Merge remote-tracking branch 'lass/19.09' into 19.09

This commit is contained in:
makefu 2019-10-14 09:25:42 +02:00
commit c288a54f76
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
48 changed files with 4146 additions and 538 deletions

View File

@ -12,7 +12,8 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
<stockholm/jeschli> <stockholm/jeschli>
<stockholm/jeschli/2configs/urxvt.nix> <stockholm/jeschli/2configs/urxvt.nix>
# <stockholm/jeschli/2configs/emacs.nix> <stockholm/jeschli/2configs/i3.nix>
<stockholm/jeschli/2configs/emacs.nix>
]; ];
krebs.build.host = config.krebs.hosts.bolide; krebs.build.host = config.krebs.hosts.bolide;
@ -56,6 +57,7 @@ in
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
rofi
wget vim wget vim
# system helper # system helper
ag ag
@ -78,13 +80,14 @@ in
chromium chromium
google-chrome google-chrome
# programming languages # programming languages
vscode
go go
gcc9 gcc9
ccls ccls
unstable.clang_8 unstable.clang_8
ghc ghc
python35 python37
python35Packages.pip python37Packages.pip
# go tools # go tools
golint golint
gotools gotools
@ -98,42 +101,13 @@ in
zathura zathura
]; ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver = { users.extraUsers.jeschli = {
enable = true;
desktopManager = {
xfce.enable = true;
gnome3.enable = true;
};
# # Don't install feh into systemPackages
# # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
# desktopManager.session = lib.mkForce [];
#
# enable = true;
# display = 11;
# tty = 11;
#
# dpi = 96;
videoDrivers = [ "nvidia" ];
};
services.xserver.windowManager.i3.enable = true;
users.extraUsers.jeschli = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["docker" "vboxusers" "audio"]; extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000; uid = 1000;

View File

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; };
mainUser = config.krebs.build.user.name; mainUser = config.krebs.build.user.name;
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in in
@ -9,6 +8,7 @@ in
<stockholm/jeschli> <stockholm/jeschli>
./hardware-configuration.nix ./hardware-configuration.nix
<home-manager/nixos> <home-manager/nixos>
<stockholm/jeschli/2configs/emacs.nix>
<stockholm/jeschli/2configs/urxvt.nix> <stockholm/jeschli/2configs/urxvt.nix>
<stockholm/jeschli/2configs/steam.nix> <stockholm/jeschli/2configs/steam.nix>
<stockholm/jeschli/2configs/virtualbox.nix> <stockholm/jeschli/2configs/virtualbox.nix>
@ -117,29 +117,29 @@ in
# programs.mtr.enable = true; # programs.mtr.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
home-manager.useUserPackages = true; # home-manager.useUserPackages = true;
home-manager.users.jeschli = { # home-manager.users.jeschli = {
home.stateVersion = "19.03"; # home.stateVersion = "19.03";
}; # };
# home-manager.enable = true; # home-manager.enable = true;
home-manager.users.jeschli.home.file = { # home-manager.users.jeschli.home.file = {
".emacs.d" = { # ".emacs.d" = {
source = pkgs.fetchFromGitHub { # source = pkgs.fetchFromGitHub {
owner = "jeschli"; # owner = "jeschli";
repo = "emacs.d"; # repo = "emacs.d";
rev = "8ed6c40"; # rev = "8ed6c40";
sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; # sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0";
}; # };
recursive = true; # recursive = true;
}; # };
}; # };
# List services that you want to enable: # List services that you want to enable:
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
services.emacs.enable = true; # services.emacs.enable = true;
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@ -151,16 +151,6 @@ in
gnome3.enable = true; gnome3.enable = true;
}; };
windowManager = {
session = [{
name = "xmonad";
start = ''
${xmonad-jeschli}/bin/xmonad &
waitPID=$!
'';
}
];
};
}; };
services.xserver.windowManager.i3.enable = true; services.xserver.windowManager.i3.enable = true;

View File

@ -0,0 +1,85 @@
{ config, pkgs, ... }:
with pkgs;
let
rebuild_script = pkgs.writeTextFile {
name="rebuild";
text=''
#!/usr/bin/env sh
set -eu
sudo cp -r /etc/nixos ~/old-nixos
sudo cp -r $HOME/nixos /etc/
sudo nixos-rebuild switch
'';
executable=true;
};
in
{
imports =
[
<stockholm/jeschli>
<stockholm/jeschli/2configs/emacs.nix>
./desktop.nix
./i3-configuration.nix
./hardware-configuration.nix
];
# EFI systemd boot loader
boot.loader.systemd-boot.enable = true;
# Wireless network with network manager
krebs.build.host = config.krebs.hosts.brauerei;
# networking.hostName = "nixos"; # Define your hostname.
networking.networkmanager.enable = true;
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Select internationalisation properties.
i18n = {
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git
firefox
rofi
];
# How I rebuild the system
environment.shellAliases = {
rebuild = rebuild_script;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.ombi = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
};
users.users.jeschli = {
isNormalUser = true;
};
services.xserver.synaptics.enable = true;
#Enable ssh daemon
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1xtX/SF2IzfAIzrXvH4HsW05eTBX8U8MYlEPadq0DS/nHC45hW2PSEUOVsH0UhBRAB+yClVLyN+JAYsuOoQacQqAVq9R7HAoFITdYTMJCxVs4urSRv0pWwTopRIh1rlI+Q0QfdMoeVtO2ZKG3KoRM+APDy2dsX8LTtWjXmh/ZCtpGl1O8TZtz2ZyXyv9OVDPnQiFwPU3Jqs2Z036c+kwxWlxYc55FRuqwRtQ48c/ilPMu+ZvQ22j1Ch8lNuliyAg1b8pZdOkMJF3R8b46IQ8FEqkr3L1YQygYw2M50B629FPgHgeGPMz3mVd+5lzP+okbhPJjMrUqZAUwbMGwGzZ ombi@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos"
];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
}

View File

@ -0,0 +1,25 @@
# Configuration for the desktop environment
{ config, lib, pkgs, ... }:
{
# Configure basic X-server stuff:
services.xserver = {
enable = true;
xkbOptions = "caps:super";
exportConfiguration = true;
displayManager.slim.enable = true;
};
# Configure fonts
fonts = {
fonts = with pkgs; [
corefonts
font-awesome-ttf
noto-fonts-cjk
noto-fonts-emoji
powerline-fonts
helvetica-neue-lt-std
];
};
}

