Mic92
/
stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2023-03-08 19:27:59 +01:00
parent 8b4c488bff 2168f39612
commit caa8f83e79
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
88 changed files with 2392 additions and 1388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kartei/lass/prism.nix
View File

@ -21,7 +21,7 @@ rec {
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@ -38,6 +38,7 @@ rec {
mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {

242
kartei/mic92/default.nix
View File

@ -51,24 +51,6 @@ in {
};
};
};
herbert = {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
aliases = [ "herbert.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA7ZINr8YxVwHtcOR+ySpc9UjnJWsFXlOyu3CnrJ8IrY+mPA25UmNZ
stXd8QbJuxpad9HyPs294uW8UmXttEZzIwAlikVHasM5IQHVltudTTFvv7s3YFWd
/lgpHbo8zOA2mafx+Sr02Fy/lHjk6BTf8IOzdJIpUHZL/P+FUl9baBwGLmtbEvPh
fbvtf5QryBjJ9nRnb+wsPVpeFE/LncIMK/bYQsyE01T5QDu/muAaeYPbgm6FqaQH
OJ4oEHsarWBvU1qzgz/IRz0BHHeTrbbP3AG/glTwL02Z1mtTXSjME7cfk7ZRM5Cj
jXAqnqu2m1B08Kii+zYp4BPZDmPLT5gq+QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
rauter = {
owner = config.krebs.users.mic92;
nets = rec {
@ -161,19 +143,20 @@ in {
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa
QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl
4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo
JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF
Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4
RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G
QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41
pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK
u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG
vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z
H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ==
MIICCgKCAgEAvanhJvtvqnTGblOF9Dy7Un3vaLAJHGeu9z8YMARFh6ENe+duILp0
IDjJMZc7F3J01RbkjkfbzPiXmHN532MBcbKnp0Z5eUld/XmDdNCc3ekTifrYs2em
eJKFrx2Vhsx924PZ8cOOf7P+JuqJNQzMiy7ohATjpMLU9If1tjqSyV+/lGjbjckN
/e88XtG7Z4Cu5LdbD5Ajb4Rzp9gL0ae4aNw+2nX3wMJLYEjOcmBYuMzBcLYzVnZw
YrtgN9RV8md9gdb2B/Fj1PdJGDyjdiuGRE9LnloC3dpMSkmhbNm9DthsThaWMUn1
DyrtHrJoyNTO8OvyTfWK7EqKqZcZ+0gaTmtec5VCYWSCpb/CWLmHL3ydTyzNhtRA
9ZFRwPQUdBsYQ/G/xtGrMQf5T/FdqUj3bD5pGlw6vheabBkD8a8Bt7WB52fzWWb0
MZZlxyWiHoIim83LI8Qa5WHkJ7jZkV8XdrwsA7hkJpVikJIbWsdzwQVWBVvz5WiF
0z1vi/cb5EYe3MRRshhG5VpTHBJzDRmvkdbKqrWi8dFEzJGkr0NPflmVKYAIBnRI
xLemDSacswrvY1x9cdzCsNI92SkYxCvsVI27DCeeF5cfkApkZ0YcnOJm+3joTgpP
uF8mQiPsyavyuBg4QWWPwGJosDRbycmHEzGDRLoizSkAQX5c+rvCvVECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "5ZhQyLQ2RLTkKvFCN38dfmqfjZOnZmm19Vr1eiOVlID";
};
};
aenderpad = {
@ -239,37 +222,6 @@ in {
tinc.pubkey_ed25519 = "ZQt/OcrDlQZvtJyMEFcS6FKjtumBA9gBWr7VqGdbJBP";
};
};
martha = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.53";
ip6.addr = "2001:630:3c1:164:6d4:c4ff:fe04:4aba";
aliases = [ "martha.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.179";
aliases = [ "martha.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp
LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ
3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe
FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK
WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S
iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn
XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F
e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs
sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC
4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM
mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "emKq1mfkW4/aCoCwmeFU3DtppKs+KsTvd9YGoFkFgdC";
};
};
};
matchbox = {
owner = config.krebs.users.mic92;
nets = {
@ -294,32 +246,6 @@ in {
};
};
};
sauron = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.75";
ip6.addr = "2001:630:3c1:164:d65d:64ff:feb0:e8a8";
aliases = [ "sauron.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.194";
aliases = [ "sauron.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ
GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1
XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E
W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf
74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG
67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ";
};
};
};
bill = {
owner = config.krebs.users.mic92;
nets = rec {
@ -435,73 +361,6 @@ in {
};
};
};
harsha = {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.184";
aliases = [
"harsha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39
P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o
MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg
dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h
TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K
zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
redha = {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.188";
aliases = [
"redha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O
s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE
a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH
RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e
FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN";
};
};
};
grandalf = {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.187";
aliases = [
"grandalf.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7
XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC
qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL
2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI
jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
/btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL";
};
};
};
doctor = {
owner = config.krebs.users.mic92;
@ -989,6 +848,83 @@ in {
};
};
};
amy = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# amy.dse.in.tum.de
ip4.addr = "131.159.102.20";
ip6.addr = "2a09:80c0:102::20";
aliases = [ "amy.i" ];
};
retiolum = {
aliases = [ "amy.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEApa/qv4uKxr8lpQQau3dqgNqtXOtnN/u/5VlF2f/oNt+cDUAmAgaq
6ktUv5HT27xCye1lJ2XNaXDF1lSUNgpdhmv7lnqqwDYi3m8HBnBMUlgXuT1mFtFv
RybbrvbedKka4+MMXsUmFJj1udOzJSBfRIVO+M4lRvyWUbm2R18mnrz6DK9++EmL
JCTOcBZYzjCa7OciBPJfjLrLAZZC9JnRxrvAnF2tMzGZiaCI4uX5ZKUMeMO/pwBD
13MhxdDJeXOl98+nKRBZzft9K0qZmAnfR1a9a0dS6hstUWvl1xDLQP3L+/89sjee
PjchaS9qQxdjj6USCEqMJOyetWzN3rabSwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "a4tdZ49nmEgYqhW11FDPhV+Oj2IFsOV2PSjxgJlceeH";
};
};
};
rose = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# clara.dse.in.tum.de
ip4.addr = "131.159.102.21";
ip6.addr = "2a09:80c0:102::21";
aliases = [ "rose.i" ];
};
retiolum = {
aliases = [ "rose.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAtinCwGjGfFTdpU+CnugM4MH6z4XLFlLMIW4Z642iq2arXOrrCq09
yRG5UC6CBqORnF2FZhHu+wJQMexLXNILavyG6JXERvCm6S5MaFc2YlHSyBcV4AqE
Zrjb1wSvlXGcom8C6/HGElsHqI9ULtiUqEEzES6UgUVcO7QrEy03264KZ0y4M/Ov
5CpXbyg6tRl3CoLJE+eXyLdOGwHo/eN7M+YSaTU6bEYjJGYAltnJDO9DZxtnaZn2
qSImJEwRD7YMPvs/zf/kKI6ihaF/oQMWyj/f0Ik/eif7rd3DRBlWFaZYr+JQBRZg
jkaQ6EEX94WKHv6RgI25dqh8hpMaoY0OYQIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "GZyz9AVjJlbE34pS2zURwVBZCCzpD0S+VqToLlB5aBI";
};
};
};
clara = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# clara.dse.in.tum.de
ip4.addr = "131.159.102.22";
ip6.addr = "2a09:80c0:102::22";
aliases = [ "clara.i" ];
};
retiolum = {
aliases = [ "clara.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqebCzWDLcSU0uSA54Ublw8JSM5kErwJlOr2QOFVm0/QPWNDDqoV4
rquS25NRZ37c4hj3BuINQrItAy7pOVrp0SARXZdyqMz3VoGndDge6p/8KEuRFQZi
nmYrnsSuys0HOLfb2xQkOkGKBwyEc1hNGHFcw8XtJJMZSFBchQp1C8o3B3uXZq7j
yBdUAh0crLPbL+B/xzZPDdLMigh922ejuPuGhtrTKOIQ1Jhyi5ft/Xif5JJja1Ru
i/FUxzy/PBz+h7X3yTv4DOIyuMYMJQZpsUGBj7cwueab6rgxyV8upHLdZQ/2YI7m
Q6cFnskLkLGlnR/gXcamgj3Sa7J3HQX9TwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "WjXoFt4TG0SqCewYXyH563MACWxhjDixCv1Dk8mDe9B";
};
};
};
};
users = {
mic92 = {

21
kartei/palo/default.nix
View File

@ -17,13 +17,28 @@ let
in
{
hosts = mapAttrs hostDefaults {
sterni = {
sol = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
tinc.port = 720;
aliases = [ "sterni.r" ];
tinc.pubkey = builtins.readFile ./retiolum.pub;
aliases = [ "sol.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60
mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC
Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu
lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1
7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT
NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV
yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef
Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q
hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr
vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg
uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP";
};
};
};

13
kartei/palo/retiolum.pub
View File

@ -1,13 +0,0 @@
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
-----END RSA PUBLIC KEY-----

4
krebs/1systems/hotdog/config.nix
View File

@ -26,4 +26,8 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.sync-containers3.inContainer = {
enable = true;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM20tYHHvwIgrJZzR35ATzH9AlTrM1enNKEQJ7IP6lBh";
};
}

11
krebs/1systems/news/config.nix
View File

@ -17,13 +17,8 @@
boot.isContainer = true;
networking.useDHCP = lib.mkForce true;
krebs.bindfs = {
"/var/lib/brockman" = {
source = "/var/state/brockman";
options = [
"-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}"
];
clearTarget = true;
};
krebs.sync-containers3.inContainer = {
enable = true;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv";
};
}

