Merge remote-tracking branch 'cloudkrebs/master'
This commit is contained in:
commit
c1971f5aa0
@ -40,8 +40,7 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
|
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
mkdir -p ${shell.escape cfg.stateDir}
|
mkdir -p ${shell.escape cfg.stateDir}
|
||||||
|
@ -20,6 +20,7 @@ let
|
|||||||
flatten
|
flatten
|
||||||
length
|
length
|
||||||
hasAttr
|
hasAttr
|
||||||
|
hasPrefix
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkOption
|
mkOption
|
||||||
mkIf
|
mkIf
|
||||||
@ -123,7 +124,7 @@ let
|
|||||||
|
|
||||||
buildRule = tn: cn: rule:
|
buildRule = tn: cn: rule:
|
||||||
#target validation test:
|
#target validation test:
|
||||||
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
|
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
|
||||||
|
|
||||||
#predicate validation test:
|
#predicate validation test:
|
||||||
#maybe use iptables-test
|
#maybe use iptables-test
|
||||||
|
@ -12,6 +12,7 @@ with config.krebs.lib;
|
|||||||
aliases = [
|
aliases = [
|
||||||
"dishfire.internet"
|
"dishfire.internet"
|
||||||
];
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
via = internet;
|
via = internet;
|
||||||
@ -40,10 +41,11 @@ with config.krebs.lib;
|
|||||||
cores = 2;
|
cores = 2;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "162.252.241.33";
|
ip4.addr = "104.233.79.118";
|
||||||
aliases = [
|
aliases = [
|
||||||
"echelon.internet"
|
"echelon.internet"
|
||||||
];
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
via = internet;
|
via = internet;
|
||||||
@ -79,6 +81,7 @@ with config.krebs.lib;
|
|||||||
aliases = [
|
aliases = [
|
||||||
"prism.internet"
|
"prism.internet"
|
||||||
];
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
via = internet;
|
via = internet;
|
||||||
@ -143,6 +146,7 @@ with config.krebs.lib;
|
|||||||
aliases = [
|
aliases = [
|
||||||
"cloudkrebs.internet"
|
"cloudkrebs.internet"
|
||||||
];
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
via = internet;
|
via = internet;
|
||||||
@ -174,6 +178,7 @@ with config.krebs.lib;
|
|||||||
gg23 = {
|
gg23 = {
|
||||||
ip4.addr = "10.23.1.12";
|
ip4.addr = "10.23.1.12";
|
||||||
aliases = ["uriel.gg23"];
|
aliases = ["uriel.gg23"];
|
||||||
|
ssh.port = 45621;
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.81.176";
|
ip4.addr = "10.243.81.176";
|
||||||
@ -205,6 +210,7 @@ with config.krebs.lib;
|
|||||||
gg23 = {
|
gg23 = {
|
||||||
ip4.addr = "10.23.1.11";
|
ip4.addr = "10.23.1.11";
|
||||||
aliases = ["mors.gg23"];
|
aliases = ["mors.gg23"];
|
||||||
|
ssh.port = 45621;
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.0.2";
|
ip4.addr = "10.243.0.2";
|
||||||
@ -257,21 +263,53 @@ with config.krebs.lib;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
|
||||||
};
|
};
|
||||||
|
shodan = {
|
||||||
|
cores = 2;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.4";
|
||||||
|
ip6.addr = "42:0:0:0:0:0:0:50d4";
|
||||||
|
aliases = [
|
||||||
|
"shodan.retiolum"
|
||||||
|
"shodan.r"
|
||||||
|
"cgit.shodan.retiolum"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
|
||||||
|
YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
|
||||||
|
ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
|
||||||
|
7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
|
||||||
|
xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
|
||||||
|
V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
lass = {
|
lass = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
|
||||||
mail = "lass@mors.retiolum";
|
mail = "lass@mors.retiolum";
|
||||||
pgp.pubkeys.default = builtins.readFile ./default.pgp;
|
pubkey = builtins.readFile ./ssh/mors.rsa;
|
||||||
|
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
|
||||||
};
|
};
|
||||||
lass-uriel = {
|
lass-uriel = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
|
||||||
mail = "lass@uriel.retiolum";
|
mail = "lass@uriel.retiolum";
|
||||||
|
pubkey = builtins.readFile ./ssh/uriel.rsa;
|
||||||
};
|
};
|
||||||
lass-helios = {
|
lass-helios = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
|
|
||||||
mail = "lass@helios.retiolum";
|
mail = "lass@helios.retiolum";
|
||||||
|
pubkey = builtins.readFile ./ssh/helios.rsa;
|
||||||
|
};
|
||||||
|
lass-shodan = {
|
||||||
|
mail = "lass@shodan.retiolum";
|
||||||
|
pubkey = builtins.readFile ./ssh/shodan.rsa;
|
||||||
|
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: GnuPG v2
|
|
||||||
|
|
||||||
mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
|
|
||||||
gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
|
|
||||||
e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
|
|
||||||
+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
|
|
||||||
Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
|
|
||||||
UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
|
|
||||||
+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
|
|
||||||
my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
|
|
||||||
DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
|
|
||||||
ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
|
|
||||||
/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
|
|
||||||
tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
|
|
||||||
+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
|
|
||||||
D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
|
|
||||||
kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
|
|
||||||
2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
|
|
||||||
0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
|
|
||||||
u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
|
|
||||||
HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
|
|
||||||
1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
|
|
||||||
NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
|
|
||||||
cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
|
|
||||||
IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
|
|
||||||
4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
|
|
||||||
/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
|
|
||||||
/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
|
|
||||||
MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
|
|
||||||
0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
|
|
||||||
gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
|
|
||||||
75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
|
|
||||||
AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
|
|
||||||
WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
|
|
||||||
02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
|
|
||||||
MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
|
|
||||||
ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
|
|
||||||
+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
|
|
||||||
XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
|
|
||||||
VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
|
|
||||||
Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
|
|
||||||
Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
|
|
||||||
8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
|
|
||||||
laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
|
|
||||||
2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
|
|
||||||
aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
|
|
||||||
PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
|
|
||||||
4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
|
|
||||||
It6jrzDh3+COSQ==
|
|
||||||
=0gFT
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
51
krebs/3modules/lass/pgp/mors.pgp
Normal file
51
krebs/3modules/lass/pgp/mors.pgp
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
mQINBFcWQhEBEADwt+hHRZxZx05USejn4x5LVWqqg5I2nIzjwI8pVyBra2AmXaMA
|
||||||
|
SAImFk1W6oM35rwYmez6TG8QC7RPRUrMHX2aAdDwJ/VtU/b87q0ICwlMxYUnikg1
|
||||||
|
tsHV4kRB7ukm+Rs0ECMqZzjwdlbiEEfQ6VPUrIBzDHeD0idkC82DonZ6xe083klH
|
||||||
|
LpO36ckBOtyaoZZspzRu5yB76vsbeviVqsQ9WTQ8GoQk1i6FUbTbtOlvjhtx05Rk
|
||||||
|
ic66RrfFSM/ElLe5yA96kZd7m/Sn9WIRwRj3clxnT1vAVpMlpISsTutEQtuG3MDX
|
||||||
|
tT3EPVSSZEEcY1xxlJF+u1JZu4QqqtH+nczjshv+z3HZdmGd7OGqmgI8D3Ly/Ufi
|
||||||
|
Uyz+ewZbhbgy/XSHqwriUbnMuE9OKxx0LqlQLA59+/icT+upW4TexiHKd6PYeSeJ
|
||||||
|
kCxUEAmzqxsnilmwbehQrmmhI7uzxT8YxNGjF5mRJ1zOY55praTMKlp3MOxKvVPn
|
||||||
|
EZSyWm/22CuUZZEX0XR6TBgkL71VoGrlaezADzhHu9i5yBwbNCuiE2CYcS5IuDf+
|
||||||
|
GkoKGtWeLbXTXccWOaIItSzlVUcJx3D009kTXeLEo2T1RPpz41LMvqWkUlZg4CA1
|
||||||
|
zMAcudsXDtXGJEvS3dZAaiUUdASktzNL/ltuW/CXITJ0V7UjmA0pOyLDOQARAQAB
|
||||||
|
tBlsYXNzdWx1cyA8bGFzc0BsYXNzdWwudXM+iQI3BBMBCAAhBQJXFkIRAhsDBQsJ
|
||||||
|
CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEInoKVKXan5NFVsP/RfU4dychz5eadnN
|
||||||
|
/iCybL2eXCkpNbSJaPVqKKmBqY4oDEqK0NekwgOiWXFuFI6BpNyTW5z1a2PaBgF2
|
||||||
|
bG5K/k/aGnzUUqH+LhtMCYr90UjJPtsrgi+C5poL4e2EsPN1SASSOSYFtYY1EQCe
|
||||||
|
NcYut2foM/PjviJKuS9t/kJxmZn8Vi3+qQKSwys219IQuXqos44aihjnwEL+TR6D
|
||||||
|
MgcDCW2QSCqB5kfksjustSihDck8ZkT+nISTrSdZVPzROcyBeswN/UqjOUBZd1p1
|
||||||
|
sO7SqDaBnzovRD3G4kyscepPWChnOFCIq9tuE2Mai2QliQ4q1Bn0+8uhLPLG+nQI
|
||||||
|
leL/6pFXY9ecjmpqrSAXEysDUgfpiqJzDtv8WC3fY7wl88/ROiHrgF8x5P4PmUMl
|
||||||
|
oTfe+BGQar6BNV3rStPsW6Ogm6Mu6WNVXCRIJboM+ev3JdVSGF/ehnmb06EGCIrI
|
||||||
|
ahWbMViDSAjOvM92By/RJkP8ADCN2ezvdf86Ubyib5EyRoleu0WHvtO1mLQn0pIP
|
||||||
|
cYCGXrnQlkduC7ENS942hLUq976LPH1ZatM26gaN1MKxN03v+6e9E6jtxUH3wWk1
|
||||||
|
oDGddTl+zu4fqUxEAA391sPMhp+DTVxXmPKvpnJivKAsL2Hkg0vKQt6VQNEv2Lgm
|
||||||
|
G8vdqOcapWLBcddR9d0DpFgkZNQCuQINBFcWQhEBEADgv6HfZQyxuiFpHQbt59s4
|
||||||
|
7mA4AmzgjA1GiS73xo16qjwLieKPJWlrgPk4OOwqQpdygZ9LAhH+FIqcGo4wCNKL
|
||||||
|
1qiMQeQcFOACvLOfxpv8F1TkOc9IbQUoMPxXEYRK/c0ZtaWpe8dy4QL3tDwS/ovk
|
||||||
|
sCZBpvXdpJXDuccfTQ23UPozWKs21JAIKqbO7p5n86VGr0Co07xmBsxOK6ylK8YM
|
||||||
|
ftBjugfbxfmFApW2lAsjeDe7J5RY6W5NaeMg/IxTy6wkfoz1UjwtQaRvp1XbWqPz
|
||||||
|
Ib+mx8AeRQQXzuVKxS20ZVgazSZHg1PYu9PoKTIWK0NLd68CydcQ4q6F3PjNytFH
|
||||||
|
tDM13q5kWmTU0yFy2OWvy4JAq2z02C+Z+/+nffp0ZfsdEeVNm5ZvlDLmOYMWFzDj
|
||||||
|
OScYgBYIAvAs3pYV+xl6pxvdTyI3JXed7Q889e36TC3mwUIR4sL+oOfctA7Swzkr
|
||||||
|
aU8uMCwIE6ppGsxIcXQt15sUjgM5THXzAQXVkbM8i1x9F0JjP7bFMWcIP1pmqcaO
|
||||||
|
6znM2D/wocY+RO3xYj0GLFgRBW2O/pJUWrWHInpO3mrwZeRMGZix5nZH8U6cvfD5
|
||||||
|
9SwIVdyKj6sZklcS2JJclBDrAudYUbckAuV7KI1ZWcU4kVS3joYdWcFQO3vOxJW5
|
||||||
|
mGXML9roJXeXN664iNBgpQARAQABiQIfBBgBCAAJBQJXFkIRAhsMAAoJEInoKVKX
|
||||||
|
an5NGhcP/jkeR/fYPYuYEUWLGBxq2hFhwMssiJ+pwx5Nj+Kh9rLm90LBLCcwBVu0
|
||||||
|
ILbaePkPCmin8p9F+AOy11DsWb5lBrlyUqU6+ID9nY/WbNL5ZYl6zIBmuYQ5qFEA
|
||||||
|
n5NQD6hLllC6wyOqIeKXrnkvFJMW8+W0aYRQh7hhpAzyJz9gawXWvWY45NhWl3Tm
|
||||||
|
S3LfJbA5nM6uZvO0VU7LERgfwTgPSjMwYVQGtktndy9N4Avi1N02l5BEmuZoXwTC
|
||||||
|
oQuW6LiAPGE2ztXztyNGnUYUAGMWl22UTezqfU/aOG9Qum+QebwTgBUH4pTgLiV/
|
||||||
|
pWxXib517wGkect/0Yd+zcya8lA7x1EzFFMb3i4ToawIz76I2ncIlpC2q31x2nVI
|
||||||
|
6fBW4kfu8AR7XW9Yyv+plIuva1AeTf+sMc7FSb5CpOmjjLpUfQ96vZvQwarcEip7
|
||||||
|
UmOBoAoFdhtwJotskBOje52AUgDIBWZrIfH1bq7/NjAO73UdR1mJkOpY01qQXkED
|
||||||
|
TiLeIBGYqseCbnJNi1PVOVNEOT4Up3/RSjpAu8dBrXKqx7yS8bKlVk3RsIDlgyb4
|
||||||
|
rWMc88uBl57YsjSnQN36LN7j0hPpb0TAD1OsPI1pepsKUAPZKA2EAyLXKyQ3oLqN
|
||||||
|
DWU4ZWpIi8+RKm3UpWgQ9qN4tuRHvVX/AQjEW1LkhfmR2VIqnrkv
|
||||||
|
=fgFG
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
30
krebs/3modules/lass/pgp/shodan.pgp
Normal file
30
krebs/3modules/lass/pgp/shodan.pgp
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
mQENBFc/U8EBCADaPobNwlm8oI3cVtDhsdHpW7gyNTloqM1JdUPoJ30kS8xIbKfF
|
||||||
|
U+UWEj+/G0hXg3jGpqsYKzCegLcZuvKrLuyWas3nFync/KeWjPpmQWh8h/AQ63gi
|
||||||
|
6FjikRS9iDHEnUBqXXymG6JOo9NrGX7viWcPx+rQzvXOFxVYt1JJY+Ki30tSL+0l
|
||||||
|
igJBJ+x2qndnlPZE9uyKjYC9+9NlZ04h5WOponTtgIddBlBPhIOAW+f5mBVeWuaK
|
||||||
|
8wPBY2z98ZIclwdTohCpBRjs/EAEhN+2djSjyJti2TARceMKV2ZLRoUh6bNqj3xV
|
||||||
|
Y4IkDe47dS8rRmH/xj+9odJjtlbFHDmtElcfABEBAAG0HWxhc3NAc2hvZGFuLnIg
|
||||||
|
PGxhc3NAc2hvZGFuLnI+iQE3BBMBCAAhBQJXP1PBAhsDBQsJCAcCBhUICQoLAgQW
|
||||||
|
AgMBAh4BAheAAAoJECOf1I8qjNLnWCsH/Rr70NVjCpqou5JRJqc9NMYJflH8qUSR
|
||||||
|
xxYsVXaLjf1sa5X0qbq1u5EaYQGsdP7qKuLggoom7CGBhG3WZnfhuLi9y2IXAFo8
|
||||||
|
RprBmrTmXgpXqm8IrcWMDJUEwhjUn+x1iCnGUfmbUpIdBIj8HsCfDUmg+WT0GflT
|
||||||
|
9tfYR0v1vRzK6WWYEobP9abhZdjOHIS8cXDgFVREllKjjOcLzsB23I9g1nlvX3+W
|
||||||
|
J7iliC4s1OGvcpw0MHl/1KRpSBXK3we0WTNZLIJXr8W+BvURYxhVfbvgjHuv6K0h
|
||||||
|
J0a/me8nkh05pdRLLGL+C8eFjAXALnTIxgiVNGjtXBAR+/HN2//iG665AQ0EVz9T
|
||||||
|
wQEIAMsxDQ3Y5SL2gI1EjEuCc6RyTSBmsna9g/wKjzUbcB9zpEN9i85NDRvvfGn6
|
||||||
|
ihxI9Z1rvn8zr8MKu9OcZB2XEQDriHUcS4IxnZzdbUIKOtR+1BjZvMKupbw+KHag
|
||||||
|
WoeUh+tfb50bEMy/Z6Mp5mLOyXMyyiGS3CHJ6sHUXTub6kuHQnAOqiMsqnegZMcS
|
||||||
|
sF+NpSNoSngC060jgh7fl4T8M3Vuv9NKGu9+0J48QR+LFsKe/7LwRQ9HFSH4sPeD
