRMGZix5nZH8U6cvfD5
|
||||
9SwIVdyKj6sZklcS2JJclBDrAudYUbckAuV7KI1ZWcU4kVS3joYdWcFQO3vOxJW5
|
||||
mGXML9roJXeXN664iNBgpQARAQABiQIfBBgBCAAJBQJXFkIRAhsMAAoJEInoKVKX
|
||||
an5NGhcP/jkeR/fYPYuYEUWLGBxq2hFhwMssiJ+pwx5Nj+Kh9rLm90LBLCcwBVu0
|
||||
ILbaePkPCmin8p9F+AOy11DsWb5lBrlyUqU6+ID9nY/WbNL5ZYl6zIBmuYQ5qFEA
|
||||
n5NQD6hLllC6wyOqIeKXrnkvFJMW8+W0aYRQh7hhpAzyJz9gawXWvWY45NhWl3Tm
|
||||
S3LfJbA5nM6uZvO0VU7LERgfwTgPSjMwYVQGtktndy9N4Avi1N02l5BEmuZoXwTC
|
||||
oQuW6LiAPGE2ztXztyNGnUYUAGMWl22UTezqfU/aOG9Qum+QebwTgBUH4pTgLiV/
|
||||
pWxXib517wGkect/0Yd+zcya8lA7x1EzFFMb3i4ToawIz76I2ncIlpC2q31x2nVI
|
||||
6fBW4kfu8AR7XW9Yyv+plIuva1AeTf+sMc7FSb5CpOmjjLpUfQ96vZvQwarcEip7
|
||||
UmOBoAoFdhtwJotskBOje52AUgDIBWZrIfH1bq7/NjAO73UdR1mJkOpY01qQXkED
|
||||
TiLeIBGYqseCbnJNi1PVOVNEOT4Up3/RSjpAu8dBrXKqx7yS8bKlVk3RsIDlgyb4
|
||||
rWMc88uBl57YsjSnQN36LN7j0hPpb0TAD1OsPI1pepsKUAPZKA2EAyLXKyQ3oLqN
|
||||
DWU4ZWpIi8+RKm3UpWgQ9qN4tuRHvVX/AQjEW1LkhfmR2VIqnrkv
|
||||
=fgFG
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
30
krebs/3modules/lass/pgp/shodan.pgp
Normal file
30
krebs/3modules/lass/pgp/shodan.pgp
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQENBFc/U8EBCADaPobNwlm8oI3cVtDhsdHpW7gyNTloqM1JdUPoJ30kS8xIbKfF
|
||||
U+UWEj+/G0hXg3jGpqsYKzCegLcZuvKrLuyWas3nFync/KeWjPpmQWh8h/AQ63gi
|
||||
6FjikRS9iDHEnUBqXXymG6JOo9NrGX7viWcPx+rQzvXOFxVYt1JJY+Ki30tSL+0l
|
||||
igJBJ+x2qndnlPZE9uyKjYC9+9NlZ04h5WOponTtgIddBlBPhIOAW+f5mBVeWuaK
|
||||
8wPBY2z98ZIclwdTohCpBRjs/EAEhN+2djSjyJti2TARceMKV2ZLRoUh6bNqj3xV
|
||||
Y4IkDe47dS8rRmH/xj+9odJjtlbFHDmtElcfABEBAAG0HWxhc3NAc2hvZGFuLnIg
|
||||
PGxhc3NAc2hvZGFuLnI+iQE3BBMBCAAhBQJXP1PBAhsDBQsJCAcCBhUICQoLAgQW
|
||||
AgMBAh4BAheAAAoJECOf1I8qjNLnWCsH/Rr70NVjCpqou5JRJqc9NMYJflH8qUSR
|
||||
xxYsVXaLjf1sa5X0qbq1u5EaYQGsdP7qKuLggoom7CGBhG3WZnfhuLi9y2IXAFo8
|
||||
RprBmrTmXgpXqm8IrcWMDJUEwhjUn+x1iCnGUfmbUpIdBIj8HsCfDUmg+WT0GflT
|
||||
9tfYR0v1vRzK6WWYEobP9abhZdjOHIS8cXDgFVREllKjjOcLzsB23I9g1nlvX3+W
|
||||
J7iliC4s1OGvcpw0MHl/1KRpSBXK3we0WTNZLIJXr8W+BvURYxhVfbvgjHuv6K0h
|
||||
J0a/me8nkh05pdRLLGL+C8eFjAXALnTIxgiVNGjtXBAR+/HN2//iG665AQ0EVz9T
|
||||
wQEIAMsxDQ3Y5SL2gI1EjEuCc6RyTSBmsna9g/wKjzUbcB9zpEN9i85NDRvvfGn6
|
||||
ihxI9Z1rvn8zr8MKu9OcZB2XEQDriHUcS4IxnZzdbUIKOtR+1BjZvMKupbw+KHag
|
||||
WoeUh+tfb50bEMy/Z6Mp5mLOyXMyyiGS3CHJ6sHUXTub6kuHQnAOqiMsqnegZMcS
|
||||
sF+NpSNoSngC060jgh7fl4T8M3Vuv9NKGu9+0J48QR+LFsKe/7LwRQ9HFSH4sPeD
|
||||
vQI1BEo4piXthwd6mUHCbish38H77PGO0kKHaJ0HkBu+3tKXP1JJdm9SiN+ypUIB
|
||||
FyfLpaWf6pcc/0QX6qE4gL00MI0AEQEAAYkBHwQYAQgACQUCVz9TwQIbDAAKCRAj
|
||||
n9SPKozS5w85B/4o2Zf7oLqjNmOu+YE0fNJmbGCETNotNnE/GToiejNAM9B/rYJe
|
||||
qjM9/kq0GJKVfKKrBGA0YQy9O847TVW26gPeiEgS7DO1Dl9YiLJJVzUGlOPijTIJ
|
||||
A3LmMCLU/M3+a/33HGjm7gYk+aRwqOwHeC+f1pder8InoC3ebWupfcQsWkwTVqZk
|
||||
lrLzoywjqQcdjAYFJp1c0ZxXyrgOS4dIGMU+o+DDCyK/ry9UGd3ZacMqDsyWO51A
|
||||
iXDMtvVsuxbIP5o3muF9kEX7hx4EF7+MzRI3FjYwlHLNw+v3OVhfOxuPSt71VOiC
|
||||
G2aT2z4sz8+qbOIIG3JX99osG6v683lvDUCW
|
||||
=s4OM
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
1
krebs/3modules/lass/ssh/helios.rsa
Normal file
1
krebs/3modules/lass/ssh/helios.rsa
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios
|
1
krebs/3modules/lass/ssh/mors.rsa
Normal file
1
krebs/3modules/lass/ssh/mors.rsa
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
|
1
krebs/3modules/lass/ssh/shodan.rsa
Normal file
1
krebs/3modules/lass/ssh/shodan.rsa
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan
|
1
krebs/3modules/lass/ssh/uriel.rsa
Normal file
1
krebs/3modules/lass/ssh/uriel.rsa
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
|
@ -26,7 +26,10 @@ let
|
||||
environment = {
|
||||
etc = flip mapAttrs' cfg (name: { packages, ... }: {
|
||||
name = "per-user/${name}";
|
||||
value.source = pkgs.symlinkJoin "per-user.${name}" packages;
|
||||
value.source = pkgs.symlinkJoin {
|
||||
name = "per-user.${name}";
|
||||
paths = packages;
|
||||
};
|
||||
});
|
||||
profiles = ["/etc/per-user/$LOGNAME"];
|
||||
};
|
||||
|
@ -36,6 +36,19 @@ with config.krebs.lib;
|
||||
|
||||
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
||||
|
||||
buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
|
||||
inherit (pkgs.pythonPackages) twisted jinja2;
|
||||
dateutil = pkgs.pythonPackages.dateutil_1_5;
|
||||
sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
|
||||
doCheck = false;
|
||||
});
|
||||
};
|
||||
|
||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||
symlinkJoin = { name, paths, ... }@args: let
|
||||
x = pkgs.symlinkJoin args;
|
||||
in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
|
||||
|
||||
test = {
|
||||
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
||||
};
|
||||
|
@ -8,11 +8,13 @@ in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/os-templates/CAC-CentOS-7-64bit.nix
|
||||
../2configs/base.nix
|
||||
../2configs/default.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/fastpoke-pages.nix
|
||||
../2configs/git.nix
|
||||
../2configs/realwallpaper.nix
|
||||
../2configs/realwallpaper-server.nix
|
||||
../2configs/privoxy-retiolum.nix
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
|
@ -4,9 +4,9 @@
|
||||
imports = [
|
||||
../.