9
krebs/2configs/hotdog-host.nix Normal file
View File

@ -0,0 +1,9 @@
{
krebs.sync-containers3.containers.hotdog = {
sshKey = "${toString <secrets>}/hotdog.sync.key";
};
containers.hotdog.bindMounts."/var/lib" = {
hostPath = "/var/lib/sync-containers3/hotdog/state";
isReadOnly = false;
};
}

9
krebs/2configs/news-host.nix
View File

@ -1,10 +1,5 @@
{
krebs.sync-containers.containers.news = {
peers = [
"shodan"
"mors"
"styx"
];
format = "plain";
krebs.sync-containers3.containers.news = {
sshKey = "${toString <secrets>}/news.sync.key";
};
}

3
krebs/2configs/news.nix
View File

@ -74,7 +74,7 @@
limits.identlen = 100;
history.enabled = false;
};
systemd.services.brockman.bindsTo = [ "ergo.service" ];
systemd.services.brockman.bindsTo = [ "ergochat.service" ];
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = {
@ -87,6 +87,7 @@
nick = "brockman";
extraChannels = [ "#all" ];
};
statePath = "/var/state/brockman/brockman.json";
bots = {};
};
};

4
krebs/3modules/sync-containers3.nix
View File

@ -104,7 +104,9 @@ in {
consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" ''
set -efux
if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then
nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 container_sync@${ctr.name}.r:disk "$HOME"/disk
nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync
touch "$HOME"/incomplete
nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk
rm -f "$HOME"/incomplete
fi
''}

15
krebs/3modules/urlwatch.nix
View File

@ -71,7 +71,7 @@ let
description = "URL to watch.";
example = [
https://nixos.org/channels/nixos-unstable/git-revision
{ url = http://localhost ; filter = "grep:important.*stuff"; }
{ url = http://localhost ; filter = [ (grep "important.*stuff") ]; }
];
apply = map (x: getAttr (typeOf x) {
set = x;
@ -177,12 +177,15 @@ let
echo Date: $(date -R)
echo From: ${shell.escape cfg.from}
echo Subject: $(
sed -n 's/^\(CHANGED\|ERROR\|NEW\): //p' changes \
| tr '\n' ' '
sed -nr 's/^(CHANGED|ERROR|NEW): //p' changes |
sed '1!s/^ //'
)
echo To: ${shell.escape cfg.mailto}
echo Mime-Version: 1.0
echo Content-Type: text/plain\; charset=UTF-8
echo Content-Transfer-Encoding: base64
echo
cat changes
base64 changes
} | /run/wrappers/bin/sendmail -t
fi
''}
@ -211,7 +214,9 @@ let
};
filter = mkOption {
default = null;
type = with types; nullOr str; # TODO nullOr subtypes.filter
type =
with types;
nullOr (either str (listOf (pkgs.formats.json {}).type));
};
ignore_cached = mkOption {
default = null;

20
krebs/5pkgs/haskell/flameshot-once.nix
View File

@ -1,20 +0,0 @@
{ mkDerivation, async, base, blessings, bytestring, dbus, fetchgit
, iso8601-time, lib, process, random, text, time, unagi-chan, unix
}:
mkDerivation {
pname = "flameshot-once";
version = "1.4.0";
src = fetchgit {
url = "https://cgit.krebsco.de/flameshot-once";
sha256 = "13szgsiwn29aixm5xvs1m7128y5km5xss0ry5ii5y068rc2vysw8";
rev = "4475893c2081b3d9db4b7a54d0ce38d0914a17bf";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
async base blessings bytestring dbus iso8601-time process random
text time unagi-chan unix
];
license = lib.licenses.mit;
}

8
krebs/5pkgs/haskell/much.nix
View File

@ -7,13 +7,13 @@
, servant-server, split, terminal-size, text, time, transformers
, transformers-compat, unix, vector, wai, warp
}:
mkDerivation {
mkDerivation rec {
pname = "much";
version = "1.3.1";
version = "1.3.2";
src = fetchgit {
url = "https://cgit.krebsco.de/much";
sha256 = "0gwyhqcvg9ywna8fhb9hnx97qh5inglj3l0pcwkgwcvm27mfpcqa";
rev = "77357335a3a88a4b93f91a46ab939a1a9b192977";
hash = "sha256-q65EYO1d3NYVv2NECkGWPb1TyHGdARNi/GX4pgQmljc=";
rev = "refs/tags/${version}";
fetchSubmodules = true;
};
isLibrary = true;

17
krebs/5pkgs/haskell/pager.nix
View File

@ -1,21 +1,22 @@
{ mkDerivation, base, blessings, bytestring, containers
, data-default, hack, lib, optparse-applicative, probability
, scanner, speculate, split, terminal-size, text, unix, X11
, fetchgit
{ mkDerivation, aeson, base, blessings, bytestring, containers
, data-default, extra, fetchgit, hack, lib, optparse-applicative
, probability, scanner, speculate, split, terminal-size, text, unix
, utf8-string, X11
}:
mkDerivation {
pname = "pager";
version = "1.0.0";
src = fetchgit {
url = "https://cgit.krebsco.de/pager";
sha256 = "1qlkhqidaa6w02ix9ambfdsm7lfyx30ap481b9ic1ppyfkhqzfp6";
rev = "fc6105a5e7d1e3a07bf07ea85e7902dd8e9fc849";
sha256 = "07wjlhnb27vfhkqq5vhi768mlrcpwl4b2yfk04v3lw047q6pmby0";
rev = "dfa3ff346d22d332ffbadd46963f1cc5cb2a4939";
fetchSubmodules = true;
};
isLibrary = false;
isLibrary = true;
isExecutable = true;
libraryHaskellDepends = [ base extra utf8-string X11 ];
executableHaskellDepends = [
base blessings bytestring containers data-default hack
aeson base blessings bytestring containers data-default hack
optparse-applicative probability scanner speculate split
terminal-size text unix X11
];