|
||||||
|
vQI1BEo4piXthwd6mUHCbish38H77PGO0kKHaJ0HkBu+3tKXP1JJdm9SiN+ypUIB
|
||||||
|
FyfLpaWf6pcc/0QX6qE4gL00MI0AEQEAAYkBHwQYAQgACQUCVz9TwQIbDAAKCRAj
|
||||||
|
n9SPKozS5w85B/4o2Zf7oLqjNmOu+YE0fNJmbGCETNotNnE/GToiejNAM9B/rYJe
|
||||||
|
qjM9/kq0GJKVfKKrBGA0YQy9O847TVW26gPeiEgS7DO1Dl9YiLJJVzUGlOPijTIJ
|
||||||
|
A3LmMCLU/M3+a/33HGjm7gYk+aRwqOwHeC+f1pder8InoC3ebWupfcQsWkwTVqZk
|
||||||
|
lrLzoywjqQcdjAYFJp1c0ZxXyrgOS4dIGMU+o+DDCyK/ry9UGd3ZacMqDsyWO51A
|
||||||
|
iXDMtvVsuxbIP5o3muF9kEX7hx4EF7+MzRI3FjYwlHLNw+v3OVhfOxuPSt71VOiC
|
||||||
|
G2aT2z4sz8+qbOIIG3JX99osG6v683lvDUCW
|
||||||
|
=s4OM
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
1
krebs/3modules/lass/ssh/helios.rsa
Normal file
1
krebs/3modules/lass/ssh/helios.rsa
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios
|
1
krebs/3modules/lass/ssh/mors.rsa
Normal file
1
krebs/3modules/lass/ssh/mors.rsa
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
|
1
krebs/3modules/lass/ssh/shodan.rsa
Normal file
1
krebs/3modules/lass/ssh/shodan.rsa
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan
|
1
krebs/3modules/lass/ssh/uriel.rsa
Normal file
1
krebs/3modules/lass/ssh/uriel.rsa
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
|
@ -26,7 +26,10 @@ let
|
|||||||
environment = {
|
environment = {
|
||||||
etc = flip mapAttrs' cfg (name: { packages, ... }: {
|
etc = flip mapAttrs' cfg (name: { packages, ... }: {
|
||||||
name = "per-user/${name}";
|
name = "per-user/${name}";
|
||||||
value.source = pkgs.symlinkJoin "per-user.${name}" packages;
|
value.source = pkgs.symlinkJoin {
|
||||||
|
name = "per-user.${name}";
|
||||||
|
paths = packages;
|
||||||
|
};
|
||||||
});
|
});
|
||||||
profiles = ["/etc/per-user/$LOGNAME"];
|
profiles = ["/etc/per-user/$LOGNAME"];
|
||||||
};
|
};
|
||||||
|
@ -36,6 +36,19 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
||||||
|
|
||||||
|
buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
|
||||||
|
inherit (pkgs.pythonPackages) twisted jinja2;
|
||||||
|
dateutil = pkgs.pythonPackages.dateutil_1_5;
|
||||||
|
sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||||
|
symlinkJoin = { name, paths, ... }@args: let
|
||||||
|
x = pkgs.symlinkJoin args;
|
||||||
|
in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
|
||||||
|
|
||||||
test = {
|
test = {
|
||||||
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
||||||
};
|
};
|
||||||
|
@ -8,11 +8,13 @@ in {
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
../2configs/os-templates/CAC-CentOS-7-64bit.nix
|
../2configs/os-templates/CAC-CentOS-7-64bit.nix
|
||||||
../2configs/base.nix
|
../2configs/default.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/fastpoke-pages.nix
|
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/realwallpaper.nix
|
../2configs/realwallpaper.nix
|
||||||
|
../2configs/realwallpaper-server.nix
|
||||||
|
../2configs/privoxy-retiolum.nix
|
||||||
{
|
{
|
||||||
networking.interfaces.enp2s1.ip4 = [
|
networking.interfaces.enp2s1.ip4 = [
|
||||||
{
|
{
|
||||||
|
@ -4,9 +4,9 @@
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../2configs/base.nix
|
../2configs/default.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/websites/fritz.nix
|
|
||||||
{
|
{
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
device = "/dev/vda";
|
device = "/dev/vda";
|
||||||
@ -26,10 +26,19 @@
|
|||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/srv/http" = {
|
||||||
|
device = "/dev/pool/srv_http";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/vda1";
|
device = "/dev/vda1";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
fileSystems."/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
networking.dhcpcd.allowInterfaces = [
|
networking.dhcpcd.allowInterfaces = [
|
||||||
@ -40,6 +49,20 @@
|
|||||||
{
|
{
|
||||||
sound.enable = false;
|
sound.enable = false;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
mk_sql_pair
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../2configs/websites/fritz.nix
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.dishfire;
|
krebs.build.host = config.krebs.hosts.dishfire;
|
||||||
|
@ -8,7 +8,8 @@ in {
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
../2configs/os-templates/CAC-CentOS-7-64bit.nix
|
../2configs/os-templates/CAC-CentOS-7-64bit.nix
|
||||||
../2configs/base.nix
|
../2configs/default.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/realwallpaper-server.nix
|
../2configs/realwallpaper-server.nix
|
||||||
../2configs/privoxy-retiolum.nix
|
../2configs/privoxy-retiolum.nix
|
||||||
|
@ -5,10 +5,13 @@ with builtins;
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
../2configs/baseX.nix
|
../2configs/baseX.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/browsers.nix
|
../2configs/browsers.nix
|
||||||
../2configs/programs.nix
|
../2configs/programs.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/pass.nix
|
../2configs/pass.nix
|
||||||
|
../2configs/fetchWallpaper.nix
|
||||||
|
../2configs/backups.nix
|
||||||
#{
|
#{
|
||||||
# users.extraUsers = {
|
# users.extraUsers = {
|
||||||
# root = {
|
# root = {
|
||||||
@ -52,6 +55,16 @@ with builtins;
|
|||||||
"/boot" = {
|
"/boot" = {
|
||||||
device = "/dev/sda1";
|
device = "/dev/sda1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"/home" = {
|
||||||
|
device = "/dev/pool/home";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#services.udev.extraRules = ''
|
#services.udev.extraRules = ''
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
../2configs/baseX.nix
|
../2configs/baseX.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/programs.nix
|
../2configs/programs.nix
|
||||||
../2configs/bitcoin.nix
|
../2configs/bitcoin.nix
|
||||||
../2configs/browsers.nix
|
../2configs/browsers.nix
|
||||||
@ -26,6 +27,8 @@
|
|||||||
../2configs/libvirt.nix
|
../2configs/libvirt.nix
|
||||||
../2configs/fetchWallpaper.nix
|
../2configs/fetchWallpaper.nix
|
||||||
../2configs/cbase.nix
|
../2configs/cbase.nix
|
||||||
|
../2configs/mail.nix
|
||||||
|
../2configs/krebs-pass.nix
|
||||||
#../2configs/buildbot-standalone.nix
|
#../2configs/buildbot-standalone.nix
|
||||||
{
|
{
|
||||||
#risk of rain port
|
#risk of rain port
|
||||||
@ -33,124 +36,28 @@
|
|||||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
|
||||||
#static-nginx-test
|
|
||||||
imports = [
|
|
||||||
../3modules/static_nginx.nix
|
|
||||||
];
|
|
||||||
lass.staticPage."testserver.de" = {
|
|
||||||
#sslEnable = true;
|
|
||||||
#certificate = "${toString <secrets>}/testserver.de/server.cert";
|
|
||||||
#certificate_key = "${toString <secrets>}/testserver.de/server.pem";
|
|
||||||
ssl = {
|
|
||||||
enable = true;
|
|
||||||
certificate = "${toString <secrets>}/testserver.de/server.cert";
|
|
||||||
certificate_key = "${toString <secrets>}/testserver.de/server.pem";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
networking.extraHosts = ''
|
|
||||||
10.243.0.2 testserver.de
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
#{
|
#{
|
||||||
# #wordpress-test
|
|
||||||
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
|
||||||
# imports = [
|
|
||||||
# ../3modules/wordpress_nginx.nix
|
|
||||||
# ];
|
|
||||||
# lass.wordpress."testserver.de" = {
|
|
||||||
# multiSite = {
|
|
||||||
# "1" = "testserver.de";
|
|
||||||
# "2" = "bla.testserver.de";
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# services.mysql = {
|
# services.mysql = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# package = pkgs.mariadb;
|
# package = pkgs.mariadb;
|
||||||
# rootPassword = "<secrets>/mysql_rootPassword";
|
# rootPassword = "<secrets>/mysql_rootPassword";
|
||||||
# };
|
# };
|
||||||
# networking.extraHosts = ''
|
|
||||||
# 10.243.0.2 testserver.de
|
|
||||||
# '';
|
|
||||||
# krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
|
||||||
# ];
|
|
||||||
#}
|
#}
|
||||||
#{
|
#{
|
||||||
# #owncloud-test
|
# services.elasticsearch = {
|
||||||
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
# enable = true;
|
||||||
# imports = [
|
# plugins = [
|
||||||
# ../3modules/owncloud_nginx.nix
|
# # pkgs.elasticsearchPlugins.elasticsearch_kopf
|
||||||
# ];
|
# ];
|
||||||
# lass.owncloud."owncloud-test.de" = {
|
# };
|
||||||
|
#}
|
||||||
|
#{
|
||||||
|
# services.postgresql = {
|
||||||
|
# enable = true;
|
||||||
|
# package = pkgs.postgresql;
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# #services.mysql = {
|
|
||||||
# # enable = true;
|
|
||||||
# # package = pkgs.mariadb;
|
|
||||||
# # rootPassword = "<secrets>/mysql_rootPassword";
|
|
||||||
# #};
|
|
||||||
# networking.extraHosts = ''
|
|
||||||
# 10.243.0.2 owncloud-test.de
|
|
||||||
# '';
|
|
||||||
# krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
|
||||||
# ];
|
|
||||||
#}
|
#}
|
||||||
{
|
{
|
||||||
containers.pythonenv = {
|
|
||||||
config = {
|
|
||||||
services.openssh.enable = true;
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.lass.pubkey
|
|
||||||
];
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
systemPackages = with pkgs; [
|
|
||||||
git
|
|
||||||
libxml2
|
|
||||||
libxslt
|
|
||||||
libzip
|
|
||||||
python27Full
|
|
||||||
python27Packages.buildout
|
|
||||||
stdenv
|
|
||||||
zlib
|
|
||||||
];
|
|
||||||
|
|
||||||
pathsToLink = [ "/include" ];
|
|
||||||
|
|
||||||
shellInit = ''
|
|
||||||
# help pip to find libz.so when building lxml
|
|
||||||
export LIBRARY_PATH=/var/run/current-system/sw/lib
|
|
||||||
# ditto for header files, e.g. sqlite
|
|
||||||
export C_INCLUDE_PATH=/var/run/current-system/sw/include
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
services.mysql = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.mariadb;
|
|
||||||
rootPassword = "<secrets>/mysql_rootPassword";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
services.elasticsearch = {
|
|
||||||
enable = true;
|
|
||||||
plugins = [
|
|
||||||
# pkgs.elasticsearchPlugins.elasticsearch_kopf
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.postgresql;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
@ -158,15 +65,6 @@
|
|||||||
|
|
||||||
networking.wireless.enable = true;
|
networking.wireless.enable = true;
|
||||||
|
|
||||||
networking.extraHosts = ''
|
|
||||||
213.239.205.240 wohnprojekt-rhh.de
|
|
||||||
213.239.205.240 karlaskop.de
|
|
||||||
213.239.205.240 makeup.apanowicz.de
|
|
||||||
213.239.205.240 pixelpocket.de
|
|
||||||
213.239.205.240 reich-gebaeudereinigung.de
|
|
||||||
213.239.205.240 o.ubikmedia.de
|
|
||||||
'';
|
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
@ -206,7 +104,7 @@
|
|||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
"/mnt/backups" = {
|
"/bku" = {
|
||||||
device = "/dev/big/backups";
|
device = "/dev/big/backups";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
@ -293,6 +191,8 @@
|
|||||||
get
|
get
|
||||||
teamspeak_client
|
teamspeak_client
|
||||||
hashPassword
|
hashPassword
|
||||||
|
urban
|
||||||
|
mk_sql_pair
|
||||||
];
|
];
|
||||||
|
|
||||||
#TODO: fix this shit
|
#TODO: fix this shit
|
||||||
@ -324,16 +224,4 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#touchpad config
|
|
||||||
services.xserver.synaptics = {
|
|
||||||
enable = true;
|
|
||||||
accelFactor = "0.035";
|
|
||||||
additionalOptions = ''
|
|
||||||
Option "FingerHigh" "60"
|
|
||||||
Option "FingerLow" "60"
|
|
||||||
'';
|
|
||||||
tapButtons = false;
|
|
||||||
twoFingerScroll = true;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -2,15 +2,28 @@
|
|||||||
|
|
||||||
let
|
let
|
||||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
|
||||||
|
inherit (import ../../4lib { inherit lib pkgs; })
|
||||||
|
manageCerts;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
../2configs/base.nix
|
../2configs/default.nix
|
||||||
|
../2configs/exim-smarthost.nix
|
||||||
../2configs/downloading.nix
|
../2configs/downloading.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/ts3.nix
|
../2configs/ts3.nix
|
||||||
../2configs/bitlbee.nix
|
../2configs/bitlbee.nix
|
||||||
../2configs/weechat.nix
|
../2configs/weechat.nix
|
||||||
|
../2configs/privoxy-retiolum.nix
|
||||||
|
../2configs/radio.nix
|
||||||
|
{
|
||||||
|
#we need to use old sqlite for buildbot
|
||||||
|
imports = [
|
||||||
|
../2configs/buildbot-standalone.nix
|
||||||
|
];
|
||||||
|
}
|
||||||
{
|
{
|
||||||
users.extraGroups = {
|
users.extraGroups = {
|
||||||
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
||||||
@ -77,6 +90,18 @@ in {
|
|||||||
device = "/dev/pool/download";
|
device = "/dev/pool/download";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/srv/http" = {
|
||||||
|