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/base.nix
|
||||
../2configs/default.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/git.nix
|
||||
../2configs/websites/fritz.nix
|
||||
{
|
||||
boot.loader.grub = {
|
||||
device = "/dev/vda";
|
||||
@ -26,10 +26,19 @@
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/srv/http" = {
|
||||
device = "/dev/pool/srv_http";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/vda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
||||
{
|
||||
networking.dhcpcd.allowInterfaces = [
|
||||
@ -40,6 +49,20 @@
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
mk_sql_pair
|
||||
];
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
../2configs/websites/fritz.nix
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.dishfire;
|
||||
|
@ -8,7 +8,8 @@ in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/os-templates/CAC-CentOS-7-64bit.nix
|
||||
../2configs/base.nix
|
||||
../2configs/default.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/realwallpaper-server.nix
|
||||
../2configs/privoxy-retiolum.nix
|
||||
|
@ -5,10 +5,13 @@ with builtins;
|
||||
imports = [
|
||||
../.
|
||||
../2configs/baseX.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/programs.nix
|
||||
../2configs/git.nix
|
||||
../2configs/pass.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
../2configs/backups.nix
|
||||
#{
|
||||
# users.extraUsers = {
|
||||
# root = {
|
||||
@ -52,6 +55,16 @@ with builtins;
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "/dev/pool/home";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
#services.udev.extraRules = ''
|
||||
|
@ -4,6 +4,7 @@
|
||||
imports = [
|
||||
../.
|
||||
../2configs/baseX.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/programs.nix
|
||||
../2configs/bitcoin.nix
|
||||
../2configs/browsers.nix
|
||||
@ -26,6 +27,8 @@
|
||||
../2configs/libvirt.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
../2configs/cbase.nix
|
||||
../2configs/mail.nix
|
||||
../2configs/krebs-pass.nix
|
||||
#../2configs/buildbot-standalone.nix
|
||||
{
|
||||
#risk of rain port
|
||||
@ -33,124 +36,28 @@
|
||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
#static-nginx-test
|
||||
imports = [
|
||||
../3modules/static_nginx.nix
|
||||
];
|
||||
lass.staticPage."testserver.de" = {
|
||||
#sslEnable = true;
|
||||
#certificate = "${toString <secrets>}/testserver.de/server.cert";
|
||||
#certificate_key = "${toString <secrets>}/testserver.de/server.pem";
|
||||
ssl = {
|
||||
enable = true;
|
||||
certificate = "${toString <secrets>}/testserver.de/server.cert";
|
||||
certificate_key = "${toString <secrets>}/testserver.de/server.pem";
|
||||
};
|
||||
};
|
||||
networking.extraHosts = ''
|
||||
10.243.0.2 testserver.de
|
||||
'';
|
||||
}
|
||||
#{
|
||||
# #wordpress-test
|
||||
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||
# imports = [
|
||||
# ../3modules/wordpress_nginx.nix
|
||||
# ];
|
||||
# lass.wordpress."testserver.de" = {
|
||||
# multiSite = {
|
||||
# "1" = "testserver.de";
|
||||
# "2" = "bla.testserver.de";
|
||||
# };
|
||||
# };
|
||||
|
||||
# services.mysql = {
|
||||
# enable = true;
|
||||
# package = pkgs.mariadb;
|
||||
# rootPassword = "<secrets>/mysql_rootPassword";
|
||||
# };
|
||||
# networking.extraHosts = ''
|
||||
# 10.243.0.2 testserver.de
|
||||
# '';
|
||||
# krebs.iptables.tables.filter.INPUT.rules = [
|
||||
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
# ];
|
||||
#}
|
||||
#{
|
||||
# #owncloud-test
|
||||
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||
# imports = [
|
||||
# ../3modules/owncloud_nginx.nix
|
||||
# ];
|
||||
# lass.owncloud."owncloud-test.de" = {
|
||||
# services.elasticsearch = {
|
||||
# enable = true;
|
||||
# plugins = [
|
||||
# # pkgs.elasticsearchPlugins.elasticsearch_kopf
|
||||
# ];
|
||||
# };
|
||||
#}
|
||||
#{
|
||||
# services.postgresql = {
|
||||
# enable = true;
|
||||
# package = pkgs.postgresql;
|
||||
# };
|
||||
|
||||
# #services.mysql = {
|
||||
# # enable = true;
|
||||
# # package = pkgs.mariadb;
|
||||
# # rootPassword = "<secrets>/mysql_rootPassword";
|
||||
# #};
|
||||
# networking.extraHosts = ''
|
||||
# 10.243.0.2 owncloud-test.de
|
||||
# '';
|
||||
# krebs.iptables.tables.filter.INPUT.rules = [
|
||||
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
# ];
|
||||
#}
|
||||
{
|
||||
containers.pythonenv = {
|
||||
config = {
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
git
|
||||
libxml2
|
||||
libxslt
|
||||
libzip
|
||||
python27Full
|
||||
python27Packages.buildout
|
||||
stdenv
|
||||
zlib
|
||||
];
|
||||
|
||||
pathsToLink = [ "/include" ];
|
||||
|
||||
shellInit = ''
|
||||
# help pip to find libz.so when building lxml
|
||||
export LIBRARY_PATH=/var/run/current-system/sw/lib
|
||||
# ditto for header files, e.g. sqlite
|
||||
export C_INCLUDE_PATH=/var/run/current-system/sw/include
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = "<secrets>/mysql_rootPassword";
|
||||
};
|
||||
}
|
||||
{
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
plugins = [
|
||||
# pkgs.elasticsearchPlugins.elasticsearch_kopf
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
@ -158,15 +65,6 @@
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
networking.extraHosts = ''
|
||||
213.239.205.240 wohnprojekt-rhh.de
|
||||
213.239.205.240 karlaskop.de
|
||||
213.239.205.240 makeup.apanowicz.de
|
||||
213.239.205.240 pixelpocket.de
|
||||
213.239.205.240 reich-gebaeudereinigung.de
|
||||
213.239.205.240 o.ubikmedia.de
|
||||
'';
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
@ -206,7 +104,7 @@
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/mnt/backups" = {
|
||||
"/bku" = {
|
||||
device = "/dev/big/backups";
|
||||
fsType = "ext4";
|
||||
};
|
||||
@ -293,6 +191,8 @@
|
||||
get
|
||||
teamspeak_client
|
||||
hashPassword
|
||||
urban
|
||||
mk_sql_pair
|
||||
];
|
||||
|
||||
#TODO: fix this shit
|
||||
@ -324,16 +224,4 @@
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#touchpad config
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
accelFactor = "0.035";
|
||||
additionalOptions = ''
|
||||
Option "FingerHigh" "60"
|
||||
Option "FingerLow" "60"
|
||||
'';
|
||||
tapButtons = false;
|
||||
twoFingerScroll = true;
|
||||
};
|
||||
}
|
||||
|
@ -2,15 +2,28 @@
|
||||
|
||||
let
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
|
||||
inherit (import ../../4lib { inherit lib pkgs; })
|
||||
manageCerts;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/base.nix
|
||||
../2configs/default.nix
|
||||
../2configs/exim-smarthost.nix
|
||||
../2configs/downloading.nix
|
||||
../2configs/git.nix
|
||||
../2configs/ts3.nix
|
||||
../2configs/bitlbee.nix
|
||||
../2configs/weechat.nix
|
||||
../2configs/privoxy-retiolum.nix
|
||||
../2configs/radio.nix
|
||||
{
|
||||
#we need to use old sqlite for buildbot
|
||||
imports = [
|
||||
../2configs/buildbot-standalone.nix
|
||||
];
|
||||
}
|
||||
{
|
||||
users.extraGroups = {
|
||||
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
||||
@ -77,6 +90,18 @@ in {
|
||||
device = "/dev/pool/download";
|
||||
};
|
||||
|
||||
fileSystems."/srv/http" = {
|
||||
device = "/dev/pool/http";
|
||||
};
|
||||
|
||||
fileSystems."/srv/o.ubikmedia.de-data" = {
|
||||
device = "/dev/pool/owncloud-ubik-data";
|
||||
};
|
||||
|
||||
fileSystems."/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
};
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
@ -117,7 +142,7 @@ in {
|
||||
}
|
||||
{
|
||||
users.users.chat.openssh.authorizedKeys.keys = [
|
||||
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
];
|
||||
}
|
||||
@ -130,15 +155,47 @@ in {
|
||||
../2configs/websites/domsen.nix
|
||||
];
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
security.acme = {
|
||||
certs."lassul.us" = {
|
||||
email = "lass@lassul.us";
|
||||
webroot = "/var/lib/acme/challenges/lassul.us";
|
||||
plugins = [
|
||||
"account_key.json"
|
||||
"key.pem"
|
||||
"fullchain.pem"
|
||||
"full.pem"
|
||||
];
|
||||
user = "ejabberd";
|
||||
};
|
||||
};
|
||||
krebs.nginx.servers."lassul.us" = {
|
||||
server-names = [ "lassul.us" ];
|
||||
locations = [
|
||||
(lib.nameValuePair "/.well-known/acme-challenge" ''
|
||||
root /var/lib/acme/challenges/lassul.us/;
|
||||
'')
|
||||
];
|
||||
};
|
||||
lass.ejabberd = {
|
||||
enable = true;
|
||||
hosts = [ "lassul.us" ];
|
||||
certfile = "/var/lib/acme/lassul.us/full.pem";
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
76
lass/1systems/shodan.nix
Normal file
76
lass/1systems/shodan.nix
Normal file
@ -0,0 +1,76 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
../2configs/baseX.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/programs.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
../2configs/backups.nix
|
||||
#{
|
||||
# users.extraUsers = {
|
||||
# root = {
|
||||
# openssh.authorizedKeys.keys = map readFile [
|
||||
# ../../krebs/Zpubkeys/uriel.ssh.pub
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
#}
|
||||
{
|
||||
#x220 config from mors
|
||||
#TODO: make x220 config file (or look in other user dir)
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||
deviceSection = ''
|
||||
Option "AccelMethod" "sna"
|
||||
BusID "PCI:0:2:0"
|
||||
'';
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
kernelModules = [ "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/pool/nix";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
};
|
||||
|
||||
#services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
||||
#'';
|
||||
}
|
@ -5,6 +5,7 @@ with builtins;
|
||||
imports = [
|
||||
../.