416
krebs/5pkgs/simple/flameshot-once/config.nix Normal file
View File

@ -0,0 +1,416 @@
{ config, pkgs, ... }:
with pkgs.stockholm.lib;
let
# Encode integer to C-escaped string of bytes, little endian / LSB 0
le = rec {
x1 = i: let
i0 = mod i 16;
i1 = i / 16;
in
if i == 0 then
"\\0"
else if i < 16 then
"\\x${elemAt hexchars i0}"
else
"\\x${elemAt hexchars i1}${elemAt hexchars i0}";
x2 = i: let
i0 = mod i 256;
i1 = i / 256;
in
"${x1 i1}${x1 i0}";
x4 = i: let
i0 = mod i 65536;
i1 = i / 65536;
in
"${x2 i1}${x2 i0}";
};
toQList = t: xs:
assert t == "int";
"QList<${t}>${le.x4 0}${le.x1 (length xs)}${concatMapStrings le.x4 xs}";
in
{
options = {
imgur = mkOption {
default = {};
type = types.submodule {
options = {
enable = mkEnableOption "imgur";
createUrl = mkOption {
example = "http://p.r/image";
type = types.str;
};
deleteUrl = mkOption {
example = "http://p.r/image/delete/%1";
type = types.str;
};
xdg-open = mkOption {
default = {};
type = types.submodule {
options = {
enable = mkEnableOption "imgur.xdg-open" // {
default = true;
};
browser = mkOption {
default = "${pkgs.coreutils}/bin/false";
type = types.str;
};
createPrefix = mkOption {
default = config.imgur.createUrl;
type = types.str;
};
deletePrefix = mkOption {
default = removeSuffix "/%1" config.imgur.deleteUrl;
type = types.str;
};
};
};
};
};
};
};
package = mkOption {
type = types.package;
default = import ./flameshot { inherit pkgs; };
};
settings = {
# Options without a description are not documented in flameshot's README.
# Compare with:
# nix-shell -p flameshot-once.dev --run get-recognizedGeneralOptions
General = mapAttrs (_: recursiveUpdate { default = null; }) {
allowMultipleGuiInstances = mkOption {
description = ''
Allow multiple instances of `flameshot gui` to run at the same time
'';
type = with types; nullOr bool;
};
antialiasingPinZoom = mkOption {
description = ''
Anti-aliasing image when zoom the pinned image
'';
type = with types; nullOr bool;
};
autoCloseIdleDaemon = mkOption {
description = ''
Automatically close daemon when it's not needed
'';
type = with types; nullOr bool;
};
buttons = let
buttonTypes = {
# Generated with:
# nix-shell -p flameshot-once.dev --run get-buttonTypes
TYPE_PENCIL = 0;
TYPE_DRAWER = 1;
TYPE_ARROW = 2;
TYPE_SELECTION = 3;
TYPE_RECTANGLE = 4;
TYPE_CIRCLE = 5;
TYPE_MARKER = 6;
TYPE_SELECTIONINDICATOR = 7;
TYPE_MOVESELECTION = 8;
TYPE_UNDO = 9;
TYPE_COPY = 10;
TYPE_SAVE = 11;
TYPE_EXIT = 12;
TYPE_IMAGEUPLOADER = 13;
TYPE_OPEN_APP = 14;
TYPE_PIXELATE = 15;
TYPE_REDO = 16;
TYPE_PIN = 17;
TYPE_TEXT = 18;
TYPE_CIRCLECOUNT = 19;
TYPE_SIZEINCREASE = 20;
TYPE_SIZEDECREASE = 21;
TYPE_INVERT = 22;
TYPE_ACCEPT = 23;
};
iterableButtonTypes = [
# Generated with:
# nix-shell -p flameshot-once.dev --run get-iterableButtonTypes
"TYPE_ACCEPT"
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COPY"
"TYPE_DRAWER"
"TYPE_EXIT"
"TYPE_IMAGEUPLOADER"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_OPEN_APP"
"TYPE_PENCIL"
"TYPE_PIN"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_REDO"
"TYPE_SAVE"
"TYPE_SELECTION"
"TYPE_SIZEDECREASE"
"TYPE_SIZEINCREASE"
"TYPE_TEXT"
"TYPE_UNDO"
];
in mkOption {
apply = names:
if names != null then let
values = map (name: buttonTypes.${name}) names;
in
''@Variant(\0\0\0\x7f\0\0\0\v${toQList "int" values})''
else
null;
description = ''
Configure which buttons to show after drawing a selection
'';
type = with types; nullOr (listOf (enum iterableButtonTypes));
};
checkForUpdates = mkOption {
type = with types; nullOr bool;
};
contrastOpacity = mkOption {
description = ''
Opacity of area outside selection
'';
type = with types; nullOr (boundedInt 0 255);
};
contrastUiColor = mkOption {
description = ''
Contrast UI color
'';
type = with types; nullOr flameshot.color;
};
copyAndCloseAfterUpload = mkOption {
type = with types; nullOr bool;
};
copyOnDoubleClick = mkOption {
type = with types; nullOr bool;
};
copyPathAfterSave = mkOption {
description = ''
Copy path to image after save
'';
type = with types; nullOr bool;
};
copyURLAfterUpload = mkOption {
description = ''
On successful upload, close the dialog and copy URL to clipboard
'';
type = with types; nullOr bool;
};
disabledTrayIcon = mkOption {
description = ''
Whether the tray icon is disabled
'';
type = with types; nullOr bool;
};
drawColor = mkOption {
description = ''
Last used color
'';
type = with types; nullOr flameshot.color;
};
drawFontSize = mkOption {
type = with types; nullOr positive;
};
drawThickness = mkOption {
description = ''
Last used tool thickness
'';
type = with types; nullOr positive;
};
filenamePattern = mkOption {
description = ''
Filename pattern using C++ strftime formatting
'';
type =
# This is types.filename extended by [%:][%:+]*
with types;
nullOr (addCheck str (test "[%:0-9A-Za-z._][%:+0-9A-Za-z._-]*"));
};
fontFamily = mkOption {
type = with types; nullOr str;
};
historyConfirmationToDelete = mkOption {
type = with types; nullOr bool;
};
ignoreUpdateToVersion = mkOption {
description = ''
Ignore updates to versions less than this value
'';
type = with types; nullOr str;
};
keepOpenAppLauncher = mkOption {
description = ''
Keep the App Launcher open after selecting an app
'';
type = with types; nullOr bool;
};
predefinedColorPaletteLarge = mkOption {
description = ''
Use larger color palette as the default one
'';
type = with types; nullOr bool;
};
saveAfterCopy = mkOption {
description = ''
Save image after copy
'';
type = with types; nullOr bool;
};
saveAsFileExtension = mkOption {
description = ''
Default file extension for screenshots
'';
type = with types; nullOr (addCheck filename (hasPrefix "."));
};
safeLastRegion = mkOption {
type = with types; nullOr bool;
};
savePath = mkOption {
description = ''
Image Save Path
'';
type = with types; nullOr absolute-pathname;
};
savePathFixed = mkOption {
description = ''
Whether the savePath is a fixed path
'';
type = with types; nullOr bool;
};
showDesktopNotification = mkOption {
description = ''
Show desktop notifications
'';
type = with types; nullOr bool;
};
showHelp = mkOption {
description = ''
Show the help screen on startup
'';
type = with types; nullOr bool;
};
showMagnifier = mkOption {
type = with types; nullOr bool;
};
showSelectionGeometry = mkOption {
type = with types; nullOr (boundedInt 0 5);
};
showSelectionGeometryHideTime = mkOption {
type = with types; nullOr uint;
};
showSidePanelButton = mkOption {
description = ''
Show the side panel button
'';
type = with types; nullOr bool;
};
showStartupLaunchMessage = mkOption {
type = with types; nullOr bool;
};
squareMagnifier = mkOption {
type = with types; nullOr bool;
};
startupLaunch = mkOption {
description = ''
Launch at startup
'';
type = with types; nullOr bool;
};
uiColor = mkOption {
description = ''
Main UI color
'';
type = with types; nullOr flameshot.color;
};
undoLimit = mkOption {
type = with types; nullOr (boundedInt 0 999);
};
uploadClientSecret = mkOption {
type = with types; nullOr str;
};
uploadHistoryMax = mkOption {
type = with types; nullOr uint;
};
uploadWithoutConfirmation = mkOption {
description = ''
Upload to imgur without confirmation
'';
type = with types; nullOr bool;
};
useJpgForClipboard = mkOption {
description = ''
Use JPG format instead of PNG
'';
type = with types; nullOr bool;
};
userColors = mkOption {
apply = value:
if value != null then
concatStringsSep ", " value
else
null;
description = ''
List of colors for color picker
The colors are arranged counter-clockwise with the first being set
to the right of the cursor. "picker" adds a custom color picker.
'';
type =
with types;
nullOr (listOf (either flameshot.color (enum ["picker"])));
};
};
Shortcuts = genAttrs [
# Generated with:
# nix-shell -p flameshot-once.dev --run get-Shortcuts
"TYPE_ACCEPT"
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COMMIT_CURRENT_TOOL"
"TYPE_COPY"
"TYPE_DELETE_CURRENT_TOOL"
"TYPE_DRAWER"
"TYPE_EXIT"
"TYPE_IMAGEUPLOADER"
"TYPE_INVERT"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_MOVE_DOWN"
"TYPE_MOVE_LEFT"
"TYPE_MOVE_RIGHT"
"TYPE_MOVE_UP"
"TYPE_OPEN_APP"
"TYPE_PENCIL"
"TYPE_PIN"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_REDO"
"TYPE_RESIZE_DOWN"
"TYPE_RESIZE_LEFT"
"TYPE_RESIZE_RIGHT"
"TYPE_RESIZE_UP"
"TYPE_SAVE"
"TYPE_SELECTION"
"TYPE_SELECTIONINDICATOR"
"TYPE_SELECT_ALL"
"TYPE_SIZEDECREASE"
"TYPE_SIZEINCREASE"
"TYPE_SYM_RESIZE_DOWN"
"TYPE_SYM_RESIZE_LEFT"
"TYPE_SYM_RESIZE_RIGHT"
"TYPE_SYM_RESIZE_UP"
"TYPE_TEXT"
"TYPE_TOGGLE_PANEL"
"TYPE_UNDO"
] (name: mkOption {
default = null;
type = with types; nullOr str;
});
};
};
}

161
krebs/5pkgs/simple/flameshot-once/default.nix
View File

@ -1,28 +1,149 @@
{ pkgs, stockholm, ... }@args:
with stockholm.lib;
{ name ? "flameshot-once", pkgs, ... }@args:
with pkgs.stockholm.lib;
let
# config cannot be declared in the input attribute set because that would
# cause callPackage to inject the wrong config. Instead, get it from ...
# via args.
config = args.config or {};
cfg = evalModulesConfig (singleton {
_file = toString ./default.nix;
_module.args.pkgs = pkgs;
imports = [
config
./config.nix
];
});
in
pkgs.symlinkJoin {
name = "flameshot-once-wrapper";
paths = [
(pkgs.writeDashBin "flameshot-once" ''
export PATH=${makeBinPath [
pkgs.flameshot
pkgs.qt5.qtbase
pkgs.xclip
pkgs.xwaitforwindow
]}
${optionalString (config != null) /* sh */ ''
. ${import ./profile.nix { inherit config pkgs; }}
''}
exec ${pkgs.haskellPackages.flameshot-once}/bin/flameshot-once "$@"
'')
pkgs.haskellPackages.flameshot-once
];
}
pkgs.symlinkJoin {
inherit name;
paths = [
(pkgs.write "flameshot-once" {
"/bin/flameshot-once" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
export PATH=${makeBinPath [
pkgs.qt5.qtbase
]}:''${PATH+:$PATH}
${optionalString (config != null) /* sh */ ''
export XDG_CONFIG_HOME=${placeholder "out"}/etc
${optionalString cfg.imgur.enable /* sh */ ''
export IMGUR_CREATE_URL=${shell.escape cfg.imgur.createUrl}
export IMGUR_DELETE_URL=${shell.escape cfg.imgur.deleteUrl}
${optionalString cfg.imgur.xdg-open.enable /* sh */ ''
export PATH=${placeholder "out"}/lib/imgur/bin''${PATH+:$PATH}
''}
''}
''}
${cfg.package}/bin/flameshot &
exec ${cfg.package}/bin/flameshot gui
'';
};
"/etc/flameshot/flameshot.ini".text =
lib.generators.toINI {} (stripAttr cfg.settings);
${if cfg.imgur.enable then "/lib/imgur/bin/xdg-open" else null} = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
set -efu
uri=$1
prefix=$(${pkgs.coreutils}/bin/dirname "$uri")
case $prefix in
(${shell.escape cfg.imgur.xdg-open.createPrefix})
echo "opening image in browser: $uri" >&2
exec ${config.imgur.xdg-open.browser} "$uri"
;;
(${shell.escape cfg.imgur.xdg-open.deletePrefix})
echo "deleting image: $uri" >&2
exec ${pkgs.curl}/bin/curl -fsS -X DELETE "$uri"
;;
(*)
echo "don't know how to open URI: $uri" >&2
exit 1
esac
'';
};
})
];
}
// {
dev = pkgs.write "flameshot-once-tools" {
"/bin/get-buttonTypes" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
indent=$(${placeholder "out"}/bin/indent-of buttonTypes)
src=${cfg.package.src}/src/tools/capturetool.h
${pkgs.coreutils}/bin/cat "$src" |
${pkgs.gnused}/bin/sed -nr '
s/^\s*(TYPE_\S+)\s*=\s*([0-9]+),/\1 = \2;/p
' |
${placeholder "out"}/bin/prefix " $indent"
'';
};
"/bin/get-iterableButtonTypes" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
indent=$(${placeholder "out"}/bin/indent-of iterableButtonTypes)
src=${cfg.package.src}/src/widgets/capture/capturetoolbutton.cpp
${pkgs.coreutils}/bin/cat "$src" |
${pkgs.gnused}/bin/sed -n '/\<iterableButtonTypes = {/,/^}/p' |
${pkgs.gcc}/bin/cpp |
${pkgs.coreutils}/bin/tr , \\n |
${pkgs.gnused}/bin/sed -rn 's/^ *CaptureTool::(TYPE_[A-Z_]+).*/"\1"/p' |
${pkgs.coreutils}/bin/sort |
${placeholder "out"}/bin/prefix " $indent"
'';
};
"/bin/get-recognizedGeneralOptions" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
src=${cfg.package.src}/src/utils/confighandler.cpp
${pkgs.coreutils}/bin/cat "$src" |
${pkgs.gnused}/bin/sed -n '/\<recognizedGeneralOptions = {/,/^};/p' |
${pkgs.gcc}/bin/cpp |
${pkgs.gnugrep}/bin/grep -F OPTION |
${pkgs.coreutils}/bin/sort
'';
};
"/bin/get-Shortcuts" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
indent=$(${placeholder "out"}/bin/indent-of Shortcuts)
src=${cfg.package.src}/src/utils/confighandler.cpp
${pkgs.coreutils}/bin/cat "$src" |
${pkgs.gnused}/bin/sed -n '/recognizedShortcuts = {/,/^};/p ' |
${pkgs.gcc}/bin/cpp |
${pkgs.gnused}/bin/sed -nr 's/^\s*SHORTCUT\("(TYPE_[^"]+).*/"\1"/p' |
${pkgs.coreutils}/bin/sort |
${placeholder "out"}/bin/prefix " $indent"
'';
};
"/bin/indent-of" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
# usage: indent-of NAME NIX_FILE
exec ${pkgs.gawk}/bin/awk -v name="$1" '
$1 == name && $2 == "=" {
sub("[^ ].*", "")
print
}
' ${./config.nix}
'';
};
"/bin/prefix" = {
executable = true;
text = /* sh */ ''
#! ${pkgs.dash}/bin/dash
${pkgs.gawk}/bin/awk -v prefix="$1" '{ print prefix $0 }'
'';
};
};
}