device = "/dev/pool/http";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/srv/o.ubikmedia.de-data" = {
|
||||||
|
device = "/dev/pool/owncloud-ubik-data";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
sound.enable = false;
|
sound.enable = false;
|
||||||
@ -117,7 +142,7 @@ in {
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
users.users.chat.openssh.authorizedKeys.keys = [
|
users.users.chat.openssh.authorizedKeys.keys = [
|
||||||
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
|
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
|
||||||
config.krebs.users.lass-uriel.pubkey
|
config.krebs.users.lass-uriel.pubkey
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
@ -130,15 +155,47 @@ in {
|
|||||||
../2configs/websites/domsen.nix
|
../2configs/websites/domsen.nix
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
services.tor = {
|
services.tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
client.enable = true;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
certs."lassul.us" = {
|
||||||
|
email = "lass@lassul.us";
|
||||||
|
webroot = "/var/lib/acme/challenges/lassul.us";
|
||||||
|
plugins = [
|
||||||
|
"account_key.json"
|
||||||
|
"key.pem"
|
||||||
|
"fullchain.pem"
|
||||||
|
"full.pem"
|
||||||
|
];
|
||||||
|
user = "ejabberd";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.nginx.servers."lassul.us" = {
|
||||||
|
server-names = [ "lassul.us" ];
|
||||||
|
locations = [
|
||||||
|
(lib.nameValuePair "/.well-known/acme-challenge" ''
|
||||||
|
root /var/lib/acme/challenges/lassul.us/;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
lass.ejabberd = {
|
||||||
|
enable = true;
|
||||||
|
hosts = [ "lassul.us" ];
|
||||||
|
certfile = "/var/lib/acme/lassul.us/full.pem";
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
76
lass/1systems/shodan.nix
Normal file
76
lass/1systems/shodan.nix
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with builtins;
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../.
|
||||||
|
../2configs/baseX.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/browsers.nix
|
||||||
|
../2configs/programs.nix
|
||||||
|
../2configs/fetchWallpaper.nix
|
||||||
|
../2configs/backups.nix
|
||||||
|
#{
|
||||||
|
# users.extraUsers = {
|
||||||
|
# root = {
|
||||||
|
# openssh.authorizedKeys.keys = map readFile [
|
||||||
|
# ../../krebs/Zpubkeys/uriel.ssh.pub
|
||||||
|
# ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
#}
|
||||||
|
{
|
||||||
|
#x220 config from mors
|
||||||
|
#TODO: make x220 config file (or look in other user dir)
|
||||||
|
hardware.trackpoint = {
|
||||||
|
enable = true;
|
||||||
|
sensitivity = 220;
|
||||||
|
speed = 0;
|
||||||
|
emulateWheel = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.xserver = {
|
||||||
|
videoDriver = "intel";
|
||||||
|
vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||||
|
deviceSection = ''
|
||||||
|
Option "AccelMethod" "sna"
|
||||||
|
BusID "PCI:0:2:0"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.grub.enable = true;
|
||||||
|
loader.grub.version = 2;
|
||||||
|
loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||||
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
|
kernelModules = [ "msr" ];
|
||||||
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/pool/nix";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
#services.udev.extraRules = ''
|
||||||
|
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
||||||
|
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
||||||
|
#'';
|
||||||
|
}
|
@ -5,6 +5,7 @@ with builtins;
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
../2configs/baseX.nix
|
../2configs/baseX.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/browsers.nix
|
../2configs/browsers.nix
|
||||||
../2configs/games.nix
|
../2configs/games.nix
|
||||||
../2configs/pass.nix
|
../2configs/pass.nix
|
||||||
@ -47,6 +48,11 @@ with builtins;
|
|||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
"/boot" = {
|
"/boot" = {
|
||||||
device = "/dev/sda1";
|
device = "/dev/sda1";
|
||||||
};
|
};
|
||||||
|
135
lass/2configs/backups.nix
Normal file
135
lass/2configs/backups.nix
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
with config.krebs.lib;
|
||||||
|
{
|
||||||
|
|
||||||
|
krebs.backup.plans = {
|
||||||
|
} // mapAttrs (_: recursiveUpdate {
|
||||||
|
snapshots = {
|
||||||
|
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||||
|
weekly = { format = "%YW%W"; retain = 4; };
|
||||||
|
monthly = { format = "%Y-%m"; retain = 12; };
|
||||||
|
yearly = { format = "%Y"; };
|
||||||
|
};
|
||||||
|
}) {
|
||||||
|
dishfire-http-prism = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
|
||||||
|
startAt = "03:00";
|
||||||
|
};
|
||||||
|
dishfire-http-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
|
||||||
|
startAt = "03:05";
|
||||||
|
};
|
||||||
|
dishfire-http-uriel = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
|
||||||
|
startAt = "03:10";
|
||||||
|
};
|
||||||
|
dishfire-sql-prism = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
|
||||||
|
startAt = "03:15";
|
||||||
|
};
|
||||||
|
dishfire-sql-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
|
||||||
|
startAt = "03:20";
|
||||||
|
};
|
||||||
|
dishfire-sql-uriel = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
|
||||||
|
startAt = "03:25";
|
||||||
|
};
|
||||||
|
prism-bitlbee-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
|
||||||
|
startAt = "03:25";
|
||||||
|
};
|
||||||
|
prism-bitlbee-uriel = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; };
|
||||||
|
startAt = "03:25";
|
||||||
|
};
|
||||||
|
prism-chat-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
|
||||||
|
startAt = "03:30";
|
||||||
|
};
|
||||||
|
prism-chat-uriel = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
|
||||||
|
startAt = "03:35";
|
||||||
|
};
|
||||||
|
prism-sql-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
|
||||||
|
startAt = "03:40";
|
||||||
|
};
|
||||||
|
prism-sql-uriel = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
|
||||||
|
startAt = "03:45";
|
||||||
|
};
|
||||||
|
prism-http-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
|
||||||
|
startAt = "03:50";
|
||||||
|
};
|
||||||
|
prism-http-uriel = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
|
||||||
|
startAt = "03:55";
|
||||||
|
};
|
||||||
|
uriel-home-mors = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.uriel; path = "/home"; };
|
||||||
|
dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
|
||||||
|
startAt = "04:00";
|
||||||
|
};
|
||||||
|
mors-home-uriel = {
|
||||||
|
method = "push";
|
||||||
|
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||||
|
dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
|
||||||
|
startAt = "05:00";
|
||||||
|
};
|
||||||
|
dishfire-http-helios = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
|
||||||
|
startAt = "12:00";
|
||||||
|
};
|
||||||
|
dishfire-sql-helios = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
|
||||||
|
startAt = "12:15";
|
||||||
|
};
|
||||||
|
prism-sql-helios = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
|
||||||
|
startAt = "12:30";
|
||||||
|
};
|
||||||
|
prism-http-helios = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
|
||||||
|
startAt = "12:45";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -4,9 +4,10 @@ let
|
|||||||
mainUser = config.users.extraUsers.mainUser;
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
./default.nix
|
||||||
#./urxvt.nix
|
#./urxvt.nix
|
||||||
./xserver
|
./xserver
|
||||||
|
./mpv.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
||||||
@ -33,17 +34,18 @@ in {
|
|||||||
|
|
||||||
dmenu
|
dmenu
|
||||||
gitAndTools.qgit
|
gitAndTools.qgit
|
||||||
|
nmap
|
||||||
much
|
much
|
||||||
pavucontrol
|
pavucontrol
|
||||||
powertop
|
powertop
|
||||||
push
|
push
|
||||||
slock
|
slock
|
||||||
sxiv
|
sxiv
|
||||||
|
xclip
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
xsel
|
xsel
|
||||||
zathura
|
zathura
|
||||||
|
|
||||||
mpv
|
|
||||||
mpv-poll
|
mpv-poll
|
||||||
yt-next
|
yt-next
|
||||||
#window manager stuff
|
#window manager stuff
|
||||||
|
@ -14,7 +14,7 @@ let
|
|||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
lass.per-user.${name}.packages = packages;
|
krebs.per-user.${name}.packages = packages;
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||||
'';
|
'';
|
||||||
@ -35,7 +35,7 @@ let
|
|||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
lass.per-user.${name}.packages = packages;
|
krebs.per-user.${name}.packages = packages;
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||||
'';
|
'';
|
||||||
@ -59,20 +59,9 @@ in {
|
|||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
|
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
|
||||||
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
|
( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
|
( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
|
( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
|
( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs : {
|
|
||||||
flash = pkgs.chromium.override {
|
|
||||||
# pulseSupport = true;
|
|
||||||
enablePepperFlash = true;
|
|
||||||
};
|
|
||||||
#chromium = pkgs.chromium.override {
|
|
||||||
# pulseSupport = true;
|
|
||||||
#};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -1,15 +1,16 @@
|
|||||||
{ lib, config, pkgs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
#networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
krebs.buildbot.master = let
|
||||||
krebs.buildbot.master = {
|
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
||||||
|
in {
|
||||||
slaves = {
|
slaves = {
|
||||||
testslave = "lasspass";
|
testslave = "lasspass";
|
||||||
};
|
};
|
||||||
change_source.stockholm = ''
|
change_source.stockholm = ''
|
||||||
stockholm_repo = 'http://cgit.mors/stockholm'
|
stockholm_repo = '${stockholm-mirror-url}'
|
||||||
cs.append(changes.GitPoller(
|
cs.append(changes.GitPoller(
|
||||||
stockholm_repo,
|
stockholm_repo,
|
||||||
workdir='stockholm-poller', branch='master',
|
workdir='stockholm-poller', branches=True,
|
||||||
project='stockholm',
|
project='stockholm',
|
||||||
pollinterval=120))
|
pollinterval=120))
|
||||||
'';
|
'';
|
||||||
@ -20,10 +21,12 @@
|
|||||||
builderNames=["fast-tests"]))
|
builderNames=["fast-tests"]))
|
||||||
'';
|
'';
|
||||||
fast-tests-scheduler = ''
|
fast-tests-scheduler = ''
|
||||||
# test the master real quick
|
# test everything real quick
|
||||||
sched.append(schedulers.SingleBranchScheduler(
|
sched.append(schedulers.SingleBranchScheduler(
|
||||||
change_filter=util.ChangeFilter(branch="master"),
|
## all branches
|
||||||
name="fast-master-test",
|
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||||
|
# treeStableTimer=10,
|
||||||
|
name="fast-all-branches",
|
||||||
builderNames=["fast-tests"]))
|
builderNames=["fast-tests"]))
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -38,7 +41,10 @@
|
|||||||
deps = [ "gnumake", "jq","nix","rsync" ]
|
deps = [ "gnumake", "jq","nix","rsync" ]
|
||||||
# TODO: --pure , prepare ENV in nix-shell command:
|
# TODO: --pure , prepare ENV in nix-shell command:
|
||||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||||
nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
|
nixshell = ["nix-shell",
|
||||||
|
"-I", "stockholm=.",
|
||||||
|
"-I", "nixpkgs=/var/src/nixpkgs",
|
||||||
|
"-p" ] + deps + [ "--run" ]
|
||||||
|
|
||||||
# prepare addShell function
|
# prepare addShell function
|
||||||
def addShell(factory,**kwargs):
|
def addShell(factory,**kwargs):
|
||||||
@ -48,13 +54,26 @@
|
|||||||
fast-tests = ''
|
fast-tests = ''
|
||||||
f = util.BuildFactory()
|
f = util.BuildFactory()
|
||||||
f.addStep(grab_repo)
|
f.addStep(grab_repo)
|
||||||
addShell(f,name="mors-eval",env=env,
|
for i in [ "prism", "mors", "echelon" ]:
|
||||||
command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
|
addShell(f,name="populate-{}".format(i),env=env,
|
||||||
|
command=nixshell + \
|
||||||
|
["{}( make system={} eval.config.krebs.build.populate \
|
||||||
|
| jq -er .)".format("!" if "failing" in i else "",i)])
|
||||||
|
|
||||||
|
addShell(f,name="build-test-minimal",env=env,
|
||||||
|
command=nixshell + \
|
||||||
|
["nix-instantiate \
|
||||||
|
--show-trace --eval --strict --json \
|
||||||
|
-I nixos-config=./shared/1systems/test-minimal-deploy.nix \
|
||||||
|
-I secrets=. \
|
||||||
|
-A config.system.build.toplevel"]
|
||||||
|
)
|
||||||
|
|
||||||
bu.append(util.BuilderConfig(name="fast-tests",
|
bu.append(util.BuilderConfig(name="fast-tests",
|
||||||
slavenames=slavenames,
|
slavenames=slavenames,
|
||||||
factory=f))