|
||||
../2configs/baseX.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/games.nix
|
||||
../2configs/pass.nix
|
||||
@ -47,6 +48,11 @@ with builtins;
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/bku" = {
|
||||
device = "/dev/pool/bku";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
|
135
lass/2configs/backups.nix
Normal file
135
lass/2configs/backups.nix
Normal file
@ -0,0 +1,135 @@
|
||||
{ config, lib, ... }:
|
||||
with config.krebs.lib;
|
||||
{
|
||||
|
||||
krebs.backup.plans = {
|
||||
} // mapAttrs (_: recursiveUpdate {
|
||||
snapshots = {
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
}) {
|
||||
dishfire-http-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:00";
|
||||
};
|
||||
dishfire-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:05";
|
||||
};
|
||||
dishfire-http-uriel = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-sql-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:15";
|
||||
};
|
||||
dishfire-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:20";
|
||||
};
|
||||
dishfire-sql-uriel = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-uriel = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-chat-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
|
||||
startAt = "03:30";
|
||||
};
|
||||
prism-chat-uriel = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:40";
|
||||
};
|
||||
prism-sql-uriel = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
|
||||
startAt = "03:50";
|
||||
};
|
||||
prism-http-uriel = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
uriel-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.uriel; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
mors-home-uriel = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
dishfire-http-helios = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
|
||||
startAt = "12:00";
|
||||
};
|
||||
dishfire-sql-helios = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
|
||||
startAt = "12:15";
|
||||
};
|
||||
prism-sql-helios = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "12:30";
|
||||
};
|
||||
prism-http-helios = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
|
||||
startAt = "12:45";
|
||||
};
|
||||
};
|
||||
}
|
@ -4,9 +4,10 @@ let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
in {
|
||||
imports = [
|
||||
./base.nix
|
||||
./default.nix
|
||||
#./urxvt.nix
|
||||
./xserver
|
||||
./mpv.nix
|
||||
];
|
||||
|
||||
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
||||
@ -33,17 +34,18 @@ in {
|
||||
|
||||
dmenu
|
||||
gitAndTools.qgit
|
||||
nmap
|
||||
much
|
||||
pavucontrol
|
||||
powertop
|
||||
push
|
||||
slock
|
||||
sxiv
|
||||
xclip
|
||||
xorg.xbacklight
|
||||
xsel
|
||||
zathura
|
||||
|
||||
mpv
|
||||
mpv-poll
|
||||
yt-next
|
||||
#window manager stuff
|
||||
|
@ -14,7 +14,7 @@ let
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
lass.per-user.${name}.packages = packages;
|
||||
krebs.per-user.${name}.packages = packages;
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
@ -35,7 +35,7 @@ let
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
lass.per-user.${name}.packages = packages;
|
||||
krebs.per-user.${name}.packages = packages;
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
@ -59,20 +59,9 @@ in {
|
||||
|
||||
imports = [
|
||||
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
|
||||
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
|
||||
( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||
( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||
];
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs : {
|
||||
flash = pkgs.chromium.override {
|
||||
# pulseSupport = true;
|
||||
enablePepperFlash = true;
|
||||
};
|
||||
#chromium = pkgs.chromium.override {
|
||||
# pulseSupport = true;
|
||||
#};
|
||||
};
|
||||
}
|
||||
|
@ -1,15 +1,16 @@
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
#networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||
krebs.buildbot.master = {
|
||||
krebs.buildbot.master = let
|
||||
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
||||
in {
|
||||
slaves = {
|
||||
testslave = "lasspass";
|
||||
};
|
||||
change_source.stockholm = ''
|
||||
stockholm_repo = 'http://cgit.mors/stockholm'
|
||||
stockholm_repo = '${stockholm-mirror-url}'
|
||||
cs.append(changes.GitPoller(
|
||||
stockholm_repo,
|
||||
workdir='stockholm-poller', branch='master',
|
||||
workdir='stockholm-poller', branches=True,
|
||||
project='stockholm',
|
||||
pollinterval=120))
|
||||
'';
|
||||
@ -20,10 +21,12 @@
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
fast-tests-scheduler = ''
|
||||
# test the master real quick
|
||||
# test everything real quick
|
||||
sched.append(schedulers.SingleBranchScheduler(
|
||||
change_filter=util.ChangeFilter(branch="master"),
|
||||
name="fast-master-test",
|
||||
## all branches
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
# treeStableTimer=10,
|
||||
name="fast-all-branches",
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
};
|
||||
@ -38,7 +41,10 @@
|
||||
deps = [ "gnumake", "jq","nix","rsync" ]
|
||||
# TODO: --pure , prepare ENV in nix-shell command:
|
||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||
nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
|
||||
nixshell = ["nix-shell",
|
||||
"-I", "stockholm=.",
|
||||
"-I", "nixpkgs=/var/src/nixpkgs",
|
||||
"-p" ] + deps + [ "--run" ]
|
||||
|
||||
# prepare addShell function
|
||||
def addShell(factory,**kwargs):
|
||||
@ -48,13 +54,26 @@
|
||||
fast-tests = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
addShell(f,name="mors-eval",env=env,
|
||||
command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
|
||||
for i in [ "prism", "mors", "echelon" ]:
|
||||
addShell(f,name="populate-{}".format(i),env=env,
|
||||
command=nixshell + \
|
||||
["{}( make system={} eval.config.krebs.build.populate \
|
||||
| jq -er .)".format("!" if "failing" in i else "",i)])
|
||||
|
||||
addShell(f,name="build-test-minimal",env=env,
|
||||
command=nixshell + \
|
||||
["nix-instantiate \
|
||||
--show-trace --eval --strict --json \
|
||||
-I nixos-config=./shared/1systems/test-minimal-deploy.nix \
|
||||
-I secrets=. \
|
||||
-A config.system.build.toplevel"]
|
||||
)
|
||||
|
||||
bu.append(util.BuilderConfig(name="fast-tests",
|
||||
slavenames=slavenames,
|
||||
factory=f))
|
||||
'';
|
||||
|
||||
'';
|
||||
};
|
||||
enable = true;
|
||||
web.enable = true;
|
||||
@ -72,7 +91,17 @@
|
||||
masterhost = "localhost";
|
||||
username = "testslave";
|
||||
password = "lasspass";
|
||||
packages = with pkgs;[ git nix ];
|
||||
extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
|
||||
packages = with pkgs;[ git nix gnumake jq rsync ];
|
||||
extraEnviron = {
|
||||
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
|
||||
};
|
||||
};
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -7,10 +7,11 @@ with config.krebs.lib;
|
||||
../2configs/zsh.nix
|
||||
../2configs/mc.nix
|
||||
../2configs/retiolum.nix
|
||||
./backups.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
(import /root/secrets/hashedPasswords.nix);
|
||||
(import <secrets/hashedPasswords.nix>);
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
@ -18,7 +19,7 @@ with config.krebs.lib;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
config.krebs.users.lass-helios.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
];
|
||||
};
|
||||
mainUser = {
|
||||
@ -33,6 +34,7 @@ with config.krebs.lib;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -45,7 +47,6 @@ with config.krebs.lib;
|
||||
krebs = {
|
||||
enable = true;
|
||||
search-domain = "retiolum";
|
||||
exim-retiolum.enable = true;
|
||||
build = {
|
||||
user = config.krebs.users.lass;
|
||||
source = mapAttrs (_: mkDefault) ({
|
||||
@ -55,7 +56,7 @@ with config.krebs.lib;
|
||||
stockholm = "/home/lass/stockholm";
|
||||
nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
rev = "40c586b7ce2c559374df435f46d673baf711c543";
|
||||
rev = "d541e0dc1c05f5514bf30f8039e687adddb45616";
|
||||
dev = "/home/lass/src/nixpkgs";
|
||||
};
|
||||
} // optionalAttrs config.krebs.build.host.secure {
|
||||
@ -85,9 +86,12 @@ with config.krebs.lib;
|
||||
MANPAGER=most
|
||||
'';
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
#stockholm
|
||||
git
|
||||
gnumake
|
||||
jq
|
||||
parallel
|
||||
proot
|
||||
@ -102,12 +106,20 @@ with config.krebs.lib;
|
||||
|
||||
#network
|
||||
iptables
|
||||
iftop
|
||||
|
||||
#stuff for dl
|
||||
aria2
|
||||
|
||||
#neat utils
|
||||
krebspaste
|
||||
psmisc
|
||||
untilport
|
||||
|
||||
#unpack stuff
|
||||
p7zip
|
||||
unzip
|
||||
unrar
|
||||
];
|
||||
|
||||
programs.bash = {
|
||||
@ -145,10 +157,6 @@ with config.krebs.lib;
|
||||
'';
|
||||
};
|
||||
|
||||
security.setuidPrograms = [
|
||||
"sendmail"
|
||||
];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
hostKeys = [
|
||||
@ -165,6 +173,13 @@ with config.krebs.lib;
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
nat.PREROUTING.rules = [
|
||||
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
||||
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
||||
];
|
||||
nat.OUTPUT.rules = [
|
||||
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
||||
];
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
@ -3,7 +3,7 @@
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
rpc-password = import <secrets/transmission-pw.nix>;
|
||||
rpc-password = import <secrets/transmission-pw>;
|
||||
in {
|
||||
imports = [
|
||||
../3modules/folderPerms.nix
|
||||
@ -20,6 +20,7 @@ in {
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
|
10
lass/2configs/exim-retiolum.nix
Normal file
10
lass/2configs/exim-retiolum.nix
Normal file