16
krebs/5pkgs/simple/flameshot-once/flameshot/default.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs }:
pkgs.flameshot.overrideAttrs (old: rec {
name = "flameshot-${version}";
version = "12.1.0-pre";
src = pkgs.fetchFromGitHub {
owner = "flameshot-org";
repo = "flameshot";
rev = "f7e41f4d708e50eeaec892408069da25a28e04a2";
hash = "sha256-fZquXY0xSaN1hJgCh16MocIlvxHe1c2Nt+fGF2NIOVw=";
};
patches = old.patches or [] ++ [
./flameshot-12.imgur.patch
./flameshot-12.history.patch
];
})

28
krebs/5pkgs/simple/flameshot-once/flameshot/flameshot-12.history.patch Normal file
View File

@ -0,0 +1,28 @@
diff --git a/src/utils/history.cpp b/src/utils/history.cpp
index f3ee09d0..7c85c34b 100644
--- a/src/utils/history.cpp
+++ b/src/utils/history.cpp
@@ -76,9 +76,9 @@ const HistoryFileName& History::unpackFileName(const QString& fileNamePacked)
int nPathIndex = fileNamePacked.lastIndexOf("/");
QStringList unpackedFileName;
if (nPathIndex == -1) {
- unpackedFileName = fileNamePacked.split("-");
+ unpackedFileName = fileNamePacked.split("|");
} else {
- unpackedFileName = fileNamePacked.mid(nPathIndex + 1).split("-");
+ unpackedFileName = fileNamePacked.mid(nPathIndex + 1).split("|");
}
switch (unpackedFileName.length()) {
@@ -109,9 +109,9 @@ const QString& History::packFileName(const QString& storageType,
if (storageType.length() > 0) {
if (deleteToken.length() > 0) {
m_packedFileName =
- storageType + "-" + deleteToken + "-" + m_packedFileName;
+ storageType + "|" + deleteToken + "|" + m_packedFileName;
} else {
- m_packedFileName = storageType + "-" + m_packedFileName;
+ m_packedFileName = storageType + "|" + m_packedFileName;
}
}
return m_packedFileName;

43
krebs/5pkgs/simple/flameshot-once/flameshot/flameshot-12.imgur.patch Normal file
View File

@ -0,0 +1,43 @@
diff --git a/src/tools/imgupload/storages/imgur/imguruploader.cpp b/src/tools/imgupload/storages/imgur/imguruploader.cpp
index d6748b5a..5bb8d7de 100644
--- a/src/tools/imgupload/storages/imgur/imguruploader.cpp
+++ b/src/tools/imgupload/storages/imgur/imguruploader.cpp
@@ -16,6 +16,7 @@
#include <QNetworkRequest>
#include <QShortcut>
#include <QUrlQuery>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap& capture, QWidget* parent)
: ImgUploaderBase(capture, parent)
@@ -70,7 +71,13 @@ void ImgurUploader::upload()
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem(QStringLiteral("description"), description);
- QUrl url(QStringLiteral("https://api.imgur.com/3/image"));
+ const char *IMGUR_CREATE_URL = secure_getenv("IMGUR_CREATE_URL");
+ QString createUrlPattern =
+ IMGUR_CREATE_URL != NULL
+ ? QString::fromUtf8(IMGUR_CREATE_URL)
+ : QStringLiteral("https://api.imgur.com/3/image")
+ ;
+ QUrl url(createUrlPattern);
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,
@@ -87,8 +94,14 @@ void ImgurUploader::deleteImage(const QString& fileName,
const QString& deleteToken)
{
Q_UNUSED(fileName)
+ const char *IMGUR_DELETE_URL = secure_getenv("IMGUR_DELETE_URL");
+ QString deleteImageURLPattern =
+ IMGUR_DELETE_URL != NULL
+ ? QString::fromUtf8(IMGUR_DELETE_URL)
+ : QStringLiteral("https://imgur.com/delete/%1")
+ ;
bool successful = QDesktopServices::openUrl(
- QUrl(QStringLiteral("https://imgur.com/delete/%1").arg(deleteToken)));
+ QUrl(deleteImageURLPattern.arg(deleteToken)));
if (!successful) {
notification()->showMessage(tr("Unable to open the URL."));
}