|
factory=f))
|
||||||
'';
|
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
enable = true;
|
enable = true;
|
||||||
web.enable = true;
|
web.enable = true;
|
||||||
@ -72,7 +91,17 @@
|
|||||||
masterhost = "localhost";
|
masterhost = "localhost";
|
||||||
username = "testslave";
|
username = "testslave";
|
||||||
password = "lasspass";
|
password = "lasspass";
|
||||||
packages = with pkgs;[ git nix ];
|
packages = with pkgs;[ git nix gnumake jq rsync ];
|
||||||
extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
|
extraEnviron = {
|
||||||
|
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.iptables = {
|
||||||
|
tables = {
|
||||||
|
filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -7,10 +7,11 @@ with config.krebs.lib;
|
|||||||
../2configs/zsh.nix
|
../2configs/zsh.nix
|
||||||
../2configs/mc.nix
|
../2configs/mc.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
|
./backups.nix
|
||||||
{
|
{
|
||||||
users.extraUsers =
|
users.extraUsers =
|
||||||
mapAttrs (_: h: { hashedPassword = h; })
|
mapAttrs (_: h: { hashedPassword = h; })
|
||||||
(import /root/secrets/hashedPasswords.nix);
|
(import <secrets/hashedPasswords.nix>);
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
@ -18,7 +19,7 @@ with config.krebs.lib;
|
|||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-uriel.pubkey
|
config.krebs.users.lass-uriel.pubkey
|
||||||
config.krebs.users.lass-helios.pubkey
|
config.krebs.users.lass-shodan.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
mainUser = {
|
mainUser = {
|
||||||
@ -33,6 +34,7 @@ with config.krebs.lib;
|
|||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-uriel.pubkey
|
config.krebs.users.lass-uriel.pubkey
|
||||||
|
config.krebs.users.lass-shodan.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -45,7 +47,6 @@ with config.krebs.lib;
|
|||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
search-domain = "retiolum";
|
search-domain = "retiolum";
|
||||||
exim-retiolum.enable = true;
|
|
||||||
build = {
|
build = {
|
||||||
user = config.krebs.users.lass;
|
user = config.krebs.users.lass;
|
||||||
source = mapAttrs (_: mkDefault) ({
|
source = mapAttrs (_: mkDefault) ({
|
||||||
@ -55,7 +56,7 @@ with config.krebs.lib;
|
|||||||
stockholm = "/home/lass/stockholm";
|
stockholm = "/home/lass/stockholm";
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
rev = "40c586b7ce2c559374df435f46d673baf711c543";
|
rev = "d541e0dc1c05f5514bf30f8039e687adddb45616";
|
||||||
dev = "/home/lass/src/nixpkgs";
|
dev = "/home/lass/src/nixpkgs";
|
||||||
};
|
};
|
||||||
} // optionalAttrs config.krebs.build.host.secure {
|
} // optionalAttrs config.krebs.build.host.secure {
|
||||||
@ -85,9 +86,12 @@ with config.krebs.lib;
|
|||||||
MANPAGER=most
|
MANPAGER=most
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
#stockholm
|
#stockholm
|
||||||
git
|
git
|
||||||
|
gnumake
|
||||||
jq
|
jq
|
||||||
parallel
|
parallel
|
||||||
proot
|
proot
|
||||||
@ -102,12 +106,20 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
#network
|
#network
|
||||||
iptables
|
iptables
|
||||||
|
iftop
|
||||||
|
|
||||||
#stuff for dl
|
#stuff for dl
|
||||||
aria2
|
aria2
|
||||||
|
|
||||||
#neat utils
|
#neat utils
|
||||||
krebspaste
|
krebspaste
|
||||||
|
psmisc
|
||||||
|
untilport
|
||||||
|
|
||||||
|
#unpack stuff
|
||||||
|
p7zip
|
||||||
|
unzip
|
||||||
|
unrar
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.bash = {
|
programs.bash = {
|
||||||
@ -145,10 +157,6 @@ with config.krebs.lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
security.setuidPrograms = [
|
|
||||||
"sendmail"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hostKeys = [
|
hostKeys = [
|
||||||
@ -165,6 +173,13 @@ with config.krebs.lib;
|
|||||||
krebs.iptables = {
|
krebs.iptables = {
|
||||||
enable = true;
|
enable = true;
|
||||||
tables = {
|
tables = {
|
||||||
|
nat.PREROUTING.rules = [
|
||||||
|
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
||||||
|
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
||||||
|
];
|
||||||
|
nat.OUTPUT.rules = [
|
||||||
|
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
||||||
|
];
|
||||||
filter.INPUT.policy = "DROP";
|
filter.INPUT.policy = "DROP";
|
||||||
filter.FORWARD.policy = "DROP";
|
filter.FORWARD.policy = "DROP";
|
||||||
filter.INPUT.rules = [
|
filter.INPUT.rules = [
|
@ -3,7 +3,7 @@
|
|||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
rpc-password = import <secrets/transmission-pw.nix>;
|
rpc-password = import <secrets/transmission-pw>;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../3modules/folderPerms.nix
|
../3modules/folderPerms.nix
|
||||||
@ -20,6 +20,7 @@ in {
|
|||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
|
config.krebs.users.lass-uriel.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
10
lass/2configs/exim-retiolum.nix
Normal file
10
lass/2configs/exim-retiolum.nix
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.exim-retiolum.enable = true;
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
49
lass/2configs/exim-smarthost.nix
Normal file
49
lass/2configs/exim-smarthost.nix
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.exim-smarthost = {
|
||||||
|
enable = true;
|
||||||
|
dkim = [
|
||||||
|
{ domain = "lassul.us"; }
|
||||||
|
];
|
||||||
|
sender_domains = [
|
||||||
|
"lassul.us"
|
||||||
|
"aidsballs.de"
|
||||||
|
];
|
||||||
|
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
|
||||||
|
config.krebs.hosts.mors
|
||||||
|
config.krebs.hosts.uriel
|
||||||
|
config.krebs.hosts.helios
|
||||||
|
];
|
||||||
|
internet-aliases = with config.krebs.users; [
|
||||||
|
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
|
||||||
|
{ from = "lass@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "lassulus@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "test@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "outlook@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "steuer@aidsballs.de"; to = lass.mail; }
|
||||||
|
{ from = "lass@aidsballs.de"; to = lass.mail; }
|
||||||
|
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
|
||||||
|
];
|
||||||
|
system-aliases = [
|
||||||
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
{ from = "postmaster"; to = "root"; }
|
||||||
|
{ from = "nobody"; to = "root"; }
|
||||||
|
{ from = "hostmaster"; to = "root"; }
|
||||||
|
{ from = "usenet"; to = "root"; }
|
||||||
|
{ from = "news"; to = "root"; }
|
||||||
|
{ from = "webmaster"; to = "root"; }
|
||||||
|
{ from = "www"; to = "root"; }
|
||||||
|
{ from = "ftp"; to = "root"; }
|
||||||
|
{ from = "abuse"; to = "root"; }
|
||||||
|
{ from = "noc"; to = "root"; }
|
||||||
|
{ from = "security"; to = "root"; }
|
||||||
|
{ from = "root"; to = "lass"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
@ -1,101 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with config.krebs.lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
createStaticPage = domain:
|
|
||||||
{
|
|
||||||
krebs.nginx.servers."${domain}" = {
|
|
||||||
server-names = [
|
|
||||||
"${domain}"
|
|
||||||
"www.${domain}"
|
|
||||||
];
|
|
||||||
locations = [
|
|
||||||
(nameValuePair "/" ''
|
|
||||||
root /var/lib/http/${domain};
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
};
|
|
||||||
#networking.extraHosts = ''
|
|
||||||
# 10.243.206.102 ${domain}
|
|
||||||
#'';
|
|
||||||
users.extraUsers = {
|
|
||||||
${domain} = {
|
|
||||||
name = domain;
|
|
||||||
home = "/var/lib/http/${domain}";
|
|
||||||
createHome = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
in {
|
|
||||||
imports = map createStaticPage [
|
|
||||||
"habsys.de"
|
|
||||||
"pixelpocket.de"
|
|
||||||
"karlaskop.de"
|
|
||||||
"ubikmedia.de"
|
|
||||||
"apanowicz.de"
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
tables = {
|
|
||||||
filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
krebs.nginx = {
|
|
||||||
enable = true;
|
|
||||||
servers = {
|
|
||||||
#"habsys.de" = {
|
|
||||||
# server-names = [
|
|
||||||
# "habsys.de"
|
|
||||||
# "www.habsys.de"
|
|
||||||
# ];
|
|
||||||
# locations = [
|
|
||||||
# (nameValuePair "/" ''
|
|
||||||
# root /var/lib/http/habsys.de;
|
|
||||||
# '')
|
|
||||||
# ];
|
|
||||||
#};
|
|
||||||
|
|
||||||
#"karlaskop.de" = {
|
|
||||||
# server-names = [
|
|
||||||
# "karlaskop.de"
|
|
||||||
# "www.karlaskop.de"
|
|
||||||
# ];
|
|
||||||
# locations = [
|
|
||||||
# (nameValuePair "/" ''
|
|
||||||
# root /var/lib/http/karlaskop.de;
|
|
||||||
# '')
|
|
||||||
# ];
|
|
||||||
#};
|
|
||||||
|
|
||||||
#"pixelpocket.de" = {
|
|
||||||
# server-names = [
|
|
||||||
# "pixelpocket.de"
|
|
||||||
# "www.karlaskop.de"
|
|
||||||
# ];
|
|
||||||
# locations = [
|
|
||||||
# (nameValuePair "/" ''
|
|
||||||
# root /var/lib/http/karlaskop.de;
|
|
||||||
# '')
|
|
||||||
# ];
|
|
||||||
#};
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
#services.postgresql = {
|
|
||||||
# enable = true;
|
|
||||||
#};
|
|
||||||
|
|
||||||
#config.services.vsftpd = {
|
|
||||||
# enable = true;
|
|
||||||
# userlistEnable = true;
|
|
||||||
# userlistFile = pkgs.writeFile "vsftpd-userlist" ''
|
|
||||||
# '';
|
|
||||||
#};
|
|
||||||
}
|
|
@ -5,7 +5,7 @@ let
|
|||||||
in {
|
in {
|
||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
url = "echelon/wallpaper.png";
|
url = "cloudkrebs/wallpaper.png";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ in {
|
|||||||
name = "games";
|
name = "games";
|
||||||
description = "user playing games";
|
description = "user playing games";
|
||||||
home = "/home/games";
|
home = "/home/games";
|
||||||
extraGroups = [ "audio" "video" "input" ];
|
extraGroups = [ "audio" "video" "input" "loot" ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
|
@ -35,6 +35,8 @@ let
|
|||||||
newsbot-js = {};
|
newsbot-js = {};
|
||||||
kimsufi-check = {};
|
kimsufi-check = {};
|
||||||
realwallpaper = {};
|
realwallpaper = {};
|
||||||
|
xmonad-stockholm = {};
|
||||||
|
the_playlist = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
restricted-repos = mapAttrs make-restricted-repo (
|
restricted-repos = mapAttrs make-restricted-repo (
|
||||||
|
21
lass/2configs/krebs-pass.nix
Normal file
21
lass/2configs/krebs-pass.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
#TODO: tab-completion
|
||||||
|
krebs-pass = pkgs.writeDashBin "krebs-pass" ''
|
||||||
|
PASSWORD_STORE_DIR=$HOME/.krebs-pass \
|
||||||
|
exec ${pkgs.pass}/bin/pass $@
|
||||||
|
'';
|
||||||
|
|
||||||
|
krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" ''
|
||||||
|
PASSWORD_STORE_DIR=$HOME/.krebs-pass \
|
||||||
|
exec ${pkgs.pass}/bin/passmenu $@
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
krebs.per-user.lass.packages = [
|
||||||
|
krebs-pass
|
||||||
|
krebs-passmenu
|
||||||
|
];
|
||||||
|
}
|
110
lass/2configs/mail.nix
Normal file
110
lass/2configs/mail.nix
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
msmtprc = pkgs.writeText "msmtprc" ''
|
||||||
|
defaults
|
||||||
|
logfile ~/.msmtp.log
|
||||||
|
account prism
|
||||||
|
host prism.r
|
||||||
|
account default: prism
|
||||||
|
'';
|
||||||
|
|
||||||
|
msmtp = pkgs.writeDashBin "msmtp" ''
|
||||||
|
exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
|
||||||
|
'';
|
||||||
|
|
||||||
|
muttrc = pkgs.writeText "muttrc" ''
|
||||||
|
# gpg
|
||||||
|
source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
|
||||||
|
set pgp_use_gpg_agent = yes
|
||||||
|
set pgp_sign_as = 0x976A7E4D
|
||||||
|
set crypt_autosign = yes
|
||||||
|
set crypt_replyencrypt = yes
|
||||||
|
set crypt_verify_sig = yes
|
||||||
|
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
|
||||||
|
|
||||||
|
macro index \Cv \
|
||||||
|
"<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
|
||||||
|
<enter-command> set crypt_verify_sig=yes<enter> \
|
||||||
|
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
|
||||||
|
'Verify PGP signature and open the message'
|
||||||
|
|
||||||
|
macro pager \Cv \
|
||||||
|
"<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
|
||||||
|
<enter-command> set crypt_verify_sig=yes<enter> \
|
||||||
|
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
|
||||||
|
'Verify PGP signature'
|
||||||
|
|
||||||
|
|
||||||
|
# notmuch
|
||||||
|
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
|
||||||
|
set nm_record = yes
|
||||||
|
set nm_record_tags = "-inbox me archive"
|
||||||
|
set virtual_spoolfile=yes # enable virtual folders
|
||||||
|
set sendmail="msmtp" # enables parsing of outgoing mail
|
||||||
|
set use_from=yes
|
||||||
|
set envelope_from=yes
|
||||||
|
|
||||||
|
set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?"