View File

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/nvme0n1p8";
preLVM = true;
}
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4d01936e-c876-42c3-962a-d4a20ad0e2e0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D455-E4CC";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -0,0 +1,176 @@
{pkgs, environment, config, lib, ... }:
with pkgs;
let
i3_config_file = pkgs.writeText "config" ''
set $mod Mod4
font pango:monospace 8
#font pango:DejaVu Sans Mono 8
# Before i3 v4.8, we used to recommend this one as the default:
# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
# The font above is very space-efficient, that is, it looks good, sharp and
# clear in small sizes. However, its unicode glyph coverage is limited, the old
# X core fonts rendering does not support right-to-left and this being a bitmap
# font, it doesnt scale on retina/hidpi displays.
# Use Mouse+$mod to drag floating windows to their wanted position
floating_modifier $mod
# start a terminal
bindsym $mod+Return exec i3-sensible-terminal
# kill focused window
bindsym $mod+Shift+q kill
# start dmenu (a program launcher)
# bindsym $mod+d exec dmenu_run
# start dmenu (a program launcher)
bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
# There also is the (new) i3-dmenu-desktop which only displays applications
# shipping a .desktop file. It is a wrapper around dmenu, so you need that
# installed.
# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
# change focus
bindsym $mod+j focus left
bindsym $mod+k focus down
bindsym $mod+l focus up
bindsym $mod+semicolon focus right
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
bindsym $mod+Shift+j move left
bindsym $mod+Shift+k move down
bindsym $mod+Shift+l move up
bindsym $mod+Shift+colon move right
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split in horizontal orientation
bindsym $mod+h split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+a focus parent
# focus the child container
#bindsym $mod+d focus child
# Define names for default workspaces for which we configure key bindings later on.
# We use variables to avoid repeating the names in multiple places.
set $ws1 "1"
set $ws2 "2"
set $ws3 "3"
set $ws4 "4"
set $ws5 "5"
set $ws6 "6"
set $ws7 "7"
set $ws8 "8"
set $ws9 "9"
set $ws10 "10"
# switch to workspace
bindsym $mod+1 workspace $ws1
bindsym $mod+2 workspace $ws2
bindsym $mod+3 workspace $ws3
bindsym $mod+4 workspace $ws4
bindsym $mod+5 workspace $ws5
bindsym $mod+6 workspace $ws6
bindsym $mod+7 workspace $ws7
bindsym $mod+8 workspace $ws8
bindsym $mod+9 workspace $ws9
bindsym $mod+0 workspace $ws10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace $ws1
bindsym $mod+Shift+2 move container to workspace $ws2
bindsym $mod+Shift+3 move container to workspace $ws3
bindsym $mod+Shift+4 move container to workspace $ws4
bindsym $mod+Shift+5 move container to workspace $ws5
bindsym $mod+Shift+6 move container to workspace $ws6
bindsym $mod+Shift+7 move container to workspace $ws7
bindsym $mod+Shift+8 move container to workspace $ws8
bindsym $mod+Shift+9 move container to workspace $ws9
bindsym $mod+Shift+0 move container to workspace $ws10
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym semicolon resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
}
bindsym $mod+r mode "resize"
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available)
bar {
status_command i3status
}
'';
in {
services.xserver.windowManager.i3 = {
enable = true;
package = pkgs.i3;
configFile = i3_config_file;
};
}

View File

@ -29,6 +29,7 @@ in {
jeschli.pubkey jeschli.pubkey
jeschli-bln.pubkey jeschli-bln.pubkey
jeschli-brauerei.pubkey jeschli-brauerei.pubkey
jeschli-bolide.pubkey
]; ];
packages = [ tmux ]; packages = [ tmux ];
}; };

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
orgAgendaView = import ./emacs-org-agenda.nix;
packageRepos = '' packageRepos = ''
(require 'package) ;; You might already have this line (require 'package) ;; You might already have this line
(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos))
@ -28,6 +30,7 @@ let
''; '';
goMode = '' goMode = ''
(setq godoc-and-godef-command "go doc") ;godoc has no cli support any more, thats go doc now
(add-to-list 'exec-path "~/go/bin") (add-to-list 'exec-path "~/go/bin")
(add-hook 'go-mode-hook (add-hook 'go-mode-hook
(lambda () (lambda ()
@ -42,6 +45,10 @@ let
(ido-mode t) (ido-mode t)
''; '';
magit = ''
(global-set-key (kbd "C-x g") 'magit-status) ; "Most Magit commands are commonly invoked from the status buffer"
'';
windowCosmetics = '' windowCosmetics = ''
(menu-bar-mode -1) (menu-bar-mode -1)
(tool-bar-mode -1) ; Disable the button bar atop screen (tool-bar-mode -1) ; Disable the button bar atop screen
@ -65,12 +72,53 @@ let
(setq org-link-frame-setup '((file . find-file))) ; open link in same frame. (setq org-link-frame-setup '((file . find-file))) ; open link in same frame.
(if (boundp 'org-user-agenda-files) (if (boundp 'org-user-agenda-files)
(setq org-agenda-files org-user-agenda-files) (setq org-agenda-files org-user-agenda-files)
(setq org-agenda-files (quote ("~/projects/notes"))) (setq org-agenda-files (quote ("~/projects/notes_privat")))
) )
''; '';
theme = '' theme = ''
(load-theme 'monokai-alt t) (load-theme 'monokai-alt t)
(load-theme 'whiteboard t)
(disable-theme 'monokai-alt)
(disable-theme 'whiteboard)
(defun mh/load-whiteboard-theme ()
"load whiteboard theme"
(interactive)
(message "whiteboard loaded")
(disable-theme 'monokai-alt)
(enable-theme 'whiteboard)
)
(defun mh/load-monokai-theme ()
"load monokai theme"
(interactive)
(message "monokai loaded")
(disable-theme 'whiteboard)
(enable-theme 'monokai-alt)
)
(global-set-key "\C-ctw" 'mh/load-whiteboard-theme)
(global-set-key "\C-ctm" 'mh/load-monokai-theme)
'';
# Configuration for rust development
# inspired by
# https://github.com/bbatsov/prelude/blob/master/modules/prelude-rust.el
#
# This requires rls and racer to be installed on the system
rustDevelopment = ''
(add-hook 'rust-mode-hook #'racer-mode)
(add-hook 'rust-mode-hook (lambda()
(local-set-key (kbd "C-c C-d") 'racer-describe)
(local-set-key (kbd "C-c .") 'racer-find-definition)
(local-set-key (kbd "C-c ,") 'pop-tag-mark))
)
(add-hook 'racer-mode-hook #'eldoc-mode)
(add-hook 'racer-mode-hook #'company-mode)
(require 'rust-mode)
(define-key rust-mode-map (kbd "TAB") #'company-indent-or-complete-common)
(setq company-tooltip-align-annotations t)
''; '';
recentFiles = '' recentFiles = ''
@ -79,27 +127,75 @@ let
(global-set-key "\C-x\ \C-r" 'recentf-open-files) (global-set-key "\C-x\ \C-r" 'recentf-open-files)
''; '';
myFunctionKeys = ''
(fset 'kill-actual-buffer
[?\C-x ?k return])
(defun mh/open-term-and-rename (name)
"open a new bash and rename it"
(interactive "sName of new terminal: ")
(term "/run/current-system/sw/bin/bash")
(rename-buffer name)
)
(global-set-key (kbd "M-<f8>") 'kill-actual-buffer)
(global-set-key (kbd "<f5>") 'mh/open-term-and-rename)
(global-set-key (kbd "<f6>") 'other-window)
(global-set-key (kbd "<f7>") 'split-window-right)
(global-set-key (kbd "<f8>") 'delete-other-windows)
'';
dotEmacs = pkgs.writeText "dot-emacs" '' dotEmacs = pkgs.writeText "dot-emacs" ''
${packageRepos}
${evilMode} ${evilMode}
${goMode} ${goMode}
${ido} ${ido}
${packageRepos} ${magit}
${orgMode} ${orgMode}
${recentFiles} ${recentFiles}
${rustDevelopment}
${theme} ${theme}
${windowCosmetics} ${windowCosmetics}
${orgAgendaView}
${myFunctionKeys}
''; '';
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
#testing
epkgs.melpaPackages.gitlab
# emacs convenience
epkgs.melpaPackages.ag epkgs.melpaPackages.ag
epkgs.melpaPackages.company
epkgs.melpaPackages.direnv
epkgs.melpaPackages.evil epkgs.melpaPackages.evil
epkgs.melpaPackages.google-this
epkgs.melpaPackages.monokai-alt-theme
# development
epkgs.melpaStablePackages.magit epkgs.melpaStablePackages.magit
epkgs.melpaPackages.nix-mode epkgs.melpaPackages.nix-mode
epkgs.melpaPackages.go-mode epkgs.melpaPackages.go-mode
epkgs.melpaPackages.haskell-mode epkgs.melpaPackages.haskell-mode
epkgs.melpaPackages.google-this # rust
epkgs.melpaPackages.monokai-alt-theme
epkgs.melpaPackages.rust-mode epkgs.melpaPackages.rust-mode
epkgs.melpaPackages.flycheck-rust
epkgs.melpaPackages.racer
# python
epkgs.melpaPackages.elpy
# org-mode
epkgs.elpaPackages.bbdb
epkgs.orgPackages.org-plus-contrib
epkgs.melpaPackages.smex
epkgs.melpaPackages.org-mime
epkgs.elpaPackages.which-key
]); ]);
myEmacs = pkgs.writeDashBin "my-emacs" '' myEmacs = pkgs.writeDashBin "my-emacs" ''