235
krebs/5pkgs/simple/flameshot-once/profile.nix
View File

@ -1,235 +0,0 @@
{ config, pkgs }:
with pkgs.stockholm.lib;
with generators;
let
# Refs https://github.com/lupoDharkael/flameshot/blob/master/src/widgets/capture/capturebutton.h
ButtonType = {
PENCIL = 0;
DRAWER = 1;
ARROW = 2;
SELECTION = 3;
RECTANGLE = 4;
CIRCLE = 5;
MARKER = 6;
SELECTIONINDICATOR = 7;
MOVESELECTION = 8;
UNDO = 9;
COPY = 10;
SAVE = 11;
EXIT = 12;
IMAGEUPLOADER = 13;
OPEN_APP = 14;
BLUR = 15;
REDO = 16;
PIN = 17;
TEXT = 18;
CIRCLECOUNT = 19;
};
cfg = eval.config;
eval = evalModules {
modules = singleton {
_file = toString ./profile.nix;
imports = singleton config;
options = {
buttons = mkOption {
apply = map (name: ButtonType.${name});
default = [
"PENCIL"
"DRAWER"
"ARROW"
"SELECTION"
"RECTANGLE"
"CIRCLE"
"MARKER"
"SELECTIONINDICATOR"
"MOVESELECTION"
"UNDO"
"SAVE"
"EXIT"
"BLUR"
"CIRCLECOUNT"
]
++ optional cfg.imgur.enable "IMAGEUPLOADER"
;
type = types.listOf (types.enum (attrNames ButtonType));
};
copyAndCloseAfterUpload = mkOption {
default = false;
type = types.bool;
};
disabledTrayIcon = mkOption {
default = true;
type = types.bool;
};
drawColor = mkOption {
default = "#ff0000";
type =
types.addCheck types.str (test "#[0-9A-Fa-f]{6}");
};
drawThickness = mkOption {
default = 8;
type = types.positive;
};
filenamePattern = mkOption {
default = "%FT%T%z_flameshot";
type =
# This is types.filename extended by [%:][%:+]*
types.addCheck types.str (test "[%:0-9A-Za-z._][%:+0-9A-Za-z._-]*");
};
imgur = mkOption {
default = {};
type = types.submodule {
options = {
enable = mkEnableOption "imgur";
createUrl = mkOption {
example = "http://p.r/image";
type = types.str;
};
deleteUrl = mkOption {
example = "http://p.r/image/delete/%1";
type = types.str;
};
xdg-open = mkOption {
default = {};
type = types.submodule {
options = {
enable = mkEnableOption "imgur.xdg-open" // {
default = true;
};
browser = mkOption {
default = "${pkgs.coreutils}/bin/false";
type = types.str;
};
createPrefix = mkOption {
default = cfg.imgur.createUrl;
type = types.str;
};
deletePrefix = mkOption {
default = removeSuffix "/%1" cfg.imgur.deleteUrl;
type = types.str;
};
};
};
};
};
};
};
savePath = mkOption {
default = "/tmp";
type = types.absolute-pathname;
};
showDesktopNotification = mkOption {
default = false;
type = types.bool;
};
showHelp = mkOption {
default = false;
type = types.bool;
};
showSidePanelButton = mkOption {
default = false;
type = types.bool;
};
showStartupLaunchMessage = mkOption {
default = false;
type = types.bool;
};
timeout = mkOption {
default = 200;
description = ''
Maximum time in milliseconds allowed for the flameshot daemon to
react.
'';
type = types.positive;
};
};
};
};
hexchars = stringToCharacters "0123456789abcdef";
# Encode integer to C-escaped string of bytes, little endian / LSB 0
le = rec {
x1 = i: let
i0 = mod i 16;
i1 = i / 16;
in
"\\x${elemAt hexchars i1}${elemAt hexchars i0}";
x2 = i: let
i0 = mod i 256;
i1 = i / 256;
in
"${x1 i0}${x1 i1}";
x4 = i: let
i0 = mod i 65536;
i1 = i / 65536;
in
"${x2 i0}${x2 i1}";
};
toQList = t: xs:
assert t == "int";
"QList<${t}>${le.x4 0}${le.x4 (length xs)}${concatMapStrings le.x4 xs}";
XDG_CONFIG_HOME = pkgs.write "flameshot-config" {
"/flameshot/flameshot.ini".text =
toINI {} {
General = {
buttons = ''@Variant(\0\0\0\x7f\0\0\0\v${toQList "int" cfg.buttons})'';
disabledTrayIcon = cfg.disabledTrayIcon;
checkForUpdates = false;
copyAndCloseAfterUpload = cfg.copyAndCloseAfterUpload;
drawColor = cfg.drawColor;
drawThickness = cfg.drawThickness;
filenamePattern = cfg.filenamePattern;
savePath = cfg.savePath;
showDesktopNotification = cfg.showDesktopNotification;
showHelp = cfg.showHelp;
showSidePanelButton = cfg.showSidePanelButton;
showStartupLaunchMessage = cfg.showStartupLaunchMessage;
startupLaunch = false;
};
Shortcuts = {
TYPE_COPY = "Return";
};
};
};
in
pkgs.writeDash "flameshot.profile" ''
export FLAMESHOT_CAPTURE_PATH=${cfg.savePath}
export FLAMESHOT_ONCE_TIMEOUT=${toString cfg.timeout}
export XDG_CONFIG_HOME=${XDG_CONFIG_HOME}
${optionalString cfg.imgur.enable /* sh */ ''
export IMGUR_CREATE_URL=${shell.escape cfg.imgur.createUrl}
export IMGUR_DELETE_URL=${shell.escape cfg.imgur.deleteUrl}
${optionalString cfg.imgur.xdg-open.enable /* sh */ ''
PATH=$PATH:${makeBinPath [
(pkgs.writeDashBin "xdg-open" ''
set -efu
uri=$1
prefix=$(${pkgs.coreutils}/bin/dirname "$uri")
case $prefix in
(${shell.escape cfg.imgur.xdg-open.createPrefix})
echo "opening image in browser: $uri" >&2
exec ${config.imgur.xdg-open.browser} "$uri"
;;
(${shell.escape cfg.imgur.xdg-open.deletePrefix})
echo "deleting image: $uri" >&2
exec ${pkgs.curl}/bin/curl -fsS -X DELETE "$uri"
;;
(*)
echo "don't know how to open URI: $uri" >&2
exit 1
esac
'')
]}
''}
''}
''

9
krebs/5pkgs/simple/fzfmenu/default.nix
View File

@ -48,10 +48,11 @@ pkgs.writeDashBin "fzfmenu" ''
exec 4>&1
export FZFMENU_INPUT_FD=3
export FZFMENU_OUTPUT_FD=4
exec ${pkgs.rxvt-unicode}/bin/urxvt \
-name ${cfg.appName} \
-title ${shell.escape cfg.windowTitle} \
-e "$0" "$@"
exec ${pkgs.alacritty}/bin/alacritty \
--config-file /var/theme/config/alacritty.yaml \
--class ${cfg.appName} \
--title ${shell.escape cfg.windowTitle} \
--command "$0" "$@"
else
exec 0<&''${FZFMENU_INPUT_FD-0}
exec 1>&''${FZFMENU_OUTPUT_FD-1}

2
krebs/5pkgs/simple/htgen-imgur/default.nix
View File

@ -1,7 +1,7 @@
{ attr, coreutils, exiv2, findutils, gnugrep, jq, nix, stockholm, util-linux, stdenv }:
stdenv.mkDerivation rec {
pname = "htgen-imgur";
version = "1.0.0";
version = "1.2.0";
src = ./src;

2
krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur
View File

@ -99,7 +99,7 @@ case "$Method $path" in
if item=$(find_item $base32short); then
deletehash=$(uuidgen)
deletehash=$(uuidgen | tr -d -)
info=$(
exiv2 print "$item" |

107
krebs/5pkgs/simple/nixos-format-error.nix Normal file
View File

@ -0,0 +1,107 @@
{ pkgs }:
pkgs.writeGawkBin "nixos-format-error" ''
# usage: nixos-rebuild ... 2>&1 | nixos-format-error
function out() {
print
next
}
BEGIN {
IDLE = 0
ACTIVE = 1
PASSIVE = 2
ERROR = 3
start_state = IDLE
state = start_state
}
END {
if (trace_count)
for (i = trace_count - 1; i >= 0; i--)
print trace[i]
}
state == PASSIVE {
out()
}
state == IDLE {
if ($0 ~ /^building the system configuration\.\.\. ?$/) {
state = ACTIVE
}
out()
}
state == ACTIVE {
if ($1 ~ /(\[[0-9;]+m)?error:(\[[0-9;]m)?/) {
state = ERROR
sub(/^/,"\x1b[31;1m"); sub(/$/,"\x1b[m")
trace[trace_count++] = $0
"stty -F /dev/tty size" |& getline
COLUMNS = gensub(/.* ([0-9]+)$/, "\\1", "1")
next
}
if ($0 ~ /^these [0-9]+ derivations will be built:/) {
state = PASSIVE
}
if ($0 == "activating the configuration...") {
state = PASSIVE
}
out()
}
state == ERROR {
sub(/ $/, "")
gsub(/\[[0-9;]*m/, "")
if ($0 ~ /^\s*at /) {
location = gensub(/^\s*at (.*):$/,"\\1","1")
content = ""
lnumcol = gensub(/^.*:([0-9]+:[0-9]+)$/,"\\1","1",location)
lnum = gensub(/:.*/,"","1",lnumcol)
col = gensub(/.*:/,"","1",lnumcol)
next
}
if ($1 == lnum "|") {
content = gensub(/^\s*[0-9]+\|(.*)/,"\\1","1")
location = sprintf("%50s", location)
preview_size = COLUMNS - length(location " ")
prefix = gensub(/^\s*/,"","1",substr(content, 1, col))
infix = gensub(/^([0-9a-zA-Z]+|.).*$/, "\\1", "1", substr(content, col + 1))
suffix = substr(content, col + length(infix) + 1)
if (length(prefix infix suffix) > preview_size) {
n = (preview_size - length(infix)) / 2 - length(" ")
prefix = substr(prefix, length(prefix) - n + 1)
if (prefix != "") { prefix = "" prefix }
suffix = substr(suffix, 1, n)
if (suffix != "") { suffix = suffix "" }
}
preview = \
"\x1b[38;5;244m" prefix "\x1b[m" \
"\x1b[38;5;230m" infix "\x1b[m" \
"\x1b[38;5;244m" suffix "\x1b[m"
trace[trace_count++] = location " " preview
next
}
if ($0 == "") next
if ($0 ~ /^\s* (from|while)/) next
if ($0 ~ /^\s*([0-9]*)\|/) next
trace[trace_count++] = $0
next
}
''

64
krebs/5pkgs/simple/pager.nix
View File

@ -1,36 +1,40 @@
{ pkgs }:
pkgs.writeDashBin "pager" ''
# usage: pager {view,shift,shiftview}
#
# Environment variables
#
# PAGER_NAME (default: Pager)
# The environment variables specifies the application name under which
# resources are to be obtained. PAGER_NAME should not contain “.” or “*”
# characters.
#
set -efu
pkgs.symlinkJoin {
name = "pager-wrapper";
paths = [
(pkgs.writeDashBin "pager" ''
# usage: pager {view,shift,shiftview}
#
# Environment variables
#
# PAGER_NAME (default: Pager)
# The environment variables specifies the application name under
# which resources are to be obtained. PAGER_NAME should not contain
# “.” or “*” characters.
#
set -efu
pidfile=$XDG_RUNTIME_DIR/pager.lock
name=''${PAGER_NAME-Pager}
pidfile=$XDG_RUNTIME_DIR/pager.lock
name=''${PAGER_NAME-Pager}
if test -e "$pidfile" &&
${pkgs.procps}/bin/pgrep --pidfile="$pidfile" >/dev/null
then
${pkgs.procps}/bin/pkill --pidfile="$pidfile"
${pkgs.coreutils}/bin/rm "$pidfile"
exit
fi
if test -e "$pidfile" &&
${pkgs.procps}/bin/pgrep --pidfile="$pidfile" >/dev/null
then
${pkgs.procps}/bin/pkill --pidfile="$pidfile"
${pkgs.coreutils}/bin/rm "$pidfile"
exit
fi
echo $$ > "$pidfile"
echo $$ > "$pidfile"
exec ${pkgs.xterm}/bin/xterm \
-name "$name" \
-ti vt340 \
-xrm 'Pager*geometry: 32x10' \
-xrm 'Pager*internalBorder: 2' \
-xrm 'Pager*background: #050505' \
-xrm 'Pager*foreground: #d0d7d0' \
-e ${pkgs.haskellPackages.pager}/bin/pager "$@"
''
exec ${pkgs.xterm}/bin/xterm \
-name "$name" \
-ti vt340 \
-xrm '*geometry: 32x10' \
-xrm '*internalBorder: 2' \
-e ${pkgs.haskellPackages.pager}/bin/pager "$@"
'')
pkgs.haskellPackages.pager
];
}