@ -0,0 +1,10 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
{
|
||||
krebs.exim-retiolum.enable = true;
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
49
lass/2configs/exim-smarthost.nix
Normal file
49
lass/2configs/exim-smarthost.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
{
|
||||
krebs.exim-smarthost = {
|
||||
enable = true;
|
||||
dkim = [
|
||||
{ domain = "lassul.us"; }
|
||||
];
|
||||
sender_domains = [
|
||||
"lassul.us"
|
||||
"aidsballs.de"
|
||||
];
|
||||
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
|
||||
config.krebs.hosts.mors
|
||||
config.krebs.hosts.uriel
|
||||
config.krebs.hosts.helios
|
||||
];
|
||||
internet-aliases = with config.krebs.users; [
|
||||
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
|
||||
{ from = "lass@lassul.us"; to = lass.mail; }
|
||||
{ from = "lassulus@lassul.us"; to = lass.mail; }
|
||||
{ from = "test@lassul.us"; to = lass.mail; }
|
||||
{ from = "outlook@lassul.us"; to = lass.mail; }
|
||||
{ from = "steuer@aidsballs.de"; to = lass.mail; }
|
||||
{ from = "lass@aidsballs.de"; to = lass.mail; }
|
||||
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
{ from = "postmaster"; to = "root"; }
|
||||
{ from = "nobody"; to = "root"; }
|
||||
{ from = "hostmaster"; to = "root"; }
|
||||
{ from = "usenet"; to = "root"; }
|
||||
{ from = "news"; to = "root"; }
|
||||
{ from = "webmaster"; to = "root"; }
|
||||
{ from = "www"; to = "root"; }
|
||||
{ from = "ftp"; to = "root"; }
|
||||
{ from = "abuse"; to = "root"; }
|
||||
{ from = "noc"; to = "root"; }
|
||||
{ from = "security"; to = "root"; }
|
||||
{ from = "root"; to = "lass"; }
|
||||
];
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
@ -1,101 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
createStaticPage = domain:
|
||||
{
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
];
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
root /var/lib/http/${domain};
|
||||
'')
|
||||
];
|
||||
};
|
||||
#networking.extraHosts = ''
|
||||
# 10.243.206.102 ${domain}
|
||||
#'';
|
||||
users.extraUsers = {
|
||||
${domain} = {
|
||||
name = domain;
|
||||
home = "/var/lib/http/${domain}";
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
imports = map createStaticPage [
|
||||
"habsys.de"
|
||||
"pixelpocket.de"
|
||||
"karlaskop.de"
|
||||
"ubikmedia.de"
|
||||
"apanowicz.de"
|
||||
];
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
krebs.nginx = {
|
||||
enable = true;
|
||||
servers = {
|
||||
#"habsys.de" = {
|
||||
# server-names = [
|
||||
# "habsys.de"
|
||||
# "www.habsys.de"
|
||||
# ];
|
||||
# locations = [
|
||||
# (nameValuePair "/" ''
|
||||
# root /var/lib/http/habsys.de;
|
||||
# '')
|
||||
# ];
|
||||
#};
|
||||
|
||||
#"karlaskop.de" = {
|
||||
# server-names = [
|
||||
# "karlaskop.de"
|
||||
# "www.karlaskop.de"
|
||||
# ];
|
||||
# locations = [
|
||||
# (nameValuePair "/" ''
|
||||
# root /var/lib/http/karlaskop.de;
|
||||
# '')
|
||||
# ];
|
||||
#};
|
||||
|
||||
#"pixelpocket.de" = {
|
||||
# server-names = [
|
||||
# "pixelpocket.de"
|
||||
# "www.karlaskop.de"
|
||||
# ];
|
||||
# locations = [
|
||||
# (nameValuePair "/" ''
|
||||
# root /var/lib/http/karlaskop.de;
|
||||
# '')
|
||||
# ];
|
||||
#};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
#services.postgresql = {
|
||||
# enable = true;
|
||||
#};
|
||||
|
||||
#config.services.vsftpd = {
|
||||
# enable = true;
|
||||
# userlistEnable = true;
|
||||
# userlistFile = pkgs.writeFile "vsftpd-userlist" ''
|
||||
# '';
|
||||
#};
|
||||
}
|
@ -5,7 +5,7 @@ let
|
||||
in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
url = "echelon/wallpaper.png";
|
||||
url = "cloudkrebs/wallpaper.png";
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -13,7 +13,7 @@ in {
|
||||
name = "games";
|
||||
description = "user playing games";
|
||||
home = "/home/games";
|
||||
extraGroups = [ "audio" "video" "input" ];
|
||||
extraGroups = [ "audio" "video" "input" "loot" ];
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
|
@ -35,6 +35,8 @@ let
|
||||
newsbot-js = {};
|
||||
kimsufi-check = {};
|
||||
realwallpaper = {};
|
||||
xmonad-stockholm = {};
|
||||
the_playlist = {};
|
||||
};
|
||||
|
||||
restricted-repos = mapAttrs make-restricted-repo (
|
||||
|
21
lass/2configs/krebs-pass.nix
Normal file
21
lass/2configs/krebs-pass.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
#TODO: tab-completion
|
||||
krebs-pass = pkgs.writeDashBin "krebs-pass" ''
|
||||
PASSWORD_STORE_DIR=$HOME/.krebs-pass \
|
||||
exec ${pkgs.pass}/bin/pass $@
|
||||
'';
|
||||
|
||||
krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" ''
|
||||
PASSWORD_STORE_DIR=$HOME/.krebs-pass \
|
||||
exec ${pkgs.pass}/bin/passmenu $@
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.per-user.lass.packages = [
|
||||
krebs-pass
|
||||
krebs-passmenu
|
||||
];
|
||||
}
|
110
lass/2configs/mail.nix
Normal file
110
lass/2configs/mail.nix
Normal file
@ -0,0 +1,110 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
msmtprc = pkgs.writeText "msmtprc" ''
|
||||
defaults
|
||||
logfile ~/.msmtp.log
|
||||
account prism
|
||||
host prism.r
|
||||
account default: prism
|
||||
'';
|
||||
|
||||
msmtp = pkgs.writeDashBin "msmtp" ''
|
||||
exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
|
||||
'';
|
||||
|
||||
muttrc = pkgs.writeText "muttrc" ''
|
||||
# gpg
|
||||
source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
|
||||
set pgp_use_gpg_agent = yes
|
||||
set pgp_sign_as = 0x976A7E4D
|
||||
set crypt_autosign = yes
|
||||
set crypt_replyencrypt = yes
|
||||
set crypt_verify_sig = yes
|
||||
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
|
||||
|
||||
macro index \Cv \
|
||||
"<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
|
||||
<enter-command> set crypt_verify_sig=yes<enter> \
|
||||
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
|
||||
'Verify PGP signature and open the message'
|
||||
|
||||
macro pager \Cv \
|
||||
"<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
|
||||
<enter-command> set crypt_verify_sig=yes<enter> \
|
||||
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
|
||||
'Verify PGP signature'
|
||||
|
||||
|
||||
# notmuch
|
||||
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
|
||||
set nm_record = yes
|
||||
set nm_record_tags = "-inbox me archive"
|
||||
set virtual_spoolfile=yes # enable virtual folders
|
||||
set sendmail="msmtp" # enables parsing of outgoing mail
|
||||
set use_from=yes
|
||||
set envelope_from=yes
|
||||
|
||||
set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?"
|
||||
|
||||
virtual-mailboxes \
|
||||
"INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
|
||||
"Unread" "notmuch://?query=tag:unread"\
|
||||
"TODO" "notmuch://?query=tag:TODO"\
|
||||
"Starred" "notmuch://?query=tag:*"\
|
||||
"Archive" "notmuch://?query=tag:archive"\
|
||||
"Sent" "notmuch://?query=tag:sent"\
|
||||
"Junk" "notmuch://?query=tag:junk"
|
||||
|
||||
tag-transforms "junk" "k" \
|
||||
"unread" "u" \
|
||||
"replied" "↻" \
|
||||
"TODO" "T" \
|
||||
|
||||
# notmuch bindings
|
||||
macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
|
||||
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
|
||||
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
|
||||
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
|
||||
|
||||
|
||||
#killed
|
||||
bind index d noop
|
||||
bind pager d noop
|
||||
|
||||
bind pager S noop
|
||||
macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
|
||||
macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
|
||||
|
||||
bind index t noop
|
||||
bind pager t noop
|
||||
macro index t "<modify-labels>+TODO\n" # tag as Archived
|
||||
|
||||
|
||||
# sidebar
|
||||
set sidebar_width = 20
|
||||
set sidebar_visible = yes # set to "no" to disable sidebar view at startup
|
||||
color sidebar_new yellow default
|
||||
# sidebar bindings
|
||||
bind index <left> sidebar-prev # got to previous folder in sidebar
|
||||
bind index <right> sidebar-next # got to next folder in sidebar
|
||||
bind index <space> sidebar-open # open selected folder from sidebar
|
||||
# sidebar toggle
|
||||
macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>"
|
||||
macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>"
|
||||
macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
|
||||
'';
|
||||
|
||||
mutt = pkgs.writeDashBin "mutt" ''
|
||||
exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
|
||||
'';
|
||||
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
msmtp
|
||||
mutt
|
||||
pkgs.much
|
||||
pkgs.notmuch
|
||||
];
|
||||
}
|
49
lass/2configs/mpv.nix
Normal file
49
lass/2configs/mpv.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
|
||||
mpv-config = pkgs.writeText "mpv-config" ''
|
||||
script=${lib.concatStringsSep "," [
|
||||
good
|
||||
delete
|
||||
]}
|
||||
'';
|
||||
mpv = pkgs.writeDashBin "mpv" ''
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@"
|
||||
'';
|
||||
|
||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
||||
tmp_dir = "${dir}"
|
||||
|
||||
function move_current_track_${key}()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||
end
|
||||
|
||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||
'';
|
||||
|
||||
good = moveToDir "G" "./.good";
|
||||
delete = moveToDir "D" "./.graveyard";
|
||||
|
||||
deleteCurrentTrack = pkgs.writeText "delete.lua" ''
|
||||
deleted_tmp = "./.graveyard"
|
||||
|
||||
-- Delete the current track by moving it to the `deleted_tmp` location.
|
||||
function delete_current_track()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. deleted_tmp .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'")
|
||||
print("'" .. track .. "' deleted.")