248
jeschli/2configs/i3.nix Normal file
View File

@ -0,0 +1,248 @@
{pkgs, environment, config, lib, ... }:
with pkgs;
let
i3_conf_file = pkgs.writeText "config" ''
# i3 config file (v4)
# doc: https://i3wm.org/docs/userguide.html
set $mod Mod4
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font pango:monospace 8
# Use Mouse+$mod to drag floating windows to their wanted position
floating_modifier $mod
# start a terminal
bindsym $mod+Return exec i3-sensible-terminal
# kill focused window
bindsym $mod+Shift+q kill
# start rofi program launcher
bindsym $mod+d exec ${pkgs.rofi}/bin/rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run
# Switch windows with rofi
bindsym $mod+x exec ${pkgs.rofi}/bin/rofi -modi window -show window -auto-select
# There also is the (new) i3-dmenu-desktop which only displays applications
# shipping a .desktop file. It is a wrapper around dmenu, so you need that
# installed.
# bindsym $mod+d exec --no-startup-id i3-dmenu-desktop
# change focus
bindsym $mod+j focus left
bindsym $mod+k focus down
bindsym $mod+l focus up
bindsym $mod+semicolon focus right
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
bindsym $mod+Shift+j move left
bindsym $mod+Shift+k move down
bindsym $mod+Shift+l move up
bindsym $mod+Shift+semicolon move right
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split in horizontal orientation
bindsym $mod+h split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+a focus parent
# focus the child container
#bindsym $mod+d focus child
# Define names for default workspaces for which we configure key bindings later on.
# We use variables to avoid repeating the names in multiple places.
set $ws1 "1"
set $ws2 "2"
set $ws3 "3: Emacs"
set $ws4 "4"
set $ws5 "5"
set $ws6 "6"
set $ws7 "7"
set $ws8 "8"
set $ws9 "9"
set $ws10 "10"
assign [class="emacs"] $ws3
# switch to workspace
bindsym $mod+1 workspace $ws1
bindsym $mod+2 workspace $ws2
bindsym $mod+3 workspace $ws3
bindsym $mod+4 workspace $ws4
bindsym $mod+5 workspace $ws5
bindsym $mod+6 workspace $ws6
bindsym $mod+7 workspace $ws7
bindsym $mod+8 workspace $ws8
bindsym $mod+9 workspace $ws9
bindsym $mod+0 workspace $ws10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace $ws1
bindsym $mod+Shift+2 move container to workspace $ws2
bindsym $mod+Shift+3 move container to workspace $ws3
bindsym $mod+Shift+4 move container to workspace $ws4
bindsym $mod+Shift+5 move container to workspace $ws5
bindsym $mod+Shift+6 move container to workspace $ws6
bindsym $mod+Shift+7 move container to workspace $ws7
bindsym $mod+Shift+8 move container to workspace $ws8
bindsym $mod+Shift+9 move container to workspace $ws9
bindsym $mod+Shift+0 move container to workspace $ws10
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym semicolon resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
}
bindsym $mod+r mode "resize"
bar {
status_command i3status
position top
}
#######################
# #
# AUTORUNS #
# #
#######################
# Start firefox
exec --no-startup-id ${pkgs.firefox}/bin/firefox --new-instance --setDefaultBrowser
# Start my-emacs server
exec --no-startup-id my-emacs-daemon
'';
in {
#######################
# #
# AUTORANDR #
# #
#######################
# Start autorandr on display change
services.autorandr = {
enable = true;
defaultTarget = "mobile";
};
# What to execute after resolution has been changed
environment.etc."xdg/autorandr/postswitch" = {
text = '' sleep 4 && i3-msg "restart" '';
};
# Start autorandr once on startup
systemd.user.services.boot-autorandr = {
description = "Autorandr service";
partOf = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${pkgs.autorandr}/bin/autorandr -c";
Type = "oneshot";
};
};
#######################
# #
# XSERVER #
# #
#######################
services.xserver.enable = true;
# Enable i3 Window Manager
services.xserver.windowManager.i3 = {
enable = true;
package = pkgs.i3;
configFile = i3_conf_file;
};
# ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
# ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
services.xserver.windowManager.default = "i3";
services.xserver.desktopManager.xterm.enable = false;
# Enable the X11 windowing system.
services.xserver.displayManager.lightdm.enable = true;
# Allow users in video group to change brightness
hardware.brightnessctl.enable = true;
environment.systemPackages = with pkgs; [
rofi # Dmenu replacement
acpilight # Replacement for xbacklight
arandr # Xrandr gui
feh
wirelesstools # To get wireless statistics
acpi
xorg.xhost
xorg.xauth
];
}