15
krebs/5pkgs/simple/xwaitforwindow.nix
View File

@ -1,15 +0,0 @@
{ writeDashBin, xdotool, xorg }:
writeDashBin "xwaitforwindow" ''
# usage: xwaitforwindow ARGS
# see xdotool search for possible ARGS
# example: xwaitforwindow -name WINDOWNAME
set -efu
if id=$(${xdotool}/bin/xdotool search "$@"); then
printf 'waiting for window %#x\n' "$id" >&2
exec ${xorg.xprop}/bin/xprop -spy -id "$id" >/dev/null
else
printf 'no window found with xdotool search %s\n' "$*" >&2
exit 1
fi
''

6
lass/1systems/aergia/config.nix
View File

@ -26,6 +26,7 @@
<stockholm/lass/2configs/dunst.nix>
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/c-base.nix>
];
system.stateVersion = "22.11";
@ -47,11 +48,6 @@
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
lass.browser.config = {
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; };
};
nix.trustedUsers = [ "root" "lass" ];
# nix.extraOptions = ''

73
lass/1systems/aergia/physical.nix
View File

@ -3,6 +3,7 @@
imports = [
./config.nix
(modulesPath + "/installer/scan/not-detected.nix")
<stockholm/lass/2configs/antimicrox>
];
disko.devices = import ./disk.nix;
@ -20,15 +21,41 @@
boot.kernelParams = [
# Enable energy savings during sleep
"mem_sleep_default=deep"
"initcall_blacklist=acpi_cpufreq_init"
# use less power with pstate
"amd_pstate=passive"
# for ryzenadj -i
"iomem=relaxed"
# suspend
"resume_offset=178345675"
];
# Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
# On recent AMD CPUs this can be more energy efficient.
boot.kernelModules = [ "amd-pstate" "kvm-amd" ];
boot.kernelModules = [
# Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html
# On recent AMD CPUs this can be more energy efficient.
"amd-pstate"
"kvm-amd"
# needed for zenstates
"msr"
# zenpower
"zenpower"
];
boot.extraModulePackages = [
(config.boot.kernelPackages.zenpower.overrideAttrs (old: {
src = pkgs.fetchFromGitea {
domain = "git.exozy.me";
owner = "a";
repo = "zenpower3";
rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f";
hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI=";
};
}))
];
# hardware.cpu.amd.updateMicrocode = true;
@ -36,7 +63,16 @@
"amdgpu"
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"thunderbolt"
"xhci_pci"
"usbhid"
];
boot.initrd.kernelModules = [
"amdgpu"
];
environment.systemPackages = [
pkgs.vulkan-tools
@ -54,7 +90,13 @@
hardware.video.hidpi.enable = lib.mkDefault true;
# corectrl
programs.corectrl.enable = true;
programs.corectrl = {
enable = true;
gpuOverclock = {
enable = true;
ppfeaturemask = "0xffffffff";
};
};
users.users.mainUser.extraGroups = [ "corectrl" ];
# use newer ryzenadj
@ -72,7 +114,7 @@
# keyboard quirks
services.xserver.displayManager.sessionCommands = ''
xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert
'';
services.udev.extraHwdb = /* sh */ ''
# disable back buttons
@ -82,5 +124,20 @@
'';
# ignore power key
services.logind.extraConfig = "HandlePowerKey=ignore";
# update cpu microcode
hardware.cpu.amd.updateMicrocode = true;
# suspend to disk
swapDevices = [{
device = "/swapfile";
}];
boot.resumeDevice = "/dev/mapper/aergia1";
services.logind.lidSwitch = "suspend-then-hibernate";
services.logind.extraConfig = ''
HandlePowerKey=hibernate
'';
# firefox touchscreen support
environment.sessionVariables.MOZ_USE_XINPUT2 = "1";
}

6
lass/1systems/coaxmetal/config.nix
View File

@ -54,12 +54,6 @@
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
lass.browser.config = {
dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
};
nix.trustedUsers = [ "root" "lass" ];
services.tor = {

1
lass/1systems/green/config.nix
View File

@ -35,6 +35,7 @@ with import <stockholm/lib>;
systemd.tmpfiles.rules = [
"d /home/lass/.local/share 0700 lass users -"
"d /home/lass/.local 0700 lass users -"
"d /home/lass/.config 0700 lass users -"
"d /var/state/lass_mail 0700 lass users -"
"L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"

5
lass/1systems/lasspi/config.nix
View File

@ -1,4 +1,3 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
let
in
@ -18,9 +17,9 @@ in
};
environment.systemPackages = with pkgs; [
vim
rxvt_unicode.terminfo
rxvt-unicode-unwrapped.terminfo
];
services.openssh.enable = true;
system.stateVersion = "21.05";
system.stateVersion = "22.05";
}

21
lass/1systems/lasspi/physical.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{
# This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec
# The image used https://hydra.nixos.org/build/134720986
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./config.nix
];
boot = {
# kernelPackages = pkgs.linuxPackages_rpi4;
tmpOnTmpfs = true;
initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ];
# ttyAMA0 is the serial console broken out to the GPIO
kernelParams = [
"8250.nr_uarts=1"
@ -20,19 +19,23 @@
];
};
boot.loader.raspberryPi = {
enable = true;
version = 4;
};
# boot.loader.raspberryPi = {
# enable = true;
# version = 4;
# # uboot.enable = true;
# };
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
# Required for the Wireless firmware
hardware.enableRedistributableFirmware = true;
networking.interfaces.eth0.useDHCP = true;
# Assuming this is installed on top of the disk image.
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
options = [ "noatime" ];
};

11
lass/1systems/neoprism/config.nix
View File

@ -7,12 +7,19 @@
# sync-containers
<stockholm/lass/2configs/consul.nix>
<stockholm/lass/2configs/yellow-host.nix>
<stockholm/lass/2configs/radio/container-host.nix>
<stockholm/lass/2configs/services/flix/container-host.nix>
<stockholm/lass/2configs/services/radio/container-host.nix>
<stockholm/lass/2configs/ubik-host.nix>
<stockholm/lass/2configs/orange-host.nix>
<stockholm/krebs/2configs/hotdog-host.nix>
# other containers
<stockholm/lass/2configs/riot.nix>
# proxying of services
<stockholm/lass/2configs/services/radio/proxy.nix>
<stockholm/lass/2configs/services/flix/proxy.nix>
<stockholm/lass/2configs/services/coms/proxy.nix>
];
krebs.build.host = config.krebs.hosts.neoprism;

1
lass/1systems/orange/config.nix
View File

@ -5,6 +5,7 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/mumble-reminder.nix>
];
krebs.build.host = config.krebs.hosts.orange;

5
lass/1systems/prism/config.nix
View File

@ -134,10 +134,9 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/services/coms/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
<stockholm/lass/2configs/mumble-reminder.nix>
<stockholm/krebs/2configs/mastodon-proxy.nix>
{
services.tor = {
@ -281,7 +280,7 @@ with import <stockholm/lib>;
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; }
];
}
<stockholm/lass/2configs/murmur.nix>
<stockholm/lass/2configs/services/coms/murmur.nix>
<stockholm/lass/2configs/docker.nix>
{
systemd.services."container@yellow".reloadIfChanged = mkForce false;

2
lass/1systems/radio/config.nix
View File

@ -7,7 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/radio>
<stockholm/lass/2configs/services/radio>
];
krebs.build.host = config.krebs.hosts.radio;