|
||||
end
|
||||
|
||||
mp.add_key_binding("D", "delete_current_track", delete_current_track)
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.per-user.lass.packages = [
|
||||
mpv
|
||||
];
|
||||
}
|
@ -154,7 +154,6 @@ let
|
||||
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
|
||||
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
|
||||
tigsource|http://www.tigsource.com/feed/|#news
|
||||
times|http://www.thetimes.co.uk/tto/news/rss|#news
|
||||
tinc|http://tinc-vpn.org/news/index.rss|#news
|
||||
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
|
||||
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
|
||||
|
@ -1,10 +1,9 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
krebs.per-user.lass.packages = with pkgs; [
|
||||
pass
|
||||
gnupg1
|
||||
];
|
||||
|
||||
services.xserver.startGnuPGAgent = true;
|
||||
}
|
||||
|
@ -8,7 +8,6 @@
|
||||
htop
|
||||
i3lock
|
||||
mosh
|
||||
mpv
|
||||
pass
|
||||
pavucontrol
|
||||
pv
|
||||
|
133
lass/2configs/radio.nix
Normal file
133
lass/2configs/radio.nix
Normal file
@ -0,0 +1,133 @@
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
name = "radio";
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
inherit (config.krebs.lib) genid;
|
||||
|
||||
admin-password = import <secrets/icecast-admin-pw>;
|
||||
source-password = import <secrets/icecast-source-pw>;
|
||||
|
||||
in {
|
||||
users.users = {
|
||||
"${name}" = rec {
|
||||
inherit name;
|
||||
group = name;
|
||||
uid = genid name;
|
||||
description = "radio manager";
|
||||
home = "/home/${name}";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
users.groups = {
|
||||
"radio" = {};
|
||||
};
|
||||
|
||||
krebs.per-user.${name}.packages = with pkgs; [
|
||||
ncmpcpp
|
||||
mpc_cli
|
||||
tmux
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
group = "radio";
|
||||
musicDirectory = "/home/radio/the_playlist/music";
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "shout"
|
||||
encoding "ogg"
|
||||
name "my cool stream"
|
||||
host "localhost"
|
||||
port "8000"
|
||||
mount "/radio.ogg"
|
||||
|
||||
# This is the source password in icecast.xml
|
||||
password "${source-password}"
|
||||
|
||||
# Set either quality or bit rate
|
||||
# quality "5.0"
|
||||
bitrate "128"
|
||||
|
||||
format "44100:16:1"
|
||||
|
||||
# Optional Parameters
|
||||
user "source"
|
||||
# description "here is my long description"
|
||||
# genre "jazz"
|
||||
} # end of audio_output
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
services.icecast = {
|
||||
enable = true;
|
||||
hostname = "config.krebs.build.host.name";
|
||||
admin.password = admin-password;
|
||||
extraConf = ''
|
||||
<authentication>
|
||||
<source-password>${source-password}</source-password>
|
||||
</authentication>
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.radio = {
|
||||
description = "radio autoadder timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
timerConfig = {
|
||||
OnCalendar = "*:*";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.radio = let
|
||||
autoAdd = pkgs.writeDash "autoAdd" ''
|
||||
LIMIT=$1 #in secconds
|
||||
|
||||
addRandom () {
|
||||
mpc add "$(mpc ls | shuf -n1)"
|
||||
}
|
||||
|
||||
timeLeft () {
|
||||
playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
|
||||
currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
|
||||
expr ''${playlistDuration:-0} - ''${currentTime:-0}
|
||||
}
|
||||
|
||||
if test $(timeLeft) -le $LIMIT; then
|
||||
addRandom
|
||||
fi
|
||||
'';
|
||||
in {
|
||||
description = "radio playlist autoadder";
|
||||
after = [ "network.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
gawk
|
||||
mpc_cli
|
||||
];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = "${autoAdd} 100";
|
||||
};
|
||||
};
|
||||
}
|
@ -147,13 +147,8 @@ in {
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
{ names = [
|
||||
"brogrammer"
|
||||
"commentary"
|
||||
"extradite"
|
||||
"file-line"
|
||||
"fugitive"
|
||||
"Gundo"
|
||||
"mustang2"
|
||||
"unimpaired"
|
||||
]; }
|
||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||
];
|
||||
|
@ -1,35 +1,87 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
inherit (config.krebs.lib)
|
||||
genid
|
||||
readFile
|
||||
;
|
||||
inherit (import ../../4lib { inherit lib pkgs; })
|
||||
manageCert
|
||||
manageCerts
|
||||
activateACME
|
||||
ssl
|
||||
servePage
|
||||
serveOwncloud
|
||||
serveWordpress;
|
||||
|
||||
msmtprc = pkgs.writeText "msmtprc" ''
|
||||
account prism
|
||||
host localhost
|
||||
account default: prism
|
||||
'';
|
||||
|
||||
sendmail = pkgs.writeDash "msmtp" ''
|
||||
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
imports = [
|
||||
../../3modules/static_nginx.nix
|
||||
../../3modules/owncloud_nginx.nix
|
||||
../../3modules/wordpress_nginx.nix
|
||||
( ssl [ "reich-gebaeudereinigung.de" ])
|
||||
( servePage [ "reich-gebaeudereinigung.de" ])
|
||||
|
||||
( manageCerts [ "karlaskop.de" ])
|
||||
( servePage [ "karlaskop.de" ])
|
||||
|
||||
( ssl [ "makeup.apanowicz.de" ])
|
||||
( servePage [ "makeup.apanowicz.de" ])
|
||||
|
||||
( manageCerts [ "pixelpocket.de" ])
|
||||
( servePage [ "pixelpocket.de" ])
|
||||
|
||||
( ssl [ "o.ubikmedia.de" ])
|
||||
( serveOwncloud [ "o.ubikmedia.de" ])
|
||||
|
||||
( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||
];
|
||||
|
||||
lass.staticPage = {
|
||||
"karlaskop.de" = {};
|
||||
"makeup.apanowicz.de" = {};
|
||||
"pixelpocket.de" = {};
|
||||
"reich-gebaeudereinigung.de" = {};
|
||||
};
|
||||
|
||||
lass.owncloud = {
|
||||
"o.ubikmedia.de" = {
|
||||
instanceid = "oc8n8ddbftgh";
|
||||
};
|
||||
};
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||
};
|
||||
|
||||
#lass.wordpress = {
|
||||
# "ubikmedia.de" = {
|
||||
# };
|
||||
#};
|
||||
lass.mysqlBackup = {
|
||||
enable = true;
|
||||
config.domsen = {
|
||||
password = toString (<secrets/mysql_rootPassword>);
|
||||
databases = [
|
||||
"ubikmedia_de"
|
||||
"o_ubikmedia_de"
|
||||
];
|
||||
};
|
||||
};
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
databases = [
|
||||
"ubikmedia_de"
|
||||
"o_ubikmedia_de"
|
||||
];
|
||||
location = "/bku/sql_dumps";
|
||||
};
|
||||
|
||||
users.users.domsen = {
|
||||
uid = genid "domsen";
|
||||
description = "maintenance acc for domsen";
|
||||
home = "/home/domsen";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "nginx" ];
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
services.phpfpm.phpOptions = ''
|
||||
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||
sendmail_path = ${sendmail} -t
|
||||
'';
|
||||
}
|
||||
|
||||
|
@ -1,33 +1,57 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
inherit (import ../../4lib { inherit lib pkgs; })
|
||||
manageCerts
|
||||
activateACME
|
||||
ssl
|
||||
servePage
|
||||
serveWordpress;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
../../3modules/static_nginx.nix
|
||||
../../3modules/owncloud_nginx.nix
|
||||
../../3modules/wordpress_nginx.nix
|
||||
( manageCerts [ "biostase.de" "www.biostase.de" ])
|
||||
#( serveWordpress [ "biostase.de" "www.biostase.de" ])
|
||||
|
||||
( manageCerts [ "radical-dreamers.de" ])
|
||||
( serveWordpress [ "radical-dreamers.de" ])
|
||||
|
||||
( manageCerts [ "gs-maubach.de" ])
|
||||
( serveWordpress [ "gs-maubach.de" ])
|
||||
|
||||
( manageCerts [ "spielwaren-kern.de" ])
|
||||
( serveWordpress [ "spielwaren-kern.de" ])
|
||||
|
||||
( manageCerts [ "familienpraxis-korntal.de" ])
|
||||
( servePage [ "familienpraxis-korntal.de" ])
|
||||
|
||||
( manageCerts [ "ttf-kleinaspach.de" ])
|
||||
( serveWordpress [ "ttf-kleinaspach.de" ])
|
||||
|
||||
( ssl [ "eastuttgart.de" ])
|
||||
( serveWordpress [ "eastuttgart.de" ])
|
||||
|
||||
( ssl [ "habsys.de" "habsys.eu" ])
|
||||
( servePage [ "habsys.de" "habsys.eu" ])
|
||||
];
|
||||
|
||||
lass.staticPage = {
|
||||
"biostase.de" = {};
|
||||
"gs-maubach.de" = {};
|
||||
"spielwaren-kern.de" = {};
|
||||
"societyofsimtech.de" = {};
|
||||
"ttf-kleinaspach.de" = {};
|
||||
"edsn.de" = {};
|
||||
"eab.berkeley.edu" = {};
|
||||
"habsys.de" = {};
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||
};
|
||||
|
||||
#lass.owncloud = {
|
||||
# "o.ubikmedia.de" = {
|
||||
# instanceid = "oc8n8ddbftgh";
|
||||
# };
|
||||
#};
|
||||
|
||||
#services.mysql = {
|
||||
# enable = true;
|
||||
# package = pkgs.mariadb;
|
||||
# rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||
#};
|
||||
lass.mysqlBackup = {
|
||||
enable = true;
|
||||
config.fritz = {
|
||||
password = toString (<secrets/mysql_rootPassword>);
|
||||
databases = [
|
||||
"biostase_de"
|
||||
"eastuttgart_de"
|
||||
"radical_dreamers_de"
|
||||
"spielwaren_kern_de"
|
||||
"ttf_kleinaspach_de"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,14 +1,17 @@
|
||||
{ config, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
inherit (config.krebs.lib) genid;
|
||||
inherit (import ../../4lib { inherit lib pkgs; })
|
||||
ssl
|
||||
servePage;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
../../3modules/static_nginx.nix
|
||||
( ssl [ "wohnprojekt-rhh.de" ])
|
||||
( servePage [ "wohnprojekt-rhh.de" ])
|
||||
];
|
||||
|
||||
lass.staticPage = {
|
||||
"wohnprojekt-rhh.de" = {};
|
||||
};
|
||||
|
||||
users.users.laura = {
|
||||
home = "/srv/http/wohnprojekt-rhh.de";
|
||||
createHome = true;
|
||||
|
@ -16,6 +16,7 @@ in {
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -40,8 +40,8 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
security.setuidPrograms = [
|
||||
"slock"
|
||||
krebs.per-user.lass.packages = [
|
||||
pkgs.rxvt_unicode_with-plugins
|
||||
];
|
||||
|
||||
systemd.services.display-manager.enable = false;
|
||||
@ -52,7 +52,7 @@ let
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "xserver.service" ];
|
||||
environment = xmonad-environment;
|
||||
restartIfChanged = false;
|
||||
restartIfChanged = true;
|
||||
serviceConfig = {
|
||||
ExecStart = "${xmonad-start}/bin/xmonad";
|
||||
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
|
||||
@ -82,12 +82,7 @@ let
|
||||
|
||||
# XXX JSON is close enough :)
|
||||
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
||||
"cr"
|
||||
"gm"
|
||||
"ff"
|
||||
"IM"
|
||||
"mail"
|
||||
"stockholm"
|
||||
"dashboard"
|
||||
]);
|
||||
};
|
||||
|
||||
@ -96,6 +91,9 @@ let
|
||||
set -efu
|
||||
export PATH; PATH=${makeSearchPath "bin" ([
|
||||
pkgs.rxvt_unicode
|
||||
pkgs.i3lock
|
||||
pkgs.pulseaudioLight
|
||||
pkgs.xorg.xbacklight
|
||||
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
||||
settle() {(
|
||||
# Use PATH for a clean journal
|
||||
@ -114,7 +112,8 @@ let
|
||||
|
||||
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
|
||||
#! /bin/sh
|
||||
exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
|
||||
${pkgs.xmonad-lass}/bin/xmonad --shutdown
|
||||
${pkgs.coreutils}/bin/sleep 2s
|
||||
'';
|
||||
|
||||
xserver-environment = {
|
||||
@ -128,7 +127,7 @@ let
|
||||
xserver = pkgs.writeScriptBin "xserver" ''
|
||||
#! /bin/sh
|
||||
set -efu
|
||||
exec ${pkgs.xorg.xorgserver}/bin/X \
|
||||
exec ${pkgs.xorg.xorgserver.out}/bin/X \
|
||||
:${toString config.services.xserver.display} \
|
||||
vt${toString config.services.xserver.tty} \
|
||||
-config ${import ./xserver.conf.nix args} \
|
||||
|
@ -1,11 +1,11 @@
|
||||
_:
|
||||
{
|
||||
imports = [
|
||||
./xresources.nix
|
||||
./ejabberd
|
||||
./folderPerms.nix
|
||||
./per-user.nix
|
||||
./mysql-backup.nix
|
||||
./urxvtd.nix
|
||||
./xresources.nix
|
||||
./wordpress_nginx.nix
|
||||
./xresources.nix
|
||||
];
|
||||
}
|
||||
|
93
lass/3modules/ejabberd/config.nix
Normal file
93
lass/3modules/ejabberd/config.nix
Normal file
@ -0,0 +1,93 @@
|
||||
{ config, ... }: with config.krebs.lib; let
|
||||
cfg = config.lass.ejabberd;
|
||||
|
||||
# XXX this is a placeholder that happens to work the default strings.
|
||||
toErlang = builtins.toJSON;
|
||||
in toFile "ejabberd.conf" ''
|
||||
{loglevel, 3}.
|
||||
{hosts, ${toErlang cfg.hosts}}.
|
||||
{listen,
|
||||
[
|
||||
{5222, ejabberd_c2s, [
|
||||
starttls,
|
||||
{certfile, ${toErlang cfg.certfile}},
|
||||
{access, c2s},
|
||||
{shaper, c2s_shaper},
|
||||
{max_stanza_size, 65536}
|
||||
]},
|
||||
{5269, ejabberd_s2s_in, [
|
||||
{shaper, s2s_shaper},
|
||||
{max_stanza_size, 131072}
|
||||
]},
|
||||
{5280, ejabberd_http, [
|
||||
captcha,
|
||||
http_bind,
|
||||
http_poll,
|
||||
web_admin
|
||||
]}
|
||||
]}.
|
||||
{s2s_use_starttls, required}.
|
||||
{s2s_certfile, ${toErlang cfg.s2s_certfile}}.
|
||||
{auth_method, internal}.
|
||||
{shaper, normal, {maxrate, 1000}}.
|
||||
{shaper, fast, {maxrate, 50000}}.
|
||||
{max_fsm_queue, 1000}.
|
||||
{acl, local, {user_regexp, ""}}.
|
||||
{access, max_user_sessions, [{10, all}]}.
|
||||
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
|
||||
{access, local, [{allow, local}]}.
|
||||
{access, c2s, [{deny, blocked},
|
||||
{allow, all}]}.
|
||||
{access, c2s_shaper, [{none, admin},
|
||||
{normal, all}]}.
|
||||
{access, s2s_shaper, [{fast, all}]}.
|
||||
{access, announce, [{allow, admin}]}.
|
||||
{access, configure, [{allow, admin}]}.
|
||||
{access, muc_admin, [{allow, admin}]}.
|
||||
{access, muc_create, [{allow, local}]}.
|
||||
{access, muc, [{allow, all}]}.
|
||||
{access, pubsub_createnode, [{allow, local}]}.
|
||||
{access, register, [{allow, local}]}.
|
||||
{language, "en"}.
|
||||
{modules,
|
||||
[
|
||||
{mod_adhoc, []},
|
||||
{mod_announce, [{access, announce}]},
|
||||
{mod_blocking,[]},
|
||||
{mod_caps, []},
|
||||
{mod_configure,[]},
|
||||
{mod_disco, []},
|
||||
{mod_irc, []},
|
||||
{mod_http_bind, []},
|
||||
{mod_last, []},
|
||||
{mod_muc, [
|
||||
{access, muc},
|
||||
{access_create, muc_create},
|
||||
{access_persistent, muc_create},
|
||||
{access_admin, muc_admin}
|
||||
]},
|
||||
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
|
||||
{mod_ping, []},
|
||||
{mod_privacy, []},
|
||||
{mod_private, []},
|
||||
{mod_pubsub, [
|
||||
{access_createnode, pubsub_createnode},
|
||||
{ignore_pep_from_offline, true},
|
||||
{last_item_cache, false},
|
||||
{plugins, ["flat", "hometree", "pep"]}
|
||||
]},
|
||||
{mod_register, [
|
||||
{welcome_message, {"Welcome!",
|
||||
"Hi.\nWelcome to this XMPP server."}},
|
||||
{ip_access, [{allow, "127.0.0.0/8"},
|
||||
{allow, "0.0.0.0/0"}]},
|
||||
{access, register}
|
||||
]},
|
||||
{mod_roster, []},
|
||||
{mod_shared_roster,[]},
|
||||
{mod_stats, []},
|
||||
{mod_time, []},
|
||||
{mod_vcard, []},
|
||||
{mod_version, []}
|
||||
]}.
|
||||
''
|
57
lass/3modules/ejabberd/default.nix
Normal file
57
lass/3modules/ejabberd/default.nix
Normal file
@ -0,0 +1,57 @@
|
||||
{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
|
||||
cfg = config.lass.ejabberd;
|
||||
in {
|
||||
options.lass.ejabberd = {
|
||||
enable = mkEnableOption "lass.ejabberd";
|
||||
certfile = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
hosts = mkOption {
|
||||
type = with types; listOf str;
|
||||
};
|
||||
pkgs.ejabberdctl = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.writeDashBin "ejabberdctl" ''
|
||||
set -efu
|
||||
export SPOOLDIR=${shell.escape cfg.user.home}
|
||||
export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
|
||||
exec ${pkgs.ejabberd}/bin/ejabberdctl \
|
||||
--logs ${shell.escape cfg.user.home} \
|
||||
--spool ${shell.escape cfg.user.home} \
|
||||
"$@"
|
||||
'';
|
||||
};
|
||||
s2s_certfile = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.certfile;
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = "ejabberd";
|
||||
home = "/var/ejabberd";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
|
||||
|
||||
systemd.services.ejabberd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
PermissionsStartOnly = "true";
|
||||
SyslogIdentifier = "ejabberd";
|
||||
User = cfg.user.name;
|
||||
ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.${cfg.user.name} = {
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
}
|
86
lass/3modules/mysql-backup.nix
Normal file
86
lass/3modules/mysql-backup.nix
Normal file
@ -0,0 +1,86 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.lass.mysqlBackup;
|
||||
|
||||
out = {
|
||||
options.lass.mysqlBackup = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "mysqlBackup";
|
||||
config = mkOption {
|
||||
type = with types; attrsOf (submodule ({ config, ... }: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
startAt = mkOption {
|
||||
type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
|
||||
default = "*-*-* 01:15:00";
|
||||
};
|
||||
user = mkOption {
|
||||
type = str;
|
||||
default = "root";
|
||||
};
|
||||
password = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
path to a file containing the mysqlPassword for the specified user.