View File

@ -1,300 +0,0 @@
{ pkgs, ... }:
pkgs.writeHaskellPackage "xmonad-jeschli" {
executables.xmonad = {
extra-depends = [
"containers"
"extra"
"unix"
"X11"
"xmonad"
"xmonad-contrib"
"xmonad-stockholm"
];
text = /* haskell */ ''
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE ScopedTypeVariables #-}
module Main where
import Control.Exception
import Control.Monad.Extra (whenJustM)
import Graphics.X11.ExtraTypes.XF86
import Text.Read (readEither)
import XMonad
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
import System.Exit (exitFailure)
import System.IO (hPutStrLn, stderr)
import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
import XMonad.Actions.GridSelect
import XMonad.Actions.CycleWS (toggleWS)
--import XMonad.Actions.CopyWindow ( copy )
import XMonad.Layout.NoBorders ( smartBorders )
import qualified XMonad.StackSet as W
import Data.Map (Map)
import qualified Data.Map as Map
-- TODO import XMonad.Layout.WorkspaceDir
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
-- import XMonad.Layout.Tabbed
--import XMonad.Layout.MouseResizableTile
import XMonad.Layout.Reflect (reflectVert)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.SetWMName
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
import XMonad.Layout.PerWorkspace (onWorkspace)
--import XMonad.Layout.BinarySpacePartition
--import XMonad.Actions.Submap
import XMonad.Stockholm.Pager
import XMonad.Stockholm.Rhombus
import XMonad.Stockholm.Shutdown
amixerPath :: FilePath
amixerPath = "${pkgs.alsaUtils}/bin/amixer"
urxvtcPath :: FilePath
urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
main :: IO ()
main = getArgs >>= \case
[] -> mainNoArgs
["--shutdown"] -> shutdown
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
mainNoArgs :: IO ()
mainNoArgs = do
handleShutdownEvent <- newShutdownEventHandler
xmonad
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta"
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = urxvtcPath
, modMask = mod4Mask
, keys = myKeys
, workspaces = ["comms", "org", "dev"]
, layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = do
setWMName "LG3D"
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing)
, normalBorderColor = "#1c1c1c"
, focusedBorderColor = "#f000b0"
, handleEventHook = handleShutdownEvent
}
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
forkFile path args env =
xfork (executeFile path False args env) >> return ()
spawnRootTerm :: X ()
spawnRootTerm =
forkFile
urxvtcPath
["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
Nothing
spawnTermAt :: String -> X ()
spawnTermAt ws = do
env <- liftIO getEnvironment
let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
forkFile urxvtcPath [] (Just env')
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
, ((_4 , xK_p ), spawn "${pkgs.writeDash "my-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin
exec dmenu_run "$@"
''}")
, ((_4 , xK_x ), chooseAction spawnTermAt)
, ((_4C , xK_x ), spawnRootTerm)
--, ((_4 , xK_F1 ), withFocused jojo)
--, ((_4 , xK_F1 ), printAllGeometries)
, ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
, ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
, ((_C , xK_Print ), toggleWS)
-- %! Rotate through the available layout algorithms
, ((_4 , xK_space ), sendMessage NextLayout)
, ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout
---- BinarySpacePartition
--, ((_4 , xK_l), sendMessage $ ExpandTowards R)
--, ((_4 , xK_h), sendMessage $ ExpandTowards L)
--, ((_4 , xK_j), sendMessage $ ExpandTowards D)
--, ((_4 , xK_k), sendMessage $ ExpandTowards U)
--, ((_4S , xK_l), sendMessage $ ShrinkFrom R)
--, ((_4S , xK_h), sendMessage $ ShrinkFrom L)
--, ((_4S , xK_j), sendMessage $ ShrinkFrom D)
--, ((_4S , xK_k), sendMessage $ ShrinkFrom U)
--, ((_4 , xK_n), sendMessage Rotate)
--, ((_4S , xK_n), sendMessage Swap)
---- mouseResizableTile
--, ((_4 , xK_u), sendMessage ShrinkSlave)
--, ((_4 , xK_i), sendMessage ExpandSlave)
-- move focus up or down the window stack
--, ((_4 , xK_m ), windows W.focusMaster)
, ((_4 , xK_j ), windows W.focusDown)
, ((_4 , xK_k ), windows W.focusUp)
-- modifying the window order
, ((_4S , xK_m ), windows W.swapMaster)
, ((_4S , xK_j ), windows W.swapDown)
, ((_4S , xK_k ), windows W.swapUp)
-- resizing the master/slave ratio
, ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area
, ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area
-- floating layer support
, ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling
-- increase or decrease number of windows in the master area
, ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
, ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
, ((_4 , xK_a ), addWorkspacePrompt def)
, ((_4 , xK_r ), renameWorkspace def)
, ((_4 , xK_Delete ), removeEmptyWorkspace)
, ((_4 , xK_Return ), toggleWS)
--, (0 , xK_Print ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
--, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
--, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift)
--, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k })
, ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"])
, ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"])
, ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"])
]
where
_4 = mod4Mask
_C = controlMask
_S = shiftMask
_M = mod1Mask
_4C = _4 .|. _C
_4S = _4 .|. _S
_4M = _4 .|. _M
_4CM = _4 .|. _C .|. _M
_4SM = _4 .|. _S .|. _M
amixer args = forkFile amixerPath args Nothing
pagerConfig :: PagerConfig
pagerConfig = def
{ pc_font = myFont
, pc_cellwidth = 100
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
--, pc_borderwidth = 1
--, pc_matchcolor = "#f0b000"
, pc_matchmethod = MatchPrefix
--, pc_colors = pagerWorkspaceColors
, pc_windowColors = windowColors
}
where
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
windowColors wsf m c u wf = do
let y = defaultWindowColors wsf m c u wf
if m == False && wf == True
then ("#402020", snd y)
else y
horseConfig :: RhombusConfig
horseConfig = def
{ rc_font = myFont
, rc_cellwidth = 64
--, rc_cellheight = 36 -- TODO automatically keep screen aspect
--, rc_borderwidth = 1
--, rc_matchcolor = "#f0b000"
, rc_matchmethod = MatchPrefix
--, rc_colors = pagerWorkspaceColors
--, rc_paint = myPaint
}
wGSConfig :: GSConfig Window
wGSConfig = def
{ gs_cellheight = 20
, gs_cellwidth = 192
, gs_cellpadding = 5
, gs_font = myFont
, gs_navigate = navNSearch
}
-- wsGSConfig = def
-- { gs_cellheight = 20
-- , gs_cellwidth = 64
-- , gs_cellpadding = 5
-- , gs_font = myFont
-- , gs_navigate = navNSearch
-- }
-- custom navNSearch
--makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a)
--makeGSNav esc = nav
-- where
-- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler
-- keyMap = Map.fromList
-- [ (esc , cancel)
-- , ((0,xK_Escape) , cancel)
-- , ((0,xK_Return) , select)
-- , ((0,xK_Left) , move (-1, 0) >> nav)
-- , ((0,xK_Right) , move ( 1, 0) >> nav)
-- , ((0,xK_Down) , move ( 0, 1) >> nav)
-- , ((0,xK_Up) , move ( 0,-1) >> nav)
-- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav)
-- ]
-- -- The navigation handler ignores unknown key symbols, therefore we const
-- navNSearchDefaultHandler (_,s,_) = do
-- transformSearchString (++ s)
-- nav
(&) :: a -> (a -> c) -> c
(&) = flip ($)
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
allWorkspaceNames ws =
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
'';
};
}

View File

@ -164,7 +164,7 @@ let
client_max_body_size 32M; client_max_body_size 32M;
''; '';
locations = { locations = {
"/".extraConfig = "proxy_set_header Host $http_host;"; "/".extraConfig = "proxy_set_header Host $host;";
"/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock"; "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock";
"/static/".extraConfig = '' "/static/".extraConfig = ''
alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;

View File

@ -27,7 +27,7 @@ let
hostname = config.networking.hostName; hostname = config.networking.hostName;
getJobs = pkgs.writeDash "get_jobs" '' getJobs = pkgs.writeDash "get_jobs" ''
set -efu set -efu
${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2
json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \
| while read -r host builder; do | while read -r host builder; do