|
||||||
|
|
||||||
|
virtual-mailboxes \
|
||||||
|
"INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
|
||||||
|
"Unread" "notmuch://?query=tag:unread"\
|
||||||
|
"TODO" "notmuch://?query=tag:TODO"\
|
||||||
|
"Starred" "notmuch://?query=tag:*"\
|
||||||
|
"Archive" "notmuch://?query=tag:archive"\
|
||||||
|
"Sent" "notmuch://?query=tag:sent"\
|
||||||
|
"Junk" "notmuch://?query=tag:junk"
|
||||||
|
|
||||||
|
tag-transforms "junk" "k" \
|
||||||
|
"unread" "u" \
|
||||||
|
"replied" "↻" \
|
||||||
|
"TODO" "T" \
|
||||||
|
|
||||||
|
# notmuch bindings
|
||||||
|
macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
|
||||||
|
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
|
||||||
|
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
|
||||||
|
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
|
||||||
|
|
||||||
|
|
||||||
|
#killed
|
||||||
|
bind index d noop
|
||||||
|
bind pager d noop
|
||||||
|
|
||||||
|
bind pager S noop
|
||||||
|
macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
|
||||||
|
macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
|
||||||
|
|
||||||
|
bind index t noop
|
||||||
|
bind pager t noop
|
||||||
|
macro index t "<modify-labels>+TODO\n" # tag as Archived
|
||||||
|
|
||||||
|
|
||||||
|
# sidebar
|
||||||
|
set sidebar_width = 20
|
||||||
|
set sidebar_visible = yes # set to "no" to disable sidebar view at startup
|
||||||
|
color sidebar_new yellow default
|
||||||
|
# sidebar bindings
|
||||||
|
bind index <left> sidebar-prev # got to previous folder in sidebar
|
||||||
|
bind index <right> sidebar-next # got to next folder in sidebar
|
||||||
|
bind index <space> sidebar-open # open selected folder from sidebar
|
||||||
|
# sidebar toggle
|
||||||
|
macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>"
|
||||||
|
macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>"
|
||||||
|
macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
|
||||||
|
'';
|
||||||
|
|
||||||
|
mutt = pkgs.writeDashBin "mutt" ''
|
||||||
|
exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
environment.systemPackages = [
|
||||||
|
msmtp
|
||||||
|
mutt
|
||||||
|
pkgs.much
|
||||||
|
pkgs.notmuch
|
||||||
|
];
|
||||||
|
}
|
49
lass/2configs/mpv.nix
Normal file
49
lass/2configs/mpv.nix
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
mpv-config = pkgs.writeText "mpv-config" ''
|
||||||
|
script=${lib.concatStringsSep "," [
|
||||||
|
good
|
||||||
|
delete
|
||||||
|
]}
|
||||||
|
'';
|
||||||
|
mpv = pkgs.writeDashBin "mpv" ''
|
||||||
|
exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
||||||
|
tmp_dir = "${dir}"
|
||||||
|
|
||||||
|
function move_current_track_${key}()
|
||||||
|
track = mp.get_property("path")
|
||||||
|
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||||
|
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||||
|
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||||
|
end
|
||||||
|
|
||||||
|
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||||
|
'';
|
||||||
|
|
||||||
|
good = moveToDir "G" "./.good";
|
||||||
|
delete = moveToDir "D" "./.graveyard";
|
||||||
|
|
||||||
|
deleteCurrentTrack = pkgs.writeText "delete.lua" ''
|
||||||
|
deleted_tmp = "./.graveyard"
|
||||||
|
|
||||||
|
-- Delete the current track by moving it to the `deleted_tmp` location.
|
||||||
|
function delete_current_track()
|
||||||
|
track = mp.get_property("path")
|
||||||
|
os.execute("mkdir -p '" .. deleted_tmp .. "'")
|
||||||
|
os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'")
|
||||||
|
print("'" .. track .. "' deleted.")
|
||||||
|
end
|
||||||
|
|
||||||
|
mp.add_key_binding("D", "delete_current_track", delete_current_track)
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
krebs.per-user.lass.packages = [
|
||||||
|
mpv
|
||||||
|
];
|
||||||
|
}
|
@ -154,7 +154,6 @@ let
|
|||||||
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
|
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
|
||||||
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
|
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
|
||||||
tigsource|http://www.tigsource.com/feed/|#news
|
tigsource|http://www.tigsource.com/feed/|#news
|
||||||
times|http://www.thetimes.co.uk/tto/news/rss|#news
|
|
||||||
tinc|http://tinc-vpn.org/news/index.rss|#news
|
tinc|http://tinc-vpn.org/news/index.rss|#news
|
||||||
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
|
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
|
||||||
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
|
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
|
||||||
|
@ -1,10 +1,9 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
krebs.per-user.lass.packages = with pkgs; [
|
||||||
pass
|
pass
|
||||||
gnupg1
|
gnupg1
|
||||||
];
|
];
|
||||||
|
|
||||||
services.xserver.startGnuPGAgent = true;
|
|
||||||
}
|
}
|
||||||
|
@ -8,7 +8,6 @@
|
|||||||
htop
|
htop
|
||||||
i3lock
|
i3lock
|
||||||
mosh
|
mosh
|
||||||
mpv
|
|
||||||
pass
|
pass
|
||||||
pavucontrol
|
pavucontrol
|
||||||
pv
|
pv
|
||||||
|
133
lass/2configs/radio.nix
Normal file
133
lass/2configs/radio.nix
Normal file
@ -0,0 +1,133 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
name = "radio";
|
||||||
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
|
inherit (config.krebs.lib) genid;
|
||||||
|
|
||||||
|
admin-password = import <secrets/icecast-admin-pw>;
|
||||||
|
source-password = import <secrets/icecast-source-pw>;
|
||||||
|
|
||||||
|
in {
|
||||||
|
users.users = {
|
||||||
|
"${name}" = rec {
|
||||||
|
inherit name;
|
||||||
|
group = name;
|
||||||
|
uid = genid name;
|
||||||
|
description = "radio manager";
|
||||||
|
home = "/home/${name}";
|
||||||
|
useDefaultShell = true;
|
||||||
|
createHome = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups = {
|
||||||
|
"radio" = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.per-user.${name}.packages = with pkgs; [
|
||||||
|
ncmpcpp
|
||||||
|
mpc_cli
|
||||||
|
tmux
|
||||||
|
];
|
||||||
|
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.mpd = {
|
||||||
|
enable = true;
|
||||||
|
group = "radio";
|
||||||
|
musicDirectory = "/home/radio/the_playlist/music";
|
||||||
|
extraConfig = ''
|
||||||
|
audio_output {
|
||||||
|
type "shout"
|
||||||
|
encoding "ogg"
|
||||||
|
name "my cool stream"
|
||||||
|
host "localhost"
|
||||||
|
port "8000"
|
||||||
|
mount "/radio.ogg"
|
||||||
|
|
||||||
|
# This is the source password in icecast.xml
|
||||||
|
password "${source-password}"
|
||||||
|
|
||||||
|
# Set either quality or bit rate
|
||||||
|
# quality "5.0"
|
||||||
|
bitrate "128"
|
||||||
|
|
||||||
|
format "44100:16:1"
|
||||||
|
|
||||||
|
# Optional Parameters
|
||||||
|
user "source"
|
||||||
|
# description "here is my long description"
|
||||||
|
# genre "jazz"
|
||||||
|
} # end of audio_output
|
||||||
|
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.icecast = {
|
||||||
|
enable = true;
|
||||||
|
hostname = "config.krebs.build.host.name";
|
||||||
|
admin.password = admin-password;
|
||||||
|
extraConf = ''
|
||||||
|
<authentication>
|
||||||
|
<source-password>${source-password}</source-password>
|
||||||
|
</authentication>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.iptables = {
|
||||||
|
tables = {
|
||||||
|
filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.timers.radio = {
|
||||||
|
description = "radio autoadder timer";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*:*";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.radio = let
|
||||||
|
autoAdd = pkgs.writeDash "autoAdd" ''
|
||||||
|
LIMIT=$1 #in secconds
|
||||||
|
|
||||||
|
addRandom () {
|
||||||
|
mpc add "$(mpc ls | shuf -n1)"
|
||||||
|
}
|
||||||
|
|
||||||
|
timeLeft () {
|
||||||
|
playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
|
||||||
|
currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
|
||||||
|
expr ''${playlistDuration:-0} - ''${currentTime:-0}
|
||||||
|
}
|
||||||
|
|
||||||
|
if test $(timeLeft) -le $LIMIT; then
|
||||||
|
addRandom
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
description = "radio playlist autoadder";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
path = with pkgs; [
|
||||||
|
gawk
|
||||||
|
mpc_cli
|
||||||
|
];
|
||||||
|
|
||||||
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
ExecStart = "${autoAdd} 100";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -147,13 +147,8 @@ in {
|
|||||||
vimrcConfig.vam.pluginDictionaries = [
|
vimrcConfig.vam.pluginDictionaries = [
|
||||||
{ names = [
|
{ names = [
|
||||||
"brogrammer"
|
"brogrammer"
|
||||||
"commentary"
|
|
||||||
"extradite"
|
|
||||||
"file-line"
|
"file-line"
|
||||||
"fugitive"
|
|
||||||
"Gundo"
|
"Gundo"
|
||||||
"mustang2"
|
|
||||||
"unimpaired"
|
|
||||||
]; }
|
]; }
|
||||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||||
];
|
];
|
||||||
|
@ -1,35 +1,87 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
inherit (config.krebs.lib)
|
||||||
|
genid
|
||||||
|
readFile
|
||||||
|
;
|
||||||
|
inherit (import ../../4lib { inherit lib pkgs; })
|
||||||
|
manageCert
|
||||||
|
manageCerts
|
||||||
|
activateACME
|
||||||
|
ssl
|
||||||
|
servePage
|
||||||
|
serveOwncloud
|
||||||
|
serveWordpress;
|
||||||
|
|
||||||
|
msmtprc = pkgs.writeText "msmtprc" ''
|
||||||
|
account prism
|
||||||
|
host localhost
|
||||||
|
account default: prism
|
||||||
|
'';
|
||||||
|
|
||||||
|
sendmail = pkgs.writeDash "msmtp" ''
|
||||||
|
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../../3modules/static_nginx.nix
|
( ssl [ "reich-gebaeudereinigung.de" ])
|
||||||
../../3modules/owncloud_nginx.nix
|
( servePage [ "reich-gebaeudereinigung.de" ])
|
||||||
../../3modules/wordpress_nginx.nix
|
|
||||||
|
( manageCerts [ "karlaskop.de" ])
|
||||||
|
( servePage [ "karlaskop.de" ])
|
||||||
|
|
||||||
|
( ssl [ "makeup.apanowicz.de" ])
|
||||||
|
( servePage [ "makeup.apanowicz.de" ])
|
||||||
|
|
||||||
|
( manageCerts [ "pixelpocket.de" ])
|
||||||
|
( servePage [ "pixelpocket.de" ])
|
||||||
|
|
||||||
|
( ssl [ "o.ubikmedia.de" ])
|
||||||
|
( serveOwncloud [ "o.ubikmedia.de" ])
|
||||||
|
|
||||||
|
( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||||
|
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||||
];
|
];
|
||||||
|
|
||||||
lass.staticPage = {
|
|
||||||
"karlaskop.de" = {};
|
|
||||||
"makeup.apanowicz.de" = {};
|
|
||||||
"pixelpocket.de" = {};
|
|
||||||
"reich-gebaeudereinigung.de" = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
lass.owncloud = {
|
|
||||||
"o.ubikmedia.de" = {
|
|
||||||
instanceid = "oc8n8ddbftgh";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.mysql = {
|
services.mysql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.mariadb;
|