|
||||
'';
|
||||
};
|
||||
databases = mkOption {
|
||||
type = listOf str;
|
||||
default = [];
|
||||
};
|
||||
location = mkOption {
|
||||
type = str;
|
||||
default = "/bku/sql_dumps";
|
||||
};
|
||||
};
|
||||
}));
|
||||
description = "configuration for mysqlBackup";
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
|
||||
#systemd.timers =
|
||||
# mapAttrs (_: plan: {
|
||||
# wantedBy = [ "timers.target" ];
|
||||
# timerConfig = plan.timerConfig;
|
||||
#}) cfg.config;
|
||||
|
||||
systemd.services =
|
||||
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
|
||||
path = with pkgs; [
|
||||
mysql
|
||||
gzip
|
||||
];
|
||||
serviceConfig = rec {
|
||||
ExecStart = start plan;
|
||||
SyslogIdentifier = ExecStart.name;
|
||||
Type = "oneshot";
|
||||
User = plan.user;
|
||||
};
|
||||
startAt = plan.startAt;
|
||||
}) cfg.config;
|
||||
};
|
||||
|
||||
|
||||
start = plan: let
|
||||
backupScript = plan: db:
|
||||
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
|
||||
|
||||
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
|
||||
${concatMapStringsSep "\n" (backupScript plan) plan.databases}
|
||||
'';
|
||||
|
||||
|
||||
in out
|
@ -1,53 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
let
|
||||
cfg = config.lass.per-user;
|
||||
|
||||
out = {
|
||||
options.lass.per-user = api;
|
||||
config = imp;
|
||||
};
|
||||
|
||||
api = mkOption {
|
||||
type = with types; attrsOf (submodule {
|
||||
options = {
|
||||
packages = mkOption {
|
||||
type = listOf path;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
|
||||
imp = {
|
||||
#
|
||||
# TODO only shellInit and use well-known paths
|
||||
#
|
||||
environment.shellInit = ''
|
||||
if test -e ${user-profiles}/"$LOGNAME"; then
|
||||
. ${user-profiles}/"$LOGNAME"
|
||||
fi
|
||||
'';
|
||||
environment.interactiveShellInit = ''
|
||||
if test -e ${user-profiles}/"$LOGNAME"; then
|
||||
. ${user-profiles}/"$LOGNAME"
|
||||
fi
|
||||
'';
|
||||
environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
|
||||
};
|
||||
|
||||
user-profiles = pkgs.runCommand "user-profiles" {} ''
|
||||
mkdir $out
|
||||
${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
|
||||
cat > $out/${logname} <<\EOF
|
||||
${optionalString (length packages > 0) (
|
||||
let path = makeSearchPath "bin" packages; in
|
||||
''export PATH="$PATH":${escapeShellArg path}''
|
||||
)}
|
||||
EOF
|
||||
'') cfg)}
|
||||
'';
|
||||
|
||||
in out
|
@ -1,10 +1,231 @@
|
||||
{ lib, ... }:
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
rec {
|
||||
|
||||
getDefaultGateway = ip:
|
||||
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
||||
|
||||
manageCerts = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
security.acme = {
|
||||
certs."${domain}" = {
|
||||
email = "lassulus@gmail.com";
|
||||
webroot = "/var/lib/acme/challenges/${domain}";
|
||||
plugins = [
|
||||
"account_key.json"
|
||||
"key.pem"
|
||||
"fullchain.pem"
|
||||
];
|
||||
group = "nginx";
|
||||
allowKeysForGroup = true;
|
||||
extraDomains = genAttrs domains (_: null);
|
||||
};
|
||||
};
|
||||
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
locations = [
|
||||
(nameValuePair "/.well-known/acme-challenge" ''
|
||||
root /var/lib/acme/challenges/${domain}/;
|
||||
'')
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
ssl = domains:
|
||||
{
|
||||
imports = [
|
||||
( manageCerts domains )
|
||||
( activateACME (head domains) )
|
||||
];
|
||||
};
|
||||
|
||||
activateACME = domain:
|
||||
{
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
ssl = {
|
||||
enable = true;
|
||||
certificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||
certificate_key = "/var/lib/acme/${domain}/key.pem";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
servePage = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
server-names = domains;
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
root /srv/http/${domain};
|
||||
'')
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
serveOwncloud = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
server-names = domains;
|
||||
extraConfig = ''
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /srv/http/${domain}/;
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Disable gzip to avoid the removal of the ETag header
|
||||
gzip off;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
index index.php;
|
||||
error_page 403 /core/templates/403.php;
|
||||
error_page 404 /core/templates/404.php;
|
||||
|
||||
rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
|
||||
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
'';
|
||||
locations = [
|
||||
(nameValuePair "/robots.txt" ''
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
'')
|
||||
(nameValuePair "~ ^/(build|tests|config|lib|3rdparty|templates|data)/" ''
|
||||
deny all;
|
||||
'')
|
||||
|
||||
(nameValuePair "~ ^/(?:autotest|occ|issue|indie|db_|console)" ''
|
||||
deny all;
|
||||
'')
|
||||
|
||||
(nameValuePair "/" ''
|
||||
rewrite ^/remote/(.*) /remote.php last;
|
||||
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
'')
|
||||
|
||||
(nameValuePair "~ \.php(?:$|/)" ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'')
|
||||
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
|
||||
(nameValuePair "~* \.(?:css|js)$" ''
|
||||
add_header Cache-Control "public, max-age=7200";
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
'')
|
||||
|
||||
# Optional: Don't log access to other assets
|
||||
(nameValuePair "~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$" ''
|
||||
access_log off;
|
||||
'')
|
||||
];
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
# errors to journal
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
serveWordpress = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
server-names = domains;
|
||||
extraConfig = ''
|
||||
root /srv/http/${domain}/;
|
||||
index index.php;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
'';
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'')
|
||||
(nameValuePair "~ \.php$" ''
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
'')
|
||||
#(nameValuePair "~ /\\." ''
|
||||
# deny all;
|
||||
#'')
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
(nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'')
|
||||
];
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
# errors to journal
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1,13 +1,16 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeScriptBin "acronym" ''
|
||||
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
|
||||
acro=$1
|
||||
|
||||
curl -s http://www.acronymfinder.com/$acro.html \
|
||||
| grep 'class="result-list__body__rank"' \
|
||||
| sed 's/.*title="\([^"]*\)".*/\1/' \
|
||||
| sed 's/^.* - //' \
|
||||
| sed "s/'/'/g"
|
||||
| grep 'class="result-list__body__rank"' \
|
||||
| sed '
|
||||
s/.*title="\([^"]*\)".*/\1/
|
||||
s/^.* - //
|
||||
s/'/'\'''/g
|
||||
'
|
||||
''
|
||||
|
@ -8,7 +8,10 @@
|
||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
||||
};
|
||||
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
|
||||
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
||||
untilport = pkgs.callPackage ./untilport/default.nix {};
|
||||
urban = pkgs.callPackage ./urban/default.nix {};
|
||||
xmonad-lass =
|
||||
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
||||
pkgs.haskellPackages.callPackage src {};
|
||||
|
19
lass/5pkgs/mk_sql_pair/default.nix
Normal file
19
lass/5pkgs/mk_sql_pair/default.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeScriptBin "mk_sql_pair" ''
|
||||
#!/bin/sh
|
||||
|
||||
name=$1
|
||||
password=$2
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
echo '$1=name, $2=password'
|
||||
exit 23;
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
create database $name;
|
||||
create user $name;
|
||||
grant all on $name.* to $name@'localhost' identified by '$password';
|
||||
EOF
|
||||
''
|
18
lass/5pkgs/untilport/default.nix
Normal file
18
lass/5pkgs/untilport/default.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeDashBin "untilport" ''
|
||||
set -euf
|
||||
|
||||
usage() {
|
||||
echo 'untiport $target $port'
|
||||
echo 'Sleeps until the destinated port is reachable.'