View File

@ -104,6 +104,7 @@ let
{ krebs = import ./lass { inherit config; }; } { krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; } { krebs = import ./makefu { inherit config; }; }
{ krebs = import ./mb { inherit config; }; } { krebs = import ./mb { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; } { krebs = import ./tv { inherit config; }; }
{ {

View File

@ -426,20 +426,19 @@ in {
ip4.addr = "10.243.29.175"; ip4.addr = "10.243.29.175";
aliases = [ "qubasa.r" ]; aliases = [ "qubasa.r" ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z MIICCgKCAgEA65g1Xql+S+Dd90uDpSVxzGRTL8n4DHc1p9T8u9h7ioytC9B+e2dQ
f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm RU/y3gdJ0gXxrbth36MhTANuUonnqpHvsWwUDCQRbxLEFh8avlzLsecWvwrIt3zL
8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 102EaVurRySUa83D6TK8ZsDa2+ADY7tEzfFMJhT53g7MpBNIeOquB0rR6hVYBbHc
aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs 3B+QtwdM8dx1gO/5+FsPYhJbR7ARczYHsj7Eyb8NbdzthEO0ICDgwzmcXTJfVHGR
KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v qfT7DUolXsu7uSPMLB+Pe/leI7XcQ2VFukpVGP0fZv0mSMxavFlcFVkLgdbAEd2H
aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j DPEBEcJpLR4Hw3HlO1kPPufaUdoeNhUmTkIp76mkCbanS1P/aFNFFcVB+a/+tpdK
kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 z5pG8K3qANg5txp6sAatPchvkeQelIg11lvT9luc+nFsTEW6Ky5nDLo60luZVFnn
3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB i1bdVeOojXR0u7M2gMqQZcSuscvy8APe48S8vPsqoiob1l/r77B7iNrWDwH8IutW
7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz u8fpC64CbhlR76Orp3xTZPmJQCRT8XYpKDDoq5Z7prdlAEz3U6wEfVckVv+f1dmU
k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV odG0zDTsmyKhkWWmZbPgPrOEUvAVoSpSLSQQxPR+UHArlgYe+2dAf8IHYqrgmhuO
Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v D4Lga4nNwTyVbCZ8vUu5b/lnGCLpNcVj22WVQTdAJzNsCVTdIM2V5hcCAwEAAQ==
vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== -----END RSA PUBLIC KEY-----
-----END PUBLIC KEY-----
''; '';
}; };
}; };

View File

@ -129,6 +129,31 @@ in {
}; };
}; };
reagenzglas = {
nets = {
retiolum = {
ip4.addr = "10.243.27.32";
aliases = [
"reagenzglas.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAon6oMki2GuJah9c1jNj0CupIPNo765AxtpSkut1PvoydAVYWZMO0
/UQgrvoDQPq3VQU98LHhtQVjmfmcxmxIK3mWoM356P9TGsheOspTcVP4HCMoWZoF
QpgpQs1RNuG/nAAcoVHnTqFeFt6oWsykESIWj5jFV5XA+KanyLFThi8aWPumJgOV
W0AR4+0eECMjBXCV0yRaug4cnFKwLtTQ993AP6Di+5iyh8H39wuASUA/USfMItyX
KEPCT1LPVu2JKsLE/aQEqX1ra3qVJ+SzSPKvOJGKNjcN0e84TuqGrh6cmEDcT/hd
MNZisdPvWA8UwXZfsT/TOGyd8MBqgGxWS6JSFHXy9enyjvS+rws8U0IySlnAIEoi
mXi0leXXDHSQBUnLgDwx4yAJ2R63bUr0pvVd9NBvS9CYHH3TETuwxtMsd3Djm1tu
9/GxN78N+dTHCwOFw/RFOGKCDuM2v1P0f56SdcADqiziuVn+Sj/WPL7rM7qLkySv
jAqY7q5PUjcz/tltJUJwIHaV3sSB6+zOKhSPhGE5ASr4dYEnxiTSD2YE7fj3+WKK
ShG3cpjOwgW0/Ut88zIs7zQxfHj5ZML+Gh2E2LN5nb7StMBWafgvq58eTKbMCKbx
ev7cFjOOV86sCjqtt5LVSi7TPAtolnmLyxzM+s/eZoLYITh+Zo8UERMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
}; };
users = { users = {
jeschli = { jeschli = {
@ -144,5 +169,8 @@ in {
jeschli-bolide = { jeschli-bolide = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide";
}; };
jeschli-reagenzglas = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXgtbgeivxlMKkoEJ4ANhtR+LRMSPrsmL4U5grFUME jeschli@nixos";
};
}; };
} }

View File

@ -0,0 +1,111 @@
{ config, ... }:
with import <stockholm/lib>;
{
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.nin;
ci = true;
}) {
hiawatha = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.132.96";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
aliases = [
"hiawatha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
axon= {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.134.66";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
aliases = [
"axon.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
};
onondaga = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.132.55";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
aliases = [
"onondaga.r"
"cgit.onondaga.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
};
};
users = {
nin = {
mail = "nin@axon.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
};
nin_h = {
mail = "nin@hiawatha.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
};
}

View File

@ -10,22 +10,11 @@ with import <stockholm/lib>;
rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8"; rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8";
sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59"; sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59";
}; };
"18.09" = { }.${versions.majorMinor version} or {
version = "0.4.1-tv1"; version = "0.4.1-tv1";
rev = "refs/tags/v${cfg.version}"; rev = "refs/tags/v${cfg.version}";
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
}; };
"19.03" = {
version = "0.4.1-tv1";
rev = "refs/tags/v${cfg.version}";
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
};
"19.09" = {
version = "0.4.1-tv1";
rev = "refs/tags/v${cfg.version}";
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
};
}.${versions.majorMinor version};
in mkDerivation { in mkDerivation {
pname = "email-header"; pname = "email-header";

View File

@ -1,29 +0,0 @@
{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitlbee-discord-2017-12-27";
src = fetchFromGitHub {
rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
owner = "sm00th";
repo = "bitlbee-discord";
sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ bitlbee glib ];
preConfigure = ''
export BITLBEE_PLUGINDIR=$out/lib/bitlbee
./autogen.sh
'';
meta = {
description = "Bitlbee plugin for Discord";
homepage = https://github.com/sm00th/bitlbee-discord;
license = licenses.gpl2Plus;
platforms = stdenv.lib.platforms.linux;
};
}

View File

@ -1,11 +1,11 @@
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs }: { stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs }:
with lib; with lib;
let let
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
nodejs = nodejs-8_x; nodejs = nodejs-12_x;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
}; };
@ -34,7 +34,7 @@ in stdenv.mkDerivation {
]; ];
buildInputs = [ buildInputs = [
nodejs-8_x nodejs-12_x
makeWrapper makeWrapper
]; ];
@ -43,7 +43,7 @@ in stdenv.mkDerivation {
cp index.js $out/ cp index.js $out/
cat > $out/go << EOF cat > $out/go << EOF
${nodejs-8_x}/bin/node $out/index.js ${nodejs-12_x}/bin/node $out/index.js
EOF EOF
chmod +x $out/go chmod +x $out/go