package = pkgs.mariadb;
|
||||||
rootPassword = toString (<secrets/mysql_rootPassword>);
|
rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||||
};
|
};
|
||||||
|
|
||||||
#lass.wordpress = {
|
lass.mysqlBackup = {
|
||||||
# "ubikmedia.de" = {
|
enable = true;
|
||||||
# };
|
config.domsen = {
|
||||||
#};
|
password = toString (<secrets/mysql_rootPassword>);
|
||||||
|
databases = [
|
||||||
|
"ubikmedia_de"
|
||||||
|
"o_ubikmedia_de"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.mysqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
databases = [
|
||||||
|
"ubikmedia_de"
|
||||||
|
"o_ubikmedia_de"
|
||||||
|
];
|
||||||
|
location = "/bku/sql_dumps";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.domsen = {
|
||||||
|
uid = genid "domsen";
|
||||||
|
description = "maintenance acc for domsen";
|
||||||
|
home = "/home/domsen";
|
||||||
|
useDefaultShell = true;
|
||||||
|
extraGroups = [ "nginx" ];
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.phpfpm.phpOptions = ''
|
||||||
|
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||||
|
sendmail_path = ${sendmail} -t
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,33 +1,57 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
inherit (import ../../4lib { inherit lib pkgs; })
|
||||||
|
manageCerts
|
||||||
|
activateACME
|
||||||
|
ssl
|
||||||
|
servePage
|
||||||
|
serveWordpress;
|
||||||
|
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../../3modules/static_nginx.nix
|
( manageCerts [ "biostase.de" "www.biostase.de" ])
|
||||||
../../3modules/owncloud_nginx.nix
|
#( serveWordpress [ "biostase.de" "www.biostase.de" ])
|
||||||
../../3modules/wordpress_nginx.nix
|
|
||||||
|
( manageCerts [ "radical-dreamers.de" ])
|
||||||
|
( serveWordpress [ "radical-dreamers.de" ])
|
||||||
|
|
||||||
|
( manageCerts [ "gs-maubach.de" ])
|
||||||
|
( serveWordpress [ "gs-maubach.de" ])
|
||||||
|
|
||||||
|
( manageCerts [ "spielwaren-kern.de" ])
|
||||||
|
( serveWordpress [ "spielwaren-kern.de" ])
|
||||||
|
|
||||||
|
( manageCerts [ "familienpraxis-korntal.de" ])
|
||||||
|
( servePage [ "familienpraxis-korntal.de" ])
|
||||||
|
|
||||||
|
( manageCerts [ "ttf-kleinaspach.de" ])
|
||||||
|
( serveWordpress [ "ttf-kleinaspach.de" ])
|
||||||
|
|
||||||
|
( ssl [ "eastuttgart.de" ])
|
||||||
|
( serveWordpress [ "eastuttgart.de" ])
|
||||||
|
|
||||||
|
( ssl [ "habsys.de" "habsys.eu" ])
|
||||||
|
( servePage [ "habsys.de" "habsys.eu" ])
|
||||||
];
|
];
|
||||||
|
|
||||||
lass.staticPage = {
|
services.mysql = {
|
||||||
"biostase.de" = {};
|
enable = true;
|
||||||
"gs-maubach.de" = {};
|
package = pkgs.mariadb;
|
||||||
"spielwaren-kern.de" = {};
|
rootPassword = toString (<secrets/mysql_rootPassword>);
|
||||||
"societyofsimtech.de" = {};
|
|
||||||
"ttf-kleinaspach.de" = {};
|
|
||||||
"edsn.de" = {};
|
|
||||||
"eab.berkeley.edu" = {};
|
|
||||||
"habsys.de" = {};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#lass.owncloud = {
|
lass.mysqlBackup = {
|
||||||
# "o.ubikmedia.de" = {
|
enable = true;
|
||||||
# instanceid = "oc8n8ddbftgh";
|
config.fritz = {
|
||||||
# };
|
password = toString (<secrets/mysql_rootPassword>);
|
||||||
#};
|
databases = [
|
||||||
|
"biostase_de"
|
||||||
#services.mysql = {
|
"eastuttgart_de"
|
||||||
# enable = true;
|
"radical_dreamers_de"
|
||||||
# package = pkgs.mariadb;
|
"spielwaren_kern_de"
|
||||||
# rootPassword = toString (<secrets/mysql_rootPassword>);
|
"ttf_kleinaspach_de"
|
||||||
#};
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,17 @@
|
|||||||
{ config, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
inherit (config.krebs.lib) genid;
|
||||||
|
inherit (import ../../4lib { inherit lib pkgs; })
|
||||||
|
ssl
|
||||||
|
servePage;
|
||||||
|
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../../3modules/static_nginx.nix
|
( ssl [ "wohnprojekt-rhh.de" ])
|
||||||
|
( servePage [ "wohnprojekt-rhh.de" ])
|
||||||
];
|
];
|
||||||
|
|
||||||
lass.staticPage = {
|
|
||||||
"wohnprojekt-rhh.de" = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.laura = {
|
users.users.laura = {
|
||||||
home = "/srv/http/wohnprojekt-rhh.de";
|
home = "/srv/http/wohnprojekt-rhh.de";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
@ -16,6 +16,7 @@ in {
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
|
config.krebs.users.lass-shodan.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -40,8 +40,8 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.setuidPrograms = [
|
krebs.per-user.lass.packages = [
|
||||||
"slock"
|
pkgs.rxvt_unicode_with-plugins
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.display-manager.enable = false;
|
systemd.services.display-manager.enable = false;
|
||||||
@ -52,7 +52,7 @@ let
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "xserver.service" ];
|
requires = [ "xserver.service" ];
|
||||||
environment = xmonad-environment;
|
environment = xmonad-environment;
|
||||||
restartIfChanged = false;
|
restartIfChanged = true;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${xmonad-start}/bin/xmonad";
|
ExecStart = "${xmonad-start}/bin/xmonad";
|
||||||
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
|
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
|
||||||
@ -82,12 +82,7 @@ let
|
|||||||
|
|
||||||
# XXX JSON is close enough :)
|
# XXX JSON is close enough :)
|
||||||
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
|
||||||
"cr"
|
"dashboard"
|
||||||
"gm"
|
|
||||||
"ff"
|
|
||||||
"IM"
|
|
||||||
"mail"
|
|
||||||
"stockholm"
|
|
||||||
]);
|
]);
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -96,6 +91,9 @@ let
|
|||||||
set -efu
|
set -efu
|
||||||
export PATH; PATH=${makeSearchPath "bin" ([
|
export PATH; PATH=${makeSearchPath "bin" ([
|
||||||
pkgs.rxvt_unicode
|
pkgs.rxvt_unicode
|
||||||
|
pkgs.i3lock
|
||||||
|
pkgs.pulseaudioLight
|
||||||
|
pkgs.xorg.xbacklight
|
||||||
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
||||||
settle() {(
|
settle() {(
|
||||||
# Use PATH for a clean journal
|
# Use PATH for a clean journal
|
||||||
@ -114,7 +112,8 @@ let
|
|||||||
|
|
||||||
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
|
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
|
${pkgs.xmonad-lass}/bin/xmonad --shutdown
|
||||||
|
${pkgs.coreutils}/bin/sleep 2s
|
||||||
'';
|
'';
|
||||||
|
|
||||||
xserver-environment = {
|
xserver-environment = {
|
||||||
@ -128,7 +127,7 @@ let
|
|||||||
xserver = pkgs.writeScriptBin "xserver" ''
|
xserver = pkgs.writeScriptBin "xserver" ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
set -efu
|
set -efu
|
||||||
exec ${pkgs.xorg.xorgserver}/bin/X \
|
exec ${pkgs.xorg.xorgserver.out}/bin/X \
|
||||||
:${toString config.services.xserver.display} \
|
:${toString config.services.xserver.display} \
|
||||||
vt${toString config.services.xserver.tty} \
|
vt${toString config.services.xserver.tty} \
|
||||||
-config ${import ./xserver.conf.nix args} \
|
-config ${import ./xserver.conf.nix args} \
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
_:
|
_:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./xresources.nix
|
./ejabberd
|
||||||
./folderPerms.nix
|
./folderPerms.nix
|
||||||
./per-user.nix
|
./mysql-backup.nix
|
||||||
./urxvtd.nix
|
./urxvtd.nix
|
||||||
./xresources.nix
|
|
||||||
./wordpress_nginx.nix
|
./wordpress_nginx.nix
|
||||||
|
./xresources.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
93
lass/3modules/ejabberd/config.nix
Normal file
93
lass/3modules/ejabberd/config.nix
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
{ config, ... }: with config.krebs.lib; let
|
||||||
|
cfg = config.lass.ejabberd;
|
||||||
|
|
||||||
|
# XXX this is a placeholder that happens to work the default strings.
|
||||||
|
toErlang = builtins.toJSON;
|
||||||
|
in toFile "ejabberd.conf" ''
|
||||||
|
{loglevel, 3}.
|
||||||
|
{hosts, ${toErlang cfg.hosts}}.
|
||||||
|
{listen,
|
||||||
|
[
|
||||||
|
{5222, ejabberd_c2s, [
|
||||||
|
starttls,
|
||||||
|
{certfile, ${toErlang cfg.certfile}},
|
||||||
|
{access, c2s},
|
||||||
|
{shaper, c2s_shaper},
|
||||||
|
{max_stanza_size, 65536}
|
||||||
|
]},
|
||||||
|
{5269, ejabberd_s2s_in, [
|
||||||
|
{shaper, s2s_shaper},
|
||||||
|
{max_stanza_size, 131072}
|
||||||
|
]},
|
||||||
|
{5280, ejabberd_http, [
|
||||||
|
captcha,
|
||||||
|
http_bind,
|
||||||
|
http_poll,
|
||||||
|
web_admin
|
||||||
|
]}
|
||||||
|
]}.
|
||||||
|
{s2s_use_starttls, required}.
|
||||||
|
{s2s_certfile, ${toErlang cfg.s2s_certfile}}.
|
||||||
|
{auth_method, internal}.
|
||||||
|
{shaper, normal, {maxrate, 1000}}.
|
||||||
|
{shaper, fast, {maxrate, 50000}}.
|
||||||
|
{max_fsm_queue, 1000}.
|
||||||
|
{acl, local, {user_regexp, ""}}.
|
||||||
|
{access, max_user_sessions, [{10, all}]}.
|
||||||
|
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
|
||||||
|
{access, local, [{allow, local}]}.
|
||||||
|
{access, c2s, [{deny, blocked},
|
||||||
|
{allow, all}]}.
|
||||||
|
{access, c2s_shaper, [{none, admin},
|
||||||
|
{normal, all}]}.
|
||||||
|
{access, s2s_shaper, [{fast, all}]}.
|
||||||
|
{access, announce, [{allow, admin}]}.
|
||||||
|
{access, configure, [{allow, admin}]}.
|
||||||
|
{access, muc_admin, [{allow, admin}]}.
|
||||||
|
{access, muc_create, [{allow, local}]}.
|
||||||
|
{access, muc, [{allow, all}]}.
|
||||||
|
{access, pubsub_createnode, [{allow, local}]}.
|
||||||
|
{access, register, [{allow, local}]}.
|
||||||
|
{language, "en"}.
|
||||||
|
{modules,
|
||||||
|
[
|
||||||
|
{mod_adhoc, []},
|
||||||
|
{mod_announce, [{access, announce}]},
|
||||||
|
{mod_blocking,[]},
|
||||||
|
{mod_caps, []},
|
||||||
|
{mod_configure,[]},
|
||||||
|
{mod_disco, []},
|
||||||
|
{mod_irc, []},
|
||||||
|
{mod_http_bind, []},
|
||||||
|
{mod_last, []},
|
||||||
|
{mod_muc, [
|
||||||
|
{access, muc},
|
||||||
|
{access_create, muc_create},
|
||||||
|
{access_persistent, muc_create},
|
||||||
|
{access_admin, muc_admin}
|
||||||
|
]},
|
||||||
|
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
|
||||||
|
{mod_ping, []},
|
||||||
|
{mod_privacy, []},
|
||||||
|
{mod_private, []},
|
||||||
|
{mod_pubsub, [
|
||||||
|
{access_createnode, pubsub_createnode},
|
||||||
|
{ignore_pep_from_offline, true},
|
||||||
|
{last_item_cache, false},
|
||||||
|
{plugins, ["flat", "hometree", "pep"]}
|
||||||
|
]},
|
||||||
|
{mod_register, [
|
||||||
|
{welcome_message, {"Welcome!",
|
||||||
|
"Hi.\nWelcome to this XMPP server."}},
|
||||||
|
{ip_access, [{allow, "127.0.0.0/8"},
|
||||||
|
{allow, "0.0.0.0/0"}]},
|
||||||
|
{access, register}
|
||||||
|
]},
|
||||||
|
{mod_roster, []},
|
||||||
|
{mod_shared_roster,[]},
|
||||||
|
{mod_stats, []},
|
||||||
|
{mod_time, []},
|
||||||
|
{mod_vcard, []},
|
||||||
|
{mod_version, []}
|
||||||
|
]}.