330
lass/1systems/yellow/config.nix
View File

@ -5,6 +5,7 @@ in {
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/services/flix>
];
krebs.build.host = config.krebs.hosts.yellow;
@ -14,281 +15,8 @@ in {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
};
users.groups.download.members = [ "transmission" ];
networking.useHostResolvConf = false;
networking.useNetworkd = true;
services.transmission = {
enable = true;
home = "/var/state/transmission";
group = "download";
downloadDirPermissions = "775";
settings = {
download-dir = "/var/download/transmission";
incomplete-dir-enabled = false;
rpc-bind-address = "::";
message-level = 1;
umask = 18;
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
};
};
security.acme.defaults.email = "spam@krebsco.de";
security.acme.acceptTerms = true;
security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL;
services.nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [
fancyindex
];
};
virtualHosts."yellow.r" = {
default = true;
enableACME = true;
addSSL = true;
locations."/" = {
root = "/var/download";
extraConfig = ''
fancyindex on;
fancyindex_footer "/fancy.html";
include ${pkgs.nginx}/conf/mime.types;
include ${pkgs.writeText "extrMime" ''
types {
video/webm mkv;
}
''};
create_full_put_path on;
'';
};
locations."/chatty" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
rewrite /chatty/(.*) /$1 break;
proxy_set_header Host $host;
'';
};
locations."= /fancy.html".extraConfig = ''
alias ${pkgs.writeText "nginx_footer" ''
<div id="mydiv">
<!-- Include a header DIV with the same name as the draggable DIV, followed by "header" -->
<div id="mydivheader">Click here to move</div>
<iframe src="/chatty/index.html"></iframe>
</div>
<style>
#mydiv {
position: absolute;
z-index: 9;
background-color: #f1f1f1;
border: 1px solid #d3d3d3;
text-align: center;
}
#mydivheader {
padding: 10px;
cursor: move;
z-index: 10;
background-color: #2196F3;
color: #fff;
}
</style>
<script>
// Make the DIV element draggable:
dragElement(document.getElementById("mydiv"));
function dragElement(elmnt) {
var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0;
if (document.getElementById(elmnt.id + "header")) {
// if present, the header is where you move the DIV from:
document.getElementById(elmnt.id + "header").onmousedown = dragMouseDown;
} else {
// otherwise, move the DIV from anywhere inside the DIV:
elmnt.onmousedown = dragMouseDown;
}
function dragMouseDown(e) {
e = e || window.event;
e.preventDefault();
// get the mouse cursor position at startup:
pos3 = e.clientX;
pos4 = e.clientY;
document.onmouseup = closeDragElement;
// call a function whenever the cursor moves:
document.onmousemove = elementDrag;
}
function elementDrag(e) {
e = e || window.event;
e.preventDefault();
// calculate the new cursor position:
pos1 = pos3 - e.clientX;
pos2 = pos4 - e.clientY;
pos3 = e.clientX;
pos4 = e.clientY;
// set the element's new position:
elmnt.style.top = (elmnt.offsetTop - pos2) + "px";
elmnt.style.left = (elmnt.offsetLeft - pos1) + "px";
}
function closeDragElement() {
// stop moving when mouse button is released:
document.onmouseup = null;
document.onmousemove = null;
}
}
</script>
''};
'';
};
virtualHosts."jelly.r" = {
enableACME = true;
addSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:8096/;
proxy_set_header Accept-Encoding "";
'';
};
virtualHosts."transmission.r" = {
enableACME = true;
addSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:9091/;
proxy_set_header Accept-Encoding "";
'';
};
virtualHosts."radar.r" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:7878";
};
};
virtualHosts."sonar.r" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:8989";
};
};
};
services.samba = {
enable = true;
enableNmbd = false;
extraConfig = ''
workgroup = WORKGROUP
server string = ${config.networking.hostName}
# only allow retiolum addresses
hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16
# Use sendfile() for performance gain
use sendfile = true
# No NetBIOS is needed
disable netbios = true
# Only mangle non-valid NTFS names, don't care about DOS support
mangled names = illegal
# Performance optimizations
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
# Disable all printing
load printers = false
disable spoolss = true
printcap name = /dev/null
map to guest = Bad User
max log size = 50
dns proxy = no
security = user
[global]
syslog only = yes
'';
shares.public = {
comment = "Warez";
path = "/var/download";
public = "yes";
"only guest" = "yes";
"create mask" = "0644";
"directory mask" = "2777";
writable = "no";
printable = "no";
};
};
systemd.services.bruellwuerfel =
let
bruellwuerfelSrc = pkgs.fetchFromGitHub {
owner = "krebs";
repo = "bruellwuerfel";
rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015";
sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd";
};
in {
wantedBy = [ "multi-user.target" ];
environment = {
IRC_CHANNEL = "#flix";
IRC_NICK = "bruelli";
IRC_SERVER = "irc.r";
IRC_HISTORY_FILE = "/tmp/bruelli.history";
};
serviceConfig = {
ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts";
};
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
{ predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr
{ predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr
{ predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr
{ predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr
# smbd
{ predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
tables.filter.OUTPUT = {
policy = "DROP";
rules = [
{ predicate = "-o lo"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
{ predicate = "-o tun0"; target = "ACCEPT"; }
{ predicate = "-o retiolum"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
{ v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
];
};
};
services.openvpn.servers.nordvpn.config = ''
client
@ -375,49 +103,19 @@ in {
</tls-auth>
'';
systemd.services.flix-index = {
wantedBy = [ "multi-user.target" ];
path = [
pkgs.coreutils
pkgs.findutils
pkgs.inotify-tools
];
serviceConfig = {
Restart = "always";
ExecStart = pkgs.writers.writeDash "flix-index" ''
set -efu
DIR=/var/download
cd "$DIR"
while inotifywait -rq -e create -e move -e delete "$DIR"; do
find . -type f > "$DIR"/index.tmp
mv "$DIR"/index.tmp "$DIR"/index
done
'';
krebs.iptables = {
enable = true;
tables.filter.OUTPUT = {
policy = "DROP";
rules = [
{ predicate = "-o lo"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
{ predicate = "-o tun0"; target = "ACCEPT"; }
{ predicate = "-o retiolum"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
{ v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
];
};
};
services.jellyfin = {
enable = true;
group = "download";
};
services.radarr = {
enable = true;
group = "download";
};
services.sonarr = {
enable = true;
group = "download";
};
services.prowlarr = {
enable = true;
};
services.bazarr = {
enable = true;
group = "download";
};
}

33
lass/2configs/antimicrox/default.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
systemd.services.antimicrox = {
wantedBy = [ "multi-user.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
User = config.users.users.mainUser.name;
ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state");
ExecStart = "${pkgs.antimicrox}/bin/antimicrox --no-tray --hidden --profile ${./mouse.amgp}";
};
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "gamepad_mouse_disable" ''
echo 1 > /tmp/gamepad.state
${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.amgp}
'')
(pkgs.writers.writeDashBin "gamepad_mouse_enable" ''
echo 0 > /tmp/gamepad.state
${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.amgp}
'')
(pkgs.writers.writeDashBin "gamepad_mouse_toggle" ''
state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state)
if [ "$state" = 1 ]; then
/run/current-system/sw/bin/gamepad_mouse_enable
else
/run/current-system/sw/bin/gamepad_mouse_disable
fi
'')
];
}

20
lass/2configs/antimicrox/empty.amgp Normal file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<gamecontroller configversion="19" appversion="3.3.2">
<!--The SDL name for a joystick is included for informational purposes only.-->
<sdlname>XInput Controller</sdlname>
<!--The Unique ID for a joystick is included for informational purposes only.-->
<uniqueID>030000005e0400008e020000010100001118654</uniqueID>
<stickAxisAssociation index="2" xAxis="3" yAxis="4"/>
<stickAxisAssociation index="1" xAxis="1" yAxis="2"/>
<vdpadButtonAssociations index="1">
<vdpadButtonAssociation axis="0" button="12" direction="1"/>
<vdpadButtonAssociation axis="0" button="13" direction="4"/>
<vdpadButtonAssociation axis="0" button="14" direction="8"/>
<vdpadButtonAssociation axis="0" button="15" direction="2"/>
</vdpadButtonAssociations>
<names>
<controlstickname index="2">R Stick</controlstickname>
<controlstickname index="1">L Stick</controlstickname>
</names>
<sets/>
</gamecontroller>

272
lass/2configs/antimicrox/mouse.amgp Normal file
View File

@ -0,0 +1,272 @@
<?xml version="1.0" encoding="UTF-8"?>
<gamecontroller configversion="19" appversion="3.3.2">
<!--The SDL name for a joystick is included for informational purposes only.-->
<sdlname>XInput Controller</sdlname>
<!--The Unique ID for a joystick is included for informational purposes only.-->
<uniqueID>030000005e0400008e020000010100001118654</uniqueID>
<stickAxisAssociation index="2" xAxis="3" yAxis="4"/>
<stickAxisAssociation index="1" xAxis="1" yAxis="2"/>
<vdpadButtonAssociations index="1">
<vdpadButtonAssociation axis="0" button="12" direction="1"/>
<vdpadButtonAssociation axis="0" button="13" direction="4"/>
<vdpadButtonAssociation axis="0" button="14" direction="8"/>
<vdpadButtonAssociation axis="0" button="15" direction="2"/>
</vdpadButtonAssociations>
<names>
<controlstickname index="2">Stick 2</controlstickname>
<controlstickname index="1">Stick 1</controlstickname>
</names>
<sets>
<set index="1">
<stick index="2">
<deadZone>1</deadZone>
<maxZone>29501</maxZone>
<modifierZone>1412</modifierZone>
<diagonalRange>90</diagonalRange>
<stickbutton index="7">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
<accelerationmultiplier>4</accelerationmultiplier>
<startaccelmultiplier>20</startaccelmultiplier>
<minaccelthreshold>3</minaccelthreshold>
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
<slots>
<slot>
<code>3</code>
<mode>mousemovement</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="6">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
</stickbutton>
<stickbutton index="5">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
<accelerationmultiplier>4</accelerationmultiplier>
<startaccelmultiplier>20</startaccelmultiplier>
<minaccelthreshold>3</minaccelthreshold>
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
<slots>
<slot>
<code>2</code>
<mode>mousemovement</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="4">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
</stickbutton>
<stickbutton index="3">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
<accelerationmultiplier>4</accelerationmultiplier>
<startaccelmultiplier>20</startaccelmultiplier>
<minaccelthreshold>3</minaccelthreshold>
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
<slots>
<slot>
<code>4</code>
<mode>mousemovement</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="2">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
</stickbutton>
<stickbutton index="1">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
<accelerationmultiplier>4</accelerationmultiplier>
<startaccelmultiplier>20</startaccelmultiplier>
<minaccelthreshold>3</minaccelthreshold>
<extraaccelerationcurve>easeoutquad</extraaccelerationcurve>
<slots>
<slot>
<code>1</code>
<mode>mousemovement</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="8">
<mousespeedx>74</mousespeedx>
<mousespeedy>74</mousespeedy>
</stickbutton>
</stick>
<stick index="1">
<deadZone>2578</deadZone>
<maxZone>30799</maxZone>
<stickbutton index="7">
<mouseacceleration>linear</mouseacceleration>
<slots>
<slot>
<code>6</code>
<mode>mousebutton</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="6">
<mouseacceleration>linear</mouseacceleration>
</stickbutton>
<stickbutton index="5">
<mouseacceleration>linear</mouseacceleration>
<slots>
<slot>
<code>5</code>
<mode>mousebutton</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="4">
<mouseacceleration>linear</mouseacceleration>
</stickbutton>
<stickbutton index="3">
<mouseacceleration>linear</mouseacceleration>
<slots>
<slot>
<code>7</code>
<mode>mousebutton</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="2">
<mouseacceleration>linear</mouseacceleration>
</stickbutton>
<stickbutton index="1">
<mouseacceleration>linear</mouseacceleration>
<slots>
<slot>
<code>4</code>
<mode>mousebutton</mode>
</slot>
</slots>
</stickbutton>
<stickbutton index="8">
<mouseacceleration>linear</mouseacceleration>
</stickbutton>
</stick>
<dpad index="1">
<dpadbutton index="6">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
</dpadbutton>
<dpadbutton index="4">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
<slots>
<slot>
<code>0x1000017</code>
<mode>keyboard</mode>
</slot>
</slots>
</dpadbutton>
<dpadbutton index="3">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
</dpadbutton>
<dpadbutton index="2">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
<slots>
<slot>
<code>0x1000011</code>
<mode>keyboard</mode>
</slot>
</slots>
</dpadbutton>
<dpadbutton index="1">
<wheelspeedx>10</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
<slots>
<slot>
<code>0x1000016</code>
<mode>keyboard</mode>
</slot>
</slots>
</dpadbutton>
<dpadbutton index="12">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
</dpadbutton>
<dpadbutton index="9">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
</dpadbutton>
<dpadbutton index="8">
<wheelspeedx>2</wheelspeedx>
<wheelspeedy>10</wheelspeedy>
<slots>
<slot>
<code>0x1000010</code>
<mode>keyboard</mode>
</slot>
</slots>
</dpadbutton>
</dpad>
<trigger index="6">
<deadZone>2000</deadZone>
<throttle>positivehalf</throttle>
<triggerbutton index="1">
<mousespeedx>100</mousespeedx>
<mousespeedy>100</mousespeedy>
</triggerbutton>
<triggerbutton index="2">
<mousespeedx>100</mousespeedx>
<mousespeedy>100</mousespeedy>
<slots>
<slot>
<code>250</code>
<mode>mousespeedmod</mode>
</slot>
</slots>
</triggerbutton>
</trigger>
<trigger index="5">
<throttle>positivehalf</throttle>
</trigger>
<button index="11">
<slots>
<slot>
<code>1</code>
<mode>mousebutton</mode>
</slot>
</slots>
</button>
<button index="5">
<slots>
<slot>
<code>1</code>
<mode>mousebutton</mode>
</slot>
</slots>
</button>
<button index="3">
<slots>
<slot>
<code>2</code>
<mode>mousebutton</mode>
</slot>
</slots>
</button>
<button index="2">
<slots>
<slot>
<code>3</code>
<mode>mousebutton</mode>
</slot>
</slots>
</button>
<button index="1">
<slots>
<slot>
<code>1</code>
<mode>mousebutton</mode>
</slot>
</slots>
</button>
</set>
</sets>
</gamecontroller>