View File

@ -1,11 +1,11 @@
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs, icu }: { stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }:
with lib; with lib;
let let
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
nodejs = nodejs-8_x; nodejs = nodejs-12_x;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
}; };
@ -36,7 +36,7 @@ in stdenv.mkDerivation {
]; ];
buildInputs = [ buildInputs = [
nodejs-8_x nodejs-12_x
makeWrapper makeWrapper
]; ];
@ -45,7 +45,7 @@ in stdenv.mkDerivation {
cp newsbot.js $out/ cp newsbot.js $out/
cat > $out/newsbot << EOF cat > $out/newsbot << EOF
${nodejs-8_x}/bin/node $out/newsbot.js ${nodejs-12_x}/bin/node $out/newsbot.js
EOF EOF
chmod +x $out/newsbot chmod +x $out/newsbot

View File

@ -1,7 +1,7 @@
{ {
"url": "https://github.com/NixOS/nixpkgs-channels", "url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "021d733ea3f87b8c9232020b4e606d08eaca160b", "rev": "88bbb3c809699f44bf844094a2cd7874e0ea4a39",
"date": "2019-09-20T08:20:21+02:00", "date": "2019-10-09T11:39:27+02:00",
"sha256": "13600nzrakvg2hsfg5yr7x0jp9m762nvjyddf07q60d3m7vx9jxy", "sha256": "0vqwws2hhsx1g4kdhm2sz9m71n0jvjvhgv9ia7fjz679s3341032",
"fetchSubmodules": false "fetchSubmodules": false
} }

View File

@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs-channels \ --url https://github.com/NixOS/nixpkgs-channels \
--rev refs/heads/nixos-19.03' \ --rev refs/heads/nixos-19.09' \
> $dir/nixpkgs.json > $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

View File

@ -58,7 +58,7 @@ with import <stockholm/lib>;
krebs.per-user.bitcoin.packages = [ krebs.per-user.bitcoin.packages = [
pkgs.electrum pkgs.electrum
pkgs.electron-cash pkgs.electron-cash
pkgs.altcoins.litecoin pkgs.litecoin
]; ];
users.extraUsers = { users.extraUsers = {
bitcoin = { bitcoin = {

View File

@ -65,6 +65,13 @@ with import <stockholm/lib>;
config.krebs.users.makefu.pubkey config.krebs.users.makefu.pubkey
]; ];
}; };
users.users.nin = {
uid = genid "nin";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
users.extraUsers.dritter = { users.extraUsers.dritter = {
uid = genid_uint31 "dritter"; uid = genid_uint31 "dritter";
isNormalUser = true; isNormalUser = true;
@ -117,6 +124,26 @@ with import <stockholm/lib>;
localAddress = "10.233.2.2"; localAddress = "10.233.2.2";
}; };
} }
{
#onondaga
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
containers.onondaga = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.nin.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.5";
localAddress = "10.233.2.6";
};
}
<stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix> <stockholm/lass/2configs/privoxy-retiolum.nix>
@ -157,7 +184,7 @@ with import <stockholm/lib>;
imports = [ imports = [
<stockholm/lass/2configs/realwallpaper.nix> <stockholm/lass/2configs/realwallpaper.nix>
]; ];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = ''
alias /var/realwallpaper/realwallpaper.png; alias /var/realwallpaper/realwallpaper.png;
''; '';
} }
@ -352,7 +379,7 @@ with import <stockholm/lib>;
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
if ($scheme != "https") { if ($scheme != "https") {
rewrite ^ https://$host$uri permanent; rewrite ^ https://$host$request_uri permanent;
} }
auth_basic "Restricted Content"; auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''

View File

@ -47,7 +47,7 @@ with import <stockholm/lib>;
}; };
virtualHosts.default = { virtualHosts.default = {
default = true; default = true;
locations."/Nginx-Fancyindex-Theme-dark" = { locations."=/Nginx-Fancyindex-Theme-dark" = {
extraConfig = '' extraConfig = ''
alias ${pkgs.fetchFromGitHub { alias ${pkgs.fetchFromGitHub {
owner = "Naereen"; owner = "Naereen";

View File

@ -230,11 +230,11 @@ in {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8000; proxy_pass http://localhost:8000;
''; '';
locations."/recent".extraConfig = '' locations."= /recent".extraConfig = ''
alias /tmp/played; alias /tmp/played;
''; '';
}; };
virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let
html = pkgs.writeText "index.html" '' html = pkgs.writeText "index.html" ''
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">

View File

@ -21,29 +21,6 @@ in {
krebs.tinc_graphs.enable = true; krebs.tinc_graphs.enable = true;
users.users.lass-stuff = {
uid = genid_uint31 "lass-stuff";
description = "lassul.us blog cgi stuff";
home = "/var/empty";
};
services.phpfpm.poolConfigs."lass-stuff" = ''
listen = /var/run/lass-stuff.socket
user = lass-stuff
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
listen.owner = lass-stuff
listen.group = nginx
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
security.limit_extensions =
'';
users.groups.lasscert.members = [ users.groups.lasscert.members = [
"dovecot2" "dovecot2"
"ejabberd" "ejabberd"
@ -60,48 +37,33 @@ in {
locations."= /retiolum-hosts.tar.bz2".extraConfig = '' locations."= /retiolum-hosts.tar.bz2".extraConfig = ''
alias ${config.krebs.tinc.retiolum.hostsArchive}; alias ${config.krebs.tinc.retiolum.hostsArchive};
''; '';
locations."= /hosts".extraConfig = ''
alias ${pkgs.krebs-hosts_combined};
'';
locations."= /retiolum.hosts".extraConfig = '' locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.krebs-hosts-retiolum}; alias ${pkgs.krebs-hosts-retiolum};
''; '';
locations."= /wireguard-key".extraConfig = '' locations."= /wireguard-key".extraConfig = ''
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
''; '';
locations."/tinc".extraConfig = '' locations."/tinc/".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external; alias ${config.krebs.tinc_graphs.workingDir}/external;
''; '';
locations."/krebspage".extraConfig = '' locations."= /krebspage".extraConfig = ''
default_type "text/html"; default_type "text/html";
alias ${pkgs.krebspage}/index.html; alias ${pkgs.krebspage}/index.html;
''; '';
# TODO make this work! locations."= /init".extraConfig = let
locations."= /ddate".extraConfig = let
script = pkgs.writeBash "test" ''
echo "hello world"
'';
#script = pkgs.exec "ddate-wrapper" {
# filename = "${pkgs.ddate}/bin/ddate";
# argv = [];
#};
in ''
gzip off;
fastcgi_pass unix:/var/run/lass-stuff.socket;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param DOCUMENT_ROOT /var/empty;
fastcgi_param SCRIPT_FILENAME ${script};
fastcgi_param SCRIPT_NAME ${script};
'';
locations."/init".extraConfig = let
initscript = pkgs.init.override { initscript = pkgs.init.override {
pubkey = config.krebs.users.lass.pubkey; pubkey = config.krebs.users.lass.pubkey;
}; };
in '' in ''
alias ${initscript}; alias ${initscript};
''; '';
locations."/pub".extraConfig = '' locations."= /pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
''; '';
locations."/pub1".extraConfig = '' locations."= /pub1".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
''; '';
}; };