|
||||
echo 'ex: untilport google.de 80 && echo "google is now reachable"'
|
||||
}
|
||||
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
usage
|
||||
else
|
||||
until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
|
||||
fi
|
||||
''
|
21
lass/5pkgs/urban/default.nix
Normal file
21
lass/5pkgs/urban/default.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeScriptBin "urban" ''
|
||||
#!/bin/sh
|
||||
set -euf
|
||||
term=$1
|
||||
curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \
|
||||
| sed 's/<\/\?a\>[^>]*>//g' \
|
||||
| sed 's/<\([^>]*\)>/\n<\1\n/g' \
|
||||
| grep . \
|
||||
| sed -n '/<div class=.meaning./,/<\/div/p' \
|
||||
| sed 's/<div class=.meaning./-----/' \
|
||||
| grep -v '^</div\>' \
|
||||
| grep -v '^<br\>' \
|
||||
| sed '
|
||||
s/"/"/g
|
||||
s/'/'\'''/g
|
||||
s/>/>/g
|
||||
s/</>/g
|
||||
'
|
||||
''
|
@ -5,56 +5,37 @@
|
||||
|
||||
|
||||
module Main where
|
||||
|
||||
import Control.Exception
|
||||
import Text.Read (readEither)
|
||||
import XMonad
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
|
||||
import System.Posix.Process (executeFile)
|
||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
|
||||
, removeEmptyWorkspace)
|
||||
import XMonad.Actions.GridSelect
|
||||
import XMonad.Actions.CycleWS (toggleWS)
|
||||
--import XMonad.Actions.CopyWindow ( copy )
|
||||
import XMonad.Layout.NoBorders ( smartBorders )
|
||||
|
||||
import qualified XMonad.StackSet as W
|
||||
import Data.Map (Map)
|
||||
import qualified Data.Map as Map
|
||||
-- TODO import XMonad.Layout.WorkspaceDir
|
||||
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
|
||||
-- import XMonad.Layout.Tabbed
|
||||
--import XMonad.Layout.MouseResizableTile
|
||||
import XMonad.Layout.Reflect (reflectVert)
|
||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
||||
import XMonad.Layout.PerWorkspace (onWorkspace)
|
||||
--import XMonad.Layout.BinarySpacePartition
|
||||
import XMonad.Util.EZConfig (additionalKeysP)
|
||||
|
||||
import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
|
||||
import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
|
||||
import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
|
||||
import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
|
||||
import XMonad.Prompt.Workspace
|
||||
import Control.Exception
|
||||
import Data.List (isInfixOf)
|
||||
import System.Environment (getArgs, withArgs, getEnv)
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import Text.Read (readEither)
|
||||
import XMonad.Actions.CopyWindow (copy, kill1)
|
||||
import qualified Data.Map as M
|
||||
import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
|
||||
|
||||
--import XMonad.Actions.Submap
|
||||
import XMonad.Stockholm.Pager
|
||||
import XMonad.Stockholm.Rhombus
|
||||
import XMonad.Stockholm.Shutdown
|
||||
import XMonad.Actions.CycleWS (toggleWS)
|
||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
|
||||
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
|
||||
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
|
||||
import XMonad.Hooks.FloatNext (floatNext)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.UrgencyHook (focusUrgent)
|
||||
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
|
||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
|
||||
import XMonad.Layout.NoBorders (smartBorders)
|
||||
import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
|
||||
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
|
||||
import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
|
||||
import XMonad.Util.EZConfig (additionalKeysP)
|
||||
|
||||
|
||||
myTerm :: String
|
||||
myTerm = "urxvtc"
|
||||
|
||||
myRootTerm :: String
|
||||
myRootTerm = "urxvtc -name root-urxvt -e su -"
|
||||
|
||||
myFont :: String
|
||||
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
|
||||
|
||||
@ -67,18 +48,12 @@ mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
workspaces0 <- getWorkspaces0
|
||||
xmonad'
|
||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
||||
-- urgencyConfig { remindWhen = Every 1 }
|
||||
-- $ withUrgencyHook borderUrgencyHook "magenta"
|
||||
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
|
||||
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
||||
$ def
|
||||
{ terminal = myTerm
|
||||
, modMask = mod4Mask
|
||||
, workspaces = workspaces0
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||
--, handleEventHook = handleTimerEvent
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, startupHook = spawn "echo emit XMonadStartup"
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
@ -88,7 +63,7 @@ mainNoArgs = do
|
||||
|
||||
myLayoutHook = defLayout
|
||||
where
|
||||
defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
|
||||
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1)
|
||||
|
||||
|
||||
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
|
||||
@ -96,7 +71,7 @@ xmonad' conf = do
|
||||
path <- getEnv "XMONAD_STATE"
|
||||
try (readFile path) >>= \case
|
||||
Right content -> do
|
||||
hPutStrLn stderr ("resuming from " ++ path)
|
||||
hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content)
|
||||
withArgs ("--resume" : lines content) (xmonad conf)
|
||||
Left e -> do
|
||||
hPutStrLn stderr (displaySomeException e)
|
||||
@ -118,19 +93,21 @@ displaySomeException :: SomeException -> String
|
||||
displaySomeException = displayException
|
||||
|
||||
|
||||
myKeyMap :: [([Char], X ())]
|
||||
myKeyMap =
|
||||
[ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
|
||||
[ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f")
|
||||
, ("M4-p", spawn "passmenu --type")
|
||||
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
|
||||
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
|
||||
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
|
||||
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
|
||||
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
|
||||
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
|
||||
, ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 3")
|
||||
, ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 3")
|
||||
|
||||
, ("M4-a", focusUrgent)
|
||||
, ("M4-S-r", renameWorkspace defaultXPConfig)
|
||||
, ("M4-S-a", addWorkspacePrompt defaultXPConfig)
|
||||
, ("M4-S-r", renameWorkspace def)
|
||||
, ("M4-S-a", addWorkspacePrompt def)
|
||||
, ("M4-S-<Backspace>", removeEmptyWorkspace)
|
||||
, ("M4-S-c", kill1)
|
||||
, ("M4-<Esc>", toggleWS)
|
||||
@ -139,66 +116,34 @@ myKeyMap =
|
||||
, ("M4-f", floatNext True)
|
||||
, ("M4-b", sendMessage ToggleStruts)
|
||||
|
||||
, ("M4-v", withWorkspace myXPConfig (windows . W.view))
|
||||
, ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
|
||||
, ("M4-C-v", withWorkspace myXPConfig (windows . copy))
|
||||
, ("M4-v", withWorkspace autoXPConfig (windows . W.view))
|
||||
, ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
|
||||
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
|
||||
|
||||
-- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
|
||||
-- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
|
||||
-- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
|
||||
, ("M4-m", withFocused minimizeWindow)
|
||||
, ("M4-S-m", sendMessage RestoreNextMinimizedWin)
|
||||
|
||||
, ("M4-q", windowPromptGoto infixAutoXPConfig)
|
||||
, ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
|
||||
|
||||
--, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
|
||||
, ("M4-S-q", return ())
|
||||
]
|
||||
|
||||
myGSConfig = defaultGSConfig
|
||||
{ gs_cellheight = 50
|
||||
autoXPConfig :: XPConfig
|
||||
autoXPConfig = def
|
||||
{ autoComplete = Just 5000
|
||||
}
|
||||
|
||||
infixAutoXPConfig :: XPConfig
|
||||
infixAutoXPConfig = autoXPConfig
|
||||
{ searchPredicate = isInfixOf
|
||||
}
|
||||
|
||||
gridConfig :: GSConfig WorkspaceId
|
||||
gridConfig = def
|
||||
{ gs_cellwidth = 100
|
||||
, gs_cellheight = 30
|
||||
, gs_cellpadding = 2
|
||||
, gs_navigate = navNSearch
|
||||
, gs_font = myFont
|
||||
}
|
||||
|
||||
myXPConfig :: XPConfig
|
||||
myXPConfig = defaultXPConfig
|
||||
{ autoComplete = Just 5000
|
||||
}
|
||||
|
||||
myWSConfig = myGSConfig
|
||||
{ gs_cellwidth = 50
|
||||
}
|
||||
|
||||
pagerConfig :: PagerConfig
|
||||
pagerConfig = def
|
||||
{ pc_font = myFont
|
||||
, pc_cellwidth = 64
|
||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||
--, pc_borderwidth = 1
|
||||
--, pc_matchcolor = "#f0b000"
|
||||
, pc_matchmethod = MatchPrefix
|
||||
--, pc_colors = pagerWorkspaceColors
|
||||
, pc_windowColors = windowColors
|
||||
}
|
||||
where
|
||||
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
|
||||
windowColors wsf m c u wf = do
|
||||
let y = defaultWindowColors wsf m c u wf
|
||||
if m == False && wf == True
|
||||
then ("#402020", snd y)
|
||||
else y
|
||||
|
||||
wGSConfig :: GSConfig Window
|
||||
wGSConfig = def
|
||||
{ gs_cellheight = 20
|
||||
, gs_cellwidth = 192
|
||||
, gs_cellpadding = 5
|
||||
, gs_font = myFont
|
||||
, gs_navigate = navNSearch
|
||||
}
|
||||
|
||||
|
||||
(&) :: a -> (a -> c) -> c
|
||||
(&) = flip ($)
|
||||
|
||||
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
|
||||
allWorkspaceNames ws =
|
||||
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
|
||||
|
@ -1,52 +0,0 @@
|
||||
module Util.PerWorkspaceConfig
|
||||
( WorkspaceConfig (..)
|
||||
, WorkspaceConfigs
|
||||
, switchToWorkspace
|
||||
, defaultWorkspaceConfig
|
||||
, perWorkspaceAction
|
||||
, perWorkspaceTermAction
|
||||
-- , myLayoutHack
|
||||
)
|
||||
where
|
||||
|
||||
import XMonad
|
||||
import XMonad.Core (LayoutClass)
|
||||
import Control.Monad (when)
|
||||
|
||||
import qualified Data.Map as M
|
||||
import qualified XMonad.StackSet as W
|
||||
|
||||
data WorkspaceConfig l =
|
||||
WorkspaceConfig
|
||||
{ switchAction :: X ()
|
||||
, startAction :: X ()
|
||||
, keyAction :: X ()
|
||||
, termAction :: X ()
|
||||
}
|
||||
|
||||
type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
|
||||
|
||||
defaultWorkspaceConfig = WorkspaceConfig
|
||||
{ switchAction = return ()
|
||||
, startAction = return ()
|
||||
, keyAction = return ()
|
||||
, termAction = spawn "urxvtc"
|
||||
}
|
||||
|
||||
whenLookup wsId cfg a =
|
||||
when (M.member wsId cfg) (a $ cfg M.! wsId)
|
||||
|
||||
switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
|
||||
switchToWorkspace cfg wsId = do
|
||||
windows $ W.greedyView wsId
|
||||
wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
|
||||
when (null wins) $ whenLookup wsId cfg startAction
|
||||
whenLookup wsId cfg switchAction
|
||||
|
||||
perWorkspaceAction :: WorkspaceConfigs l -> X ()
|
||||
perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
|
||||
|
||||
perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
|
||||
perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
|
||||
Just x -> termAction x
|
||||
_ -> termAction defaultWorkspaceConfig
|
Loading…
Reference in New Issue
Block a user