|
||||||
|
''
|
57
lass/3modules/ejabberd/default.nix
Normal file
57
lass/3modules/ejabberd/default.nix
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
|
||||||
|
cfg = config.lass.ejabberd;
|
||||||
|
in {
|
||||||
|
options.lass.ejabberd = {
|
||||||
|
enable = mkEnableOption "lass.ejabberd";
|
||||||
|
certfile = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
hosts = mkOption {
|
||||||
|
type = with types; listOf str;
|
||||||
|
};
|
||||||
|
pkgs.ejabberdctl = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.writeDashBin "ejabberdctl" ''
|
||||||
|
set -efu
|
||||||
|
export SPOOLDIR=${shell.escape cfg.user.home}
|
||||||
|
export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
|
||||||
|
exec ${pkgs.ejabberd}/bin/ejabberdctl \
|
||||||
|
--logs ${shell.escape cfg.user.home} \
|
||||||
|
--spool ${shell.escape cfg.user.home} \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
s2s_certfile = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = cfg.certfile;
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.user;
|
||||||
|
default = {
|
||||||
|
name = "ejabberd";
|
||||||
|
home = "/var/ejabberd";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
|
||||||
|
|
||||||
|
systemd.services.ejabberd = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = "yes";
|
||||||
|
PermissionsStartOnly = "true";
|
||||||
|
SyslogIdentifier = "ejabberd";
|
||||||
|
User = cfg.user.name;
|
||||||
|
ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.${cfg.user.name} = {
|
||||||
|
inherit (cfg.user) home name uid;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
86
lass/3modules/mysql-backup.nix
Normal file
86
lass/3modules/mysql-backup.nix
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.lass.mysqlBackup;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.lass.mysqlBackup = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "mysqlBackup";
|
||||||
|
config = mkOption {
|
||||||
|
type = with types; attrsOf (submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
name = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = config._module.args.name;
|
||||||
|
};
|
||||||
|
startAt = mkOption {
|
||||||
|
type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
|
||||||
|
default = "*-*-* 01:15:00";
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "root";
|
||||||
|
};
|
||||||
|
password = mkOption {
|
||||||
|
type = nullOr str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
path to a file containing the mysqlPassword for the specified user.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
databases = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
location = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "/bku/sql_dumps";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
description = "configuration for mysqlBackup";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
|
||||||
|
#systemd.timers =
|
||||||
|
# mapAttrs (_: plan: {
|
||||||
|
# wantedBy = [ "timers.target" ];
|
||||||
|
# timerConfig = plan.timerConfig;
|
||||||
|
#}) cfg.config;
|
||||||
|
|
||||||
|
systemd.services =
|
||||||
|
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
|
||||||
|
path = with pkgs; [
|
||||||
|
mysql
|
||||||
|
gzip
|
||||||
|
];
|
||||||
|
serviceConfig = rec {
|
||||||
|
ExecStart = start plan;
|
||||||
|
SyslogIdentifier = ExecStart.name;
|
||||||
|
Type = "oneshot";
|
||||||
|
User = plan.user;
|
||||||
|
};
|
||||||
|
startAt = plan.startAt;
|
||||||
|
}) cfg.config;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
start = plan: let
|
||||||
|
backupScript = plan: db:
|
||||||
|
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
|
||||||
|
|
||||||
|
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
|
||||||
|
${concatMapStringsSep "\n" (backupScript plan) plan.databases}
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
in out
|
@ -1,53 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with config.krebs.lib;
|
|
||||||
let
|
|
||||||
cfg = config.lass.per-user;
|
|
||||||
|
|
||||||
out = {
|
|
||||||
options.lass.per-user = api;
|
|
||||||
config = imp;
|
|
||||||
};
|
|
||||||
|
|
||||||
api = mkOption {
|
|
||||||
type = with types; attrsOf (submodule {
|
|
||||||
options = {
|
|
||||||
packages = mkOption {
|
|
||||||
type = listOf path;
|
|
||||||
default = [];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
imp = {
|
|
||||||
#
|
|
||||||
# TODO only shellInit and use well-known paths
|
|
||||||
#
|
|
||||||
environment.shellInit = ''
|
|
||||||
if test -e ${user-profiles}/"$LOGNAME"; then
|
|
||||||
. ${user-profiles}/"$LOGNAME"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
environment.interactiveShellInit = ''
|
|
||||||
if test -e ${user-profiles}/"$LOGNAME"; then
|
|
||||||
. ${user-profiles}/"$LOGNAME"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
user-profiles = pkgs.runCommand "user-profiles" {} ''
|
|
||||||
mkdir $out
|
|
||||||
${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
|
|
||||||
cat > $out/${logname} <<\EOF
|
|
||||||
${optionalString (length packages > 0) (
|
|
||||||
let path = makeSearchPath "bin" packages; in
|
|
||||||
''export PATH="$PATH":${escapeShellArg path}''
|
|
||||||
)}
|
|
||||||
EOF
|
|
||||||
'') cfg)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
in out
|
|
@ -1,10 +1,231 @@
|
|||||||
{ lib, ... }:
|
{ lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
rec {
|
||||||
|
|
||||||
getDefaultGateway = ip:
|
getDefaultGateway = ip:
|
||||||
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
||||||
|
|
||||||
|
manageCerts = domains:
|
||||||
|
let
|
||||||
|
domain = head domains;
|
||||||
|
in {
|
||||||
|
security.acme = {
|
||||||
|
certs."${domain}" = {
|
||||||
|
email = "lassulus@gmail.com";
|
||||||
|
webroot = "/var/lib/acme/challenges/${domain}";
|
||||||
|
plugins = [
|
||||||
|
"account_key.json"
|
||||||
|
"key.pem"
|
||||||
|
"fullchain.pem"
|
||||||
|
];
|
||||||
|
group = "nginx";
|
||||||
|
allowKeysForGroup = true;
|
||||||
|
extraDomains = genAttrs domains (_: null);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.nginx.servers."${domain}" = {
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/.well-known/acme-challenge" ''
|
||||||
|
root /var/lib/acme/challenges/${domain}/;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ssl = domains:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
( manageCerts domains )
|
||||||
|
( activateACME (head domains) )
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
activateACME = domain:
|
||||||
|
{
|
||||||
|
krebs.nginx.servers."${domain}" = {
|
||||||
|
ssl = {
|
||||||
|
enable = true;
|
||||||
|
certificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||||
|
certificate_key = "/var/lib/acme/${domain}/key.pem";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
servePage = domains:
|
||||||
|
let
|
||||||
|
domain = head domains;
|
||||||
|
in {
|
||||||
|
krebs.nginx.servers."${domain}" = {
|
||||||
|
server-names = domains;
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/" ''
|
||||||
|
root /srv/http/${domain};
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
serveOwncloud = domains:
|
||||||
|
let
|
||||||
|
domain = head domains;
|
||||||
|
in {
|
||||||
|
krebs.nginx.servers."${domain}" = {
|
||||||
|
server-names = domains;
|
||||||
|
extraConfig = ''
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
|
||||||
|
# Path to the root of your installation
|
||||||
|
root /srv/http/${domain}/;
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Disable gzip to avoid the removal of the ETag header
|
||||||
|
gzip off;
|
||||||
|
|
||||||
|
# Uncomment if your server is build with the ngx_pagespeed module
|
||||||
|
# This module is currently not supported.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
index index.php;
|
||||||
|
error_page 403 /core/templates/403.php;
|
||||||
|
error_page 404 /core/templates/404.php;
|
||||||
|
|
||||||
|
rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
|
||||||
|
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
|
||||||
|
|
||||||
|
# The following 2 rules are only needed for the user_webfinger app.
|
||||||
|
# Uncomment it if you're planning to use this app.
|
||||||
|
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||||
|
'';
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/robots.txt" ''
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
'')
|
||||||
|
(nameValuePair "~ ^/(build|tests|config|lib|3rdparty|templates|data)/" ''
|
||||||
|
deny all;
|
||||||
|
'')
|
||||||
|
|
||||||
|
(nameValuePair "~ ^/(?:autotest|occ|issue|indie|db_|console)" ''
|
||||||
|
deny all;
|
||||||
|
'')
|
||||||
|
|
||||||
|
(nameValuePair "/" ''
|
||||||
|
rewrite ^/remote/(.*) /remote.php last;
|
||||||
|
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
'')
|
||||||
|
|
||||||
|
(nameValuePair "~ \.php(?:$|/)" ''
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
|
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||||
|
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
'')
|
||||||
|
|
||||||
|
# Adding the cache control header for js and css files
|
||||||
|
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
|
||||||
|
(nameValuePair "~* \.(?:css|js)$" ''
|
||||||
|
add_header Cache-Control "public, max-age=7200";
|
||||||
|
# Add headers to serve security related headers
|
||||||
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
# Optional: Don't log access to assets
|
||||||
|
access_log off;
|
||||||
|
'')
|
||||||
|
|
||||||
|
# Optional: Don't log access to other assets
|
||||||
|
(nameValuePair "~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$" ''
|
||||||
|
access_log off;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.phpfpm.poolConfigs."${domain}" = ''
|
||||||
|
listen = /srv/http/${domain}/phpfpm.pool
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 5
|
||||||
|
pm.start_servers = 2
|
||||||
|
pm.min_spare_servers = 1
|
||||||
|
pm.max_spare_servers = 3
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
# errors to journal
|
||||||
|
php_admin_value[error_log] = 'stderr'
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
catch_workers_output = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
serveWordpress = domains:
|
||||||
|
let
|
||||||
|
domain = head domains;
|
||||||
|
|
||||||
|
in {
|
||||||
|
krebs.nginx.servers."${domain}" = {
|
||||||
|
server-names = domains;
|
||||||
|
extraConfig = ''
|
||||||
|
root /srv/http/${domain}/;
|
||||||
|
index index.php;
|
||||||
|
access_log /tmp/nginx_acc.log;
|
||||||
|
error_log /tmp/nginx_err.log;
|
||||||
|
error_page 404 /404.html;
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
'';
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/" ''
|
||||||
|
try_files $uri $uri/ /index.php?$args;
|
||||||
|
'')
|
||||||
|
(nameValuePair "~ \.php$" ''
|
||||||
|
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
'')
|
||||||
|
#(nameValuePair "~ /\\." ''
|
||||||
|
# deny all;
|
||||||
|
#'')
|
||||||
|
#Directives to send expires headers and turn off 404 error logging.
|
||||||
|
(nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
expires max;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.phpfpm.poolConfigs."${domain}" = ''
|
||||||
|
listen = /srv/http/${domain}/phpfpm.pool
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 5
|
||||||
|
pm.start_servers = 2
|
||||||
|
pm.min_spare_servers = 1
|
||||||
|
pm.max_spare_servers = 3
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
# errors to journal
|
||||||
|
php_admin_value[error_log] = 'stderr'
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
catch_workers_output = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,16 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
pkgs.writeScriptBin "acronym" ''
|
pkgs.writeScriptBin "acronym" ''
|
||||||
|
|
||||||
#! ${pkgs.bash}/bin/bash
|
#! ${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
acro=$1
|
acro=$1
|
||||||
|
|
||||||
curl -s http://www.acronymfinder.com/$acro.html \
|
curl -s http://www.acronymfinder.com/$acro.html \
|
||||||
| grep 'class="result-list__body__rank"' \
|
| grep 'class="result-list__body__rank"' \
|
||||||
| sed 's/.*title="\([^"]*\)".*/\1/' \
|
| sed '
|
||||||
| sed 's/^.* - //' \
|
s/.*title="\([^"]*\)".*/\1/
|
||||||
| sed "s/'/'/g"
|
s/^.* - //
|
||||||
|
s/'/'\'''/g
|
||||||
|
'
|
||||||
''
|
''
|
||||||
|
@ -8,7 +8,10 @@
|
|||||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||||
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
||||||
};
|
};
|
||||||
|
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
|
||||||
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
||||||
|
untilport = pkgs.callPackage ./untilport/default.nix {};
|
||||||
|
urban = pkgs.callPackage ./urban/default.nix {};
|
||||||
xmonad-lass =
|
xmonad-lass =
|
||||||
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
||||||
pkgs.haskellPackages.callPackage src {};
|
pkgs.haskellPackages.callPackage src {};
|
||||||
|
19
lass/5pkgs/mk_sql_pair/default.nix
Normal file
19
lass/5pkgs/mk_sql_pair/default.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "mk_sql_pair" ''
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
name=$1
|
||||||
|
password=$2
|
||||||
|
|
||||||
|
if [ $# -ne 2 ]; then
|
||||||
|
echo '$1=name, $2=password'
|
||||||
|
exit 23;
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
create database $name;
|
||||||
|
create user $name;
|
||||||
|
grant all on $name.* to $name@'localhost' identified by '$password';
|
||||||
|
EOF
|
||||||
|
''
|
18
lass/5pkgs/untilport/default.nix
Normal file
18
lass/5pkgs/untilport/default.nix
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeDashBin "untilport" ''
|
||||||
|
set -euf
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
echo 'untiport $target $port'
|
||||||
|
echo 'Sleeps until the destinated port is reachable.'