View File

@ -60,21 +60,23 @@ rec {
expires max; expires max;
''; '';
}; };
services.phpfpm.poolConfigs."${domain}" = '' services.phpfpm.pools."${domain}" = {
listen = /srv/http/${domain}/phpfpm.pool user = "nginx";
user = nginx group = "nginx";
group = nginx extraConfig = ''
pm = dynamic listen = /srv/http/${domain}/phpfpm.pool
pm.max_children = 25 pm = dynamic
pm.start_servers = 5 pm.max_children = 25
pm.min_spare_servers = 3 pm.start_servers = 5
pm.max_spare_servers = 20 pm.min_spare_servers = 3
listen.owner = nginx pm.max_spare_servers = 20
listen.group = nginx listen.owner = nginx
php_admin_value[error_log] = 'stderr' listen.group = nginx
php_admin_flag[log_errors] = on php_admin_value[error_log] = 'stderr'
catch_workers_output = yes php_admin_flag[log_errors] = on
''; catch_workers_output = yes
'';
};
}; };
serveOwncloud = domains: serveOwncloud = domains:
@ -169,22 +171,24 @@ rec {
access_log off; access_log off;
''; '';
}; };
services.phpfpm.poolConfigs."${domain}" = '' services.phpfpm.pools."${domain}" = {
listen = /srv/http/${domain}/phpfpm.pool user = "nginx";
user = nginx group = "nginx";
group = nginx extraConfig = ''
pm = dynamic listen = /srv/http/${domain}/phpfpm.pool
pm.max_children = 32 pm = dynamic
pm.max_requests = 500 pm.max_children = 32
pm.start_servers = 2 pm.max_requests = 500
pm.min_spare_servers = 2 pm.start_servers = 2
pm.max_spare_servers = 5 pm.min_spare_servers = 2
listen.owner = nginx pm.max_spare_servers = 5
listen.group = nginx listen.owner = nginx
php_admin_value[error_log] = 'stderr' listen.group = nginx
php_admin_flag[log_errors] = on php_admin_value[error_log] = 'stderr'
catch_workers_output = yes php_admin_flag[log_errors] = on
''; catch_workers_output = yes
'';
};
}; };
serveWordpress = domains: serveWordpress = domains:
@ -220,21 +224,23 @@ rec {
expires max; expires max;
''; '';
}; };
services.phpfpm.poolConfigs."${domain}" = '' services.phpfpm.pools."${domain}" = {
listen = /srv/http/${domain}/phpfpm.pool user = "nginx";
user = nginx group = "nginx";
group = nginx extraConfig = ''
pm = dynamic listen = /srv/http/${domain}/phpfpm.pool
pm.max_children = 25 pm = dynamic
pm.start_servers = 5 pm.max_children = 25
pm.min_spare_servers = 3 pm.start_servers = 5
pm.max_spare_servers = 20 pm.min_spare_servers = 3
listen.owner = nginx pm.max_spare_servers = 20
listen.group = nginx listen.owner = nginx
php_admin_value[error_log] = 'stderr' listen.group = nginx
php_admin_flag[log_errors] = on php_admin_value[error_log] = 'stderr'
catch_workers_output = yes php_admin_flag[log_errors] = on
''; catch_workers_output = yes
'';
};
}; };
} }

View File

@ -13,7 +13,7 @@ in {
}; };
}; };
config = { config = lib.mkIf cfg.enable {
systemd.services.autowifi = { systemd.services.autowifi = {
description = "Automatic wifi connector"; description = "Automatic wifi connector";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

View File

@ -0,0 +1 @@
{}

View File

View File

@ -0,0 +1,132 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/ableton.nix>
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.axon;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/pool/root";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext2";
};
boot.initrd.luks.devices.crypted.device = "/dev/sda2";
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# nin config
time.timeZone = "Europe/Berlin";
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
};
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
atom
chromium
firefox
git
htop
keepassx
lmms
networkmanagerapplet
openvpn
python
ruby
steam
taskwarrior
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xhost}/bin/xhost + local:
'';
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

View File

@ -0,0 +1,126 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
#../2configs/copyq.nix
<stockholm/nin/2configs/games.nix>
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
];
krebs.build.host = config.krebs.hosts.hiawatha;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
fsType = "ext4";
};
fileSystems."/tmp" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/home" =
{ device = "/dev/fam/home";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
fsType = "ext2";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
fileSystems."/home/nin/.local/share/Steam" = {
device = "/dev/fam/steam";
};
# nin config
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
networking.networkmanager.enable = true;
#networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
hardware.bluetooth.enable = true;
hardware.opengl.driSupport32Bit = true;
#nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
firefox
git
lmms
networkmanagerapplet
python
steam
thunderbird
vim
virtmanager
];
nixpkgs.config = {
allowUnfree = true;
};
#services.logind.extraConfig = "HandleLidSwitch=ignore";
services.xserver.synaptics = {
enable = true;
};
services.xserver.desktopManager.xfce = let
xbindConfig = pkgs.writeText "xbindkeysrc" ''
"${pkgs.pass}/bin/passmenu --type"
Control + p
'';
in {
enable = true;
extraSessionCommands = ''
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
'';
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

View File

@ -0,0 +1,23 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/nin>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/weechat.nix>
<stockholm/nin/2configs/git.nix>
];
krebs.build.host = config.krebs.hosts.onondaga;
boot.isContainer = true;
networking.useDHCP = false;
time.timeZone = "Europe/Amsterdam";
services.openssh.enable = true;
}

20
nin/2configs/ableton.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }: let
mainUser = config.users.extraUsers.nin;
in {
users.users= {
ableton = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
];
packages = [
pkgs.wine
pkgs.winetricks
];
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
'';
}

38
nin/2configs/copyq.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
copyqConfig = pkgs.writeDash "copyq-config" ''
${pkgs.copyq}/bin/copyq config check_clipboard true
${pkgs.copyq}/bin/copyq config check_selection true
${pkgs.copyq}/bin/copyq config copy_clipboard true
${pkgs.copyq}/bin/copyq config copy_selection true
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
${pkgs.copyq}/bin/copyq config item_popup_interval true
${pkgs.copyq}/bin/copyq config maxitems 1000
${pkgs.copyq}/bin/copyq config move true
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
systemd.user.services.copyq = {
after = [ "graphical.target" ];
wants = [ "graphical.target" ];
wantedBy = [ "default.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
};
};
}

173
nin/2configs/default.nix Normal file
View File

@ -0,0 +1,173 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
../2configs/vim.nix
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>);
}
{
users.users = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
nin = {
name = "nin";
uid = 1337;
home = "/home/nin";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"fuse"
];
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
config.krebs.users.nin_h.pubkey
];
};
};
}
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = {
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
})
];
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores;
krebs = {
enable = true;
dns.search-domain = "r";
build = {
user = config.krebs.users.nin;
};
};
nix.useSandbox = true;
users.mutableUsers = false;
services.timesyncd.enable = true;
#why is this on in the first place?
services.nscd.enable = false;
boot.tmpOnTmpfs = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
'';
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
gs = "git status";
};
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
proot
pavucontrol
populate
p7zip
termite
unzip
unrar
hashPassword
];
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
elif test $UID = 1337; then
PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
else
PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
fi
'';
};
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
krebs.iptables = {
enable = true;
tables = {
nat.PREROUTING.rules = [
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
];
};
};
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
}

70
nin/2configs/games.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
vdoom = pkgs.writeDash "vdoom" ''
${pkgs.zandronum}/bin/zandronum \
-fov 120 \
"$@"
'';
doom = pkgs.writeDash "doom" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} \
-file $DOOM_DIR/lib/brutalv20.pk3 \
"$@"
'';
doom1 = pkgs.writeDashBin "doom1" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
'';
doom2 = pkgs.writeDashBin "doom2" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
'';
vdoom1 = pkgs.writeDashBin "vdoom1" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
'';
vdoom2 = pkgs.writeDashBin "vdoom2" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
'';
doomservercfg = pkgs.writeText "doomserver.cfg" ''
skill 7
#survival true
#sv_maxlives 4
#sv_norespawn true
#sv_weapondrop true
no_jump true
#sv_noweaponspawn true
sv_sharekeys true
sv_survivalcountdowntime 1
sv_noteamselect true
sv_updatemaster false
#sv_coop_loseinventory true
#cl_startasspectator false
#lms_spectatorview false
'';
vdoomserver = pkgs.writeDashBin "vdoomserver" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${pkgs.zandronum}/bin/zandronum-server \
+exec ${doomservercfg} \
"$@"
'';
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
doom1
doom2
vdoom1
vdoom2
vdoomserver
];
hardware.pulseaudio.support32Bit = true;
}

60
nin/2configs/git.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
settings = {
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
};
};
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
rules = rules;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
repos = public-repos;
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
};
};
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
};
make-rules =
with git // config.krebs.users;
repo:
singleton {
user = [ nin nin_h ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (length (repo.collaborators or []) > 0) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
};
in out

19
nin/2configs/im.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
(pkgs.writeDashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
weechat
])}
ssh chat@onondaga
if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im
else
exec tmux new -s im weechat
fi
'')
];
}

28
nin/2configs/retiolum.nix Normal file
View File

@ -0,0 +1,28 @@
{ ... }:
{
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
];
};
};
krebs.tinc.retiolum = {
enable = true;
connectTo = [
"prism"
"pigstarter"
"gum"
"flap"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
}

27
nin/2configs/skype.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.nin;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
skype = {
name = "skype";
uid = genid "skype";
description = "user for running skype";
home = "/home/skype";
useDefaultShell = true;
extraGroups = [ "audio" "video" ];
createHome = true;
};
};
krebs.per-user.skype.packages = [
pkgs.skype
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(skype) NOPASSWD: ALL
'';
}

22
nin/2configs/termite.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
pkgs.termite
];
krebs.per-user.nin.packages = let
termitecfg = pkgs.writeTextFile {
name = "termite-config";
destination = "/etc/xdg/termite/config";
text = ''
[colors]
foreground = #d0d7d0
background = #000000
'';
};
in [
termitecfg
];
}

355
nin/2configs/vim.nix Normal file
View File

@ -0,0 +1,355 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
environment.systemPackages = [
vim
pkgs.pythonPackages.flake8
];
environment.etc.vimrc.source = vimrc;
environment.variables.EDITOR = mkForce "vim";
environment.variables.VIMINIT = ":so /etc/vimrc";
};
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=${dirs.backupdir}/
set directory=${dirs.swapdir}//
set hlsearch
set incsearch
set laststatus=2
set mouse=a
set noruler
set pastetoggle=<INS>
set runtimepath=${extra-runtimepath},$VIMRUNTIME
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n${files.viminfo}
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile *.hs so ${hs.vim}
au BufRead,BufNewFile *.nix so ${nix.vim}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <esc>[5^ :tabp<cr>
nnoremap <esc>[6^ :tabn<cr>
nnoremap <esc>[5@ :tabm -1<cr>
nnoremap <esc>[6@ :tabm +1<cr>
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
" <C-{Up,Down,Right,Left>
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
" <[C]S-{Up,Down,Right,Left>
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
'';
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.Syntastic
pkgs.vimPlugins.undotree
pkgs.vimPlugins.airline
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
rev = "refs/tags/1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
})
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark
hi clear
if exists("syntax_on")
syntax clear
endif
let colors_name = ${toJSON name}
hi Normal ctermbg=235
hi Comment ctermfg=242
hi Constant ctermfg=062
hi Identifier ctermfg=068
hi Function ctermfg=041
hi Statement ctermfg=167
hi PreProc ctermfg=167
hi Type ctermfg=041
hi Delimiter ctermfg=251
hi Special ctermfg=062
hi Garbage ctermbg=088
hi TabStop ctermbg=016
hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=148
hi NixData ctermfg=149
hi NixQuote ctermfg=150
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "vim";
in {
name = "vim-syntax-${name}-1.0.0";
destination = "/syntax/${name}.vim";
text = /* vim */ ''
${concatMapStringsSep "\n" (s: /* vim */ ''
syn keyword vimColor${s} ${s}
\ containedin=ALLBUT,vimComment,vimLineComment
hi vimColor${s} ctermfg=${s}
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "showsyntax";
in {
name = "vim-plugin-${name}-1.0.0";
destination = "/plugin/${name}.vim";
text = /* vim */ ''
if exists('g:loaded_showsyntax')
finish
endif
let g:loaded_showsyntax = 0
fu! ShowSyntax()
let id = synID(line("."), col("."), 1)
let name = synIDattr(id, "name")
let transName = synIDattr(synIDtrans(id),"name")
if name != transName
let name .= " (" . transName . ")"
endif
echo "Syntax: " . name
endfu
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";
swapdir = "$HOME/.cache/vim/swap";
undodir = "$HOME/.cache/vim/undo";
};
files = {
viminfo = "$HOME/.cache/vim/info";
};
mkdirs = let
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
in assert out != ""; out;
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.vim}/bin/vim "$@"
'';
hs.vim = pkgs.writeText "hs.vim" ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
nix.vim = pkgs.writeText "nix.vim" ''
setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[():/;=.,?\[\]]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
startAlts = filter isString [
''/\* ${lang} \*/''
extraStart
];
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
unlet b:current_syntax
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
haskell = {};
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
set bg=dark
'';
in
out

21
nin/2configs/weechat.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
let
inherit (import <stockholm/lib>) genid;
in {
krebs.per-user.chat.packages = with pkgs; [
mosh
weechat
tmux
];
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
};
}

7
nin/default.nix Normal file
View File

@ -0,0 +1,7 @@
_:
{
imports = [
../krebs
./2configs
];
}

35
nin/krops.nix Normal file
View File

@ -0,0 +1,35 @@
{ name }: let
inherit (import ../krebs/krops.nix { inherit name; })
krebs-source
lib
pkgs
;
source = { test }: lib.evalSource [
(krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
secrets = if test then {
file = toString ./0tests/dummysecrets;
} else {
pass = {
dir = "${lib.getEnv "HOME"}/.password-store";
name = "hosts/${name}";
};
};
}
];
in {
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
target = "root@${name}/var/src";
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
test = { target }: pkgs.krops.writeTest "${name}-test" {
inherit target;
source = source { test = true; };
};
}