|
||||||
|
echo 'ex: untilport google.de 80 && echo "google is now reachable"'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if [ $# -ne 2 ]; then
|
||||||
|
usage
|
||||||
|
else
|
||||||
|
until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
|
||||||
|
fi
|
||||||
|
''
|
21
lass/5pkgs/urban/default.nix
Normal file
21
lass/5pkgs/urban/default.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "urban" ''
|
||||||
|
#!/bin/sh
|
||||||
|
set -euf
|
||||||
|
term=$1
|
||||||
|
curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \
|
||||||
|
| sed 's/<\/\?a\>[^>]*>//g' \
|
||||||
|
| sed 's/<\([^>]*\)>/\n<\1\n/g' \
|
||||||
|
| grep . \
|
||||||
|
| sed -n '/<div class=.meaning./,/<\/div/p' \
|
||||||
|
| sed 's/<div class=.meaning./-----/' \
|
||||||
|
| grep -v '^</div\>' \
|
||||||
|
| grep -v '^<br\>' \
|
||||||
|
| sed '
|
||||||
|
s/"/"/g
|
||||||
|
s/'/'\'''/g
|
||||||
|
s/>/>/g
|
||||||
|
s/</>/g
|
||||||
|
'
|
||||||
|
''
|
@ -5,56 +5,37 @@
|
|||||||
|
|
||||||
|
|
||||||
module Main where
|
module Main where
|
||||||
|
|
||||||
import Control.Exception
|
|
||||||
import Text.Read (readEither)
|
|
||||||
import XMonad
|
import XMonad
|
||||||
import System.IO (hPutStrLn, stderr)
|
|
||||||
import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
|
|
||||||
import System.Posix.Process (executeFile)
|
|
||||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
|
|
||||||
, removeEmptyWorkspace)
|
|
||||||
import XMonad.Actions.GridSelect
|
|
||||||
import XMonad.Actions.CycleWS (toggleWS)
|
|
||||||
--import XMonad.Actions.CopyWindow ( copy )
|
|
||||||
import XMonad.Layout.NoBorders ( smartBorders )
|
|
||||||
import qualified XMonad.StackSet as W
|
import qualified XMonad.StackSet as W
|
||||||
import Data.Map (Map)
|
import Control.Exception
|
||||||
import qualified Data.Map as Map
|
import Data.List (isInfixOf)
|
||||||
-- TODO import XMonad.Layout.WorkspaceDir
|
import System.Environment (getArgs, withArgs, getEnv)
|
||||||
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
|
import System.IO (hPutStrLn, stderr)
|
||||||
-- import XMonad.Layout.Tabbed
|
import Text.Read (readEither)
|
||||||
--import XMonad.Layout.MouseResizableTile
|
|
||||||
import XMonad.Layout.Reflect (reflectVert)
|
|
||||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
|
||||||
import XMonad.Hooks.Place (placeHook, smart)
|
|
||||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
|
||||||
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
|
||||||
import XMonad.Layout.PerWorkspace (onWorkspace)
|
|
||||||
--import XMonad.Layout.BinarySpacePartition
|
|
||||||
import XMonad.Util.EZConfig (additionalKeysP)
|
|
||||||
|
|
||||||
import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
|
|
||||||
import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
|
|
||||||
import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
|
|
||||||
import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
|
|
||||||
import XMonad.Prompt.Workspace
|
|
||||||
import XMonad.Actions.CopyWindow (copy, kill1)
|
import XMonad.Actions.CopyWindow (copy, kill1)
|
||||||
import qualified Data.Map as M
|
import XMonad.Actions.CycleWS (toggleWS)
|
||||||
import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
|
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
|
||||||
|
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
|
||||||
--import XMonad.Actions.Submap
|
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
|
||||||
import XMonad.Stockholm.Pager
|
import XMonad.Hooks.FloatNext (floatNext)
|
||||||
import XMonad.Stockholm.Rhombus
|
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||||
import XMonad.Stockholm.Shutdown
|
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||||
|
import XMonad.Hooks.Place (placeHook, smart)
|
||||||
|
import XMonad.Hooks.UrgencyHook (focusUrgent)
|
||||||
|
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
|
||||||
|
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||||
|
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
|
||||||
|
import XMonad.Layout.NoBorders (smartBorders)
|
||||||
|
import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
|
||||||
|
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
|
||||||
|
import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
|
||||||
|
import XMonad.Util.EZConfig (additionalKeysP)
|
||||||
|
|
||||||
|
|
||||||
myTerm :: String
|
myTerm :: String
|
||||||
myTerm = "urxvtc"
|
myTerm = "urxvtc"
|
||||||
|
|
||||||
myRootTerm :: String
|
|
||||||
myRootTerm = "urxvtc -name root-urxvt -e su -"
|
|
||||||
|
|
||||||
myFont :: String
|
myFont :: String
|
||||||
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
|
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
|
||||||
|
|
||||||
@ -67,18 +48,12 @@ mainNoArgs :: IO ()
|
|||||||
mainNoArgs = do
|
mainNoArgs = do
|
||||||
workspaces0 <- getWorkspaces0
|
workspaces0 <- getWorkspaces0
|
||||||
xmonad'
|
xmonad'
|
||||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
|
||||||
-- urgencyConfig { remindWhen = Every 1 }
|
|
||||||
-- $ withUrgencyHook borderUrgencyHook "magenta"
|
|
||||||
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
|
|
||||||
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
||||||
$ def
|
$ def
|
||||||
{ terminal = myTerm
|
{ terminal = myTerm
|
||||||
, modMask = mod4Mask
|
, modMask = mod4Mask
|
||||||
, workspaces = workspaces0
|
, workspaces = workspaces0
|
||||||
, layoutHook = smartBorders $ myLayoutHook
|
, layoutHook = smartBorders $ myLayoutHook
|
||||||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
|
||||||
--, handleEventHook = handleTimerEvent
|
|
||||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||||
, startupHook = spawn "echo emit XMonadStartup"
|
, startupHook = spawn "echo emit XMonadStartup"
|
||||||
, normalBorderColor = "#1c1c1c"
|
, normalBorderColor = "#1c1c1c"
|
||||||
@ -88,7 +63,7 @@ mainNoArgs = do
|
|||||||
|
|
||||||
myLayoutHook = defLayout
|
myLayoutHook = defLayout
|
||||||
where
|
where
|
||||||
defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
|
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1)
|
||||||
|
|
||||||
|
|
||||||
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
|
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
|
||||||
@ -96,7 +71,7 @@ xmonad' conf = do
|
|||||||
path <- getEnv "XMONAD_STATE"
|
path <- getEnv "XMONAD_STATE"
|
||||||
try (readFile path) >>= \case
|
try (readFile path) >>= \case
|
||||||
Right content -> do
|
Right content -> do
|
||||||
hPutStrLn stderr ("resuming from " ++ path)
|
hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content)
|
||||||
withArgs ("--resume" : lines content) (xmonad conf)
|
withArgs ("--resume" : lines content) (xmonad conf)
|
||||||
Left e -> do
|
Left e -> do
|
||||||
hPutStrLn stderr (displaySomeException e)
|
hPutStrLn stderr (displaySomeException e)
|
||||||
@ -118,19 +93,21 @@ displaySomeException :: SomeException -> String
|
|||||||
displaySomeException = displayException
|
displaySomeException = displayException
|
||||||
|
|
||||||
|
|
||||||
|
myKeyMap :: [([Char], X ())]
|
||||||
myKeyMap =
|
myKeyMap =
|
||||||
[ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
|
[ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f")
|
||||||
, ("M4-p", spawn "passmenu --type")
|
, ("M4-p", spawn "passmenu --type")
|
||||||
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
|
|
||||||
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
|
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
|
||||||
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
|
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
|
||||||
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
|
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
|
||||||
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
|
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
|
||||||
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
|
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
|
||||||
|
, ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 3")
|
||||||
|
, ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 3")
|
||||||
|
|
||||||
, ("M4-a", focusUrgent)
|
, ("M4-a", focusUrgent)
|
||||||
, ("M4-S-r", renameWorkspace defaultXPConfig)
|
, ("M4-S-r", renameWorkspace def)
|
||||||
, ("M4-S-a", addWorkspacePrompt defaultXPConfig)
|
, ("M4-S-a", addWorkspacePrompt def)
|
||||||
, ("M4-S-<Backspace>", removeEmptyWorkspace)
|
, ("M4-S-<Backspace>", removeEmptyWorkspace)
|
||||||
, ("M4-S-c", kill1)
|
, ("M4-S-c", kill1)
|
||||||
, ("M4-<Esc>", toggleWS)
|
, ("M4-<Esc>", toggleWS)
|
||||||
@ -139,66 +116,34 @@ myKeyMap =
|
|||||||
, ("M4-f", floatNext True)
|
, ("M4-f", floatNext True)
|
||||||
, ("M4-b", sendMessage ToggleStruts)
|
, ("M4-b", sendMessage ToggleStruts)
|
||||||
|
|
||||||
, ("M4-v", withWorkspace myXPConfig (windows . W.view))
|
, ("M4-v", withWorkspace autoXPConfig (windows . W.view))
|
||||||
, ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
|
, ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
|
||||||
, ("M4-C-v", withWorkspace myXPConfig (windows . copy))
|
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
|
||||||
|
|
||||||
-- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
|
, ("M4-m", withFocused minimizeWindow)
|
||||||
-- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
|
, ("M4-S-m", sendMessage RestoreNextMinimizedWin)
|
||||||
-- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
|
|
||||||
|
, ("M4-q", windowPromptGoto infixAutoXPConfig)
|
||||||
|
, ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
|
||||||
|
|
||||||
--, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
|
|
||||||
, ("M4-S-q", return ())
|
, ("M4-S-q", return ())
|
||||||
]
|
]
|
||||||
|
|
||||||
myGSConfig = defaultGSConfig
|
autoXPConfig :: XPConfig
|
||||||
{ gs_cellheight = 50
|
autoXPConfig = def
|
||||||
|
{ autoComplete = Just 5000
|
||||||
|
}
|
||||||
|
|
||||||
|
infixAutoXPConfig :: XPConfig
|
||||||
|
infixAutoXPConfig = autoXPConfig
|
||||||
|
{ searchPredicate = isInfixOf
|
||||||
|
}
|
||||||
|
|
||||||
|
gridConfig :: GSConfig WorkspaceId
|
||||||
|
gridConfig = def
|
||||||
|
{ gs_cellwidth = 100
|
||||||
|
, gs_cellheight = 30
|
||||||
, gs_cellpadding = 2
|
, gs_cellpadding = 2
|
||||||
, gs_navigate = navNSearch
|
, gs_navigate = navNSearch
|
||||||
, gs_font = myFont
|
, gs_font = myFont
|
||||||
}
|
}
|
||||||
|
|
||||||
myXPConfig :: XPConfig
|
|
||||||
myXPConfig = defaultXPConfig
|
|
||||||
{ autoComplete = Just 5000
|
|
||||||
}
|
|
||||||
|
|
||||||
myWSConfig = myGSConfig
|
|
||||||
{ gs_cellwidth = 50
|
|
||||||
}
|
|
||||||
|
|
||||||
pagerConfig :: PagerConfig
|
|
||||||
pagerConfig = def
|
|
||||||
{ pc_font = myFont
|
|
||||||
, pc_cellwidth = 64
|
|
||||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
|
||||||
--, pc_borderwidth = 1
|
|
||||||
--, pc_matchcolor = "#f0b000"
|
|
||||||
, pc_matchmethod = MatchPrefix
|
|
||||||
--, pc_colors = pagerWorkspaceColors
|
|
||||||
, pc_windowColors = windowColors
|
|
||||||
}
|
|
||||||
where
|
|
||||||
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
|
|
||||||
windowColors wsf m c u wf = do
|
|
||||||
let y = defaultWindowColors wsf m c u wf
|
|
||||||
if m == False && wf == True
|
|
||||||
then ("#402020", snd y)
|
|
||||||
else y
|
|
||||||
|
|
||||||
wGSConfig :: GSConfig Window
|
|
||||||
wGSConfig = def
|
|
||||||
{ gs_cellheight = 20
|
|
||||||
, gs_cellwidth = 192
|
|
||||||
, gs_cellpadding = 5
|
|
||||||
, gs_font = myFont
|
|
||||||
, gs_navigate = navNSearch
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
(&) :: a -> (a -> c) -> c
|
|
||||||
(&) = flip ($)
|
|
||||||
|
|
||||||
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
|
|
||||||
allWorkspaceNames ws =
|
|
||||||
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
|
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
module Util.PerWorkspaceConfig
|
|
||||||
( WorkspaceConfig (..)
|
|
||||||
, WorkspaceConfigs
|
|
||||||
, switchToWorkspace
|
|
||||||
, defaultWorkspaceConfig
|
|
||||||
, perWorkspaceAction
|
|
||||||
, perWorkspaceTermAction
|
|
||||||
-- , myLayoutHack
|
|
||||||
)
|
|
||||||
where
|
|
||||||
|
|
||||||
import XMonad
|
|
||||||
import XMonad.Core (LayoutClass)
|
|
||||||
import Control.Monad (when)
|
|
||||||
|
|
||||||
import qualified Data.Map as M
|
|
||||||
import qualified XMonad.StackSet as W
|
|
||||||
|
|
||||||
data WorkspaceConfig l =
|
|
||||||
WorkspaceConfig
|
|
||||||
{ switchAction :: X ()
|
|
||||||
, startAction :: X ()
|
|
||||||
, keyAction :: X ()
|
|
||||||
, termAction :: X ()
|
|
||||||
}
|
|
||||||
|
|
||||||
type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
|
|
||||||
|
|
||||||
defaultWorkspaceConfig = WorkspaceConfig
|
|
||||||
{ switchAction = return ()
|
|
||||||
, startAction = return ()
|
|
||||||
, keyAction = return ()
|
|
||||||
, termAction = spawn "urxvtc"
|
|
||||||
}
|
|
||||||
|
|
||||||
whenLookup wsId cfg a =
|
|
||||||
when (M.member wsId cfg) (a $ cfg M.! wsId)
|
|
||||||
|
|
||||||
switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
|
|
||||||
switchToWorkspace cfg wsId = do
|
|
||||||
windows $ W.greedyView wsId
|
|
||||||
wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
|
|
||||||
when (null wins) $ whenLookup wsId cfg startAction
|
|
||||||
whenLookup wsId cfg switchAction
|
|
||||||
|
|
||||||
perWorkspaceAction :: WorkspaceConfigs l -> X ()
|
|
||||||
perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
|
|
||||||
|
|
||||||
perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
|
|
||||||
perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
|
|
||||||
Just x -> termAction x
|
|
||||||
_ -> termAction defaultWorkspaceConfig
|
|
Loading…
Reference in New Issue
Block a user