4
lass/2configs/baseX.nix
View File

@ -91,11 +91,11 @@ in {
xorg.xhost
xsel
zathura
flameshot-once
flameshot
(pkgs.writeDashBin "screenshot" ''
set -efu
${pkgs.flameshot-once}/bin/flameshot-once
${pkgs.flameshot}/bin/flameshot gui
${pkgs.klem}/bin/klem
'')
];

14
lass/2configs/browsers.nix
View File

@ -1,12 +1,8 @@
{ config, lib, pkgs, ... }:
{
lass.browser.config = {
cr = { groups = [ "audio" "video" ]; precedence = 9; };
};
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
];
};
programs.firefox.nativeMessagingHosts.tridactyl = true;
environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox";
environment.systemPackages = [
pkgs.firefox
];
}

24
lass/2configs/jitsi.nix
View File

@ -1,24 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.jitsi-meet = {
enable = true;
hostName = "jitsi.lassul.us";
config = {
enableWelcomePage = true;
requireDisplayName = true;
analytics.disabled = true;
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
DISABLE_PRESENCE_STATUS = true;
GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false;
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
];
}

6
lass/2configs/mail.nix
View File

@ -92,8 +92,6 @@ let
tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
${pkgs.notmuch}/bin/notmuch new
${lib.concatMapStringsSep "\n" (i: ''
'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
${lib.concatMapStringsSep "\n" (i: ''
mkdir -p "$HOME/Maildir/.${i.name}/cur"
for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do
@ -186,7 +184,9 @@ let
"<enter-command>unset wait_key<enter> \
<shell-escape>${pkgs.writeDash "muchsync" ''
set -efu
${pkgs.muchsync}/bin/muchsync -F lass@green.r
until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do
sleep 1
done
''}<enter> \
'run muchsync to green.r'

6
lass/2configs/mumble-reminder.nix
View File

@ -23,7 +23,7 @@
Kois
Faulaffen
Schraubenziegen
Nachtigalle
Nachtigallen
Okapis
Stachelschweine
Kurzschwanzkängurus
@ -49,7 +49,7 @@
pattern = "^nerv nicht$";
activate = "match";
command = {
filename = pkgs.writeDash "add_remind" ''
filename = pkgs.writeDash "del_remind" ''
${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users
echo "okok, Ich werde $_from nich mehr errinern"
'';
@ -80,7 +80,7 @@ in {
};
systemd.services.mumble-reminder-nixos = {
description = "weekly reminder for nixos mumble";
startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
startAt = "Thu *-*-* 17:00:00 Europe/Berlin";
serviceConfig = {
ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
animals='

42
lass/2configs/murmur.nix
View File

@ -1,42 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.murmur = {
enable = true;
allowHtml = false;
bandwidth = 10000000;
registerName = "lassul.us";
autobanTime = 30;
sslCert = "/var/lib/acme/lassul.us/cert.pem";
sslKey = "/var/lib/acme/lassul.us/key.pem";
};
users.groups.lasscert.members = [
"murmur"
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
{ predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
systemd.services.docker-mumble-web.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
virtualisation.oci-containers.containers.mumble-web = {
image = "rankenstein/mumble-web:0.5";
environment = {
MUMBLE_SERVER = "lassul.us:64738";
};
ports = [
"64739:8080"
];
};
services.nginx.virtualHosts."mumble.lassul.us" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:64739";
proxyWebsockets = true;
};
};
}

14
lass/2configs/print.nix
View File

@ -6,5 +6,19 @@
pkgs.foomatic-filters
pkgs.gutenprint
];
browsing = true;
browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
};
services.avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
};
}

6
lass/2configs/services/coms/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./jitsi.nix
./murmur.nix
];
}

43
lass/2configs/services/coms/jitsi.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, pkgs, ... }:
{
services.jitsi-meet = {
enable = true;
hostName = "jitsi.lassul.us";
config = {
enableWelcomePage = true;
requireDisplayName = true;
analytics.disabled = true;
startAudioOnly = true;
channelLastN = 4;
stunServers = [
# - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/
{ urls = "turn:turn.matrix.org:3478?transport=udp"; }
{ urls = "turn:turn.matrix.org:3478?transport=tcp"; }
# - services.coturn:
#{ urls = "turn:turn.${domainName}:3479?transport=udp"; }
#{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }
];
constraints.video.height = {
ideal = 720;
max = 1080;
min = 240;
};
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
DISABLE_PRESENCE_STATUS = true;
GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false;
};
};
services.jitsi-videobridge.config = {
org.jitsi.videobridge.TRUST_BWE = false;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
];
}

47
lass/2configs/services/coms/murmur.nix Normal file
View File

@ -0,0 +1,47 @@
{ config, lib, pkgs, ... }:
{
services.murmur = {
enable = true;
# allowHtml = false;
bandwidth = 10000000;
registerName = "lassul.us";
autobanTime = 30;
sslCert = "/var/lib/acme/lassul.us/cert.pem";
sslKey = "/var/lib/acme/lassul.us/key.pem";
extraConfig = ''
opusthreshold=0
# rememberchannelduration=10000
'';
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
{ predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
# services.botamusique = {
# enable = true;
# settings = {
# server.host = "lassul.us";
# bot.auto_check_updates = false;
# bot.max_track_duration = 360;
# webinterface.enabled = true;
# };
# };
services.nginx.virtualHosts."lassul.us" = {
enableACME = true;
};
security.acme.certs."lassul.us" = {
group = "lasscert";
};
users.groups.lasscert.members = [
"nginx"
"murmur"
];
# services.nginx.virtualHosts."bota.r" = {
# locations."/" = {
# proxyPass = "http://localhost:8181";
# };
# };
}

41
lass/2configs/services/coms/proxy.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let
tcpports = [
4443 # jitsi
64738 # murmur
];
udpports = [
10000 # jitsi
64738 # murmur
];
target = "orange.r";
in
{
networking.firewall.allowedTCPPorts = tcpports;
networking.firewall.allowedUDPPorts = udpports;
services.nginx.streamConfig = ''
${lib.concatMapStringsSep "\n" (port: ''
server {
listen ${toString port};
proxy_pass ${target}:${toString port};
}
'') tcpports}
${lib.concatMapStringsSep "\n" (port: ''
server {
listen ${toString port} udp;
proxy_pass ${target}:${toString port};
}
'') udpports}
'';
services.nginx.virtualHosts."jitsi.lassul.us" = {
enableACME = true;
acmeFallbackHost = "${target}";
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://${target}";
};
};
}

40
lass/2configs/services/flix/container-host.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
krebs.sync-containers3.containers.yellow = {
sshKey = "${toString <secrets>}/yellow.sync.key";
};
containers.yellow.bindMounts."/var/lib" = {
hostPath = "/var/lib/sync-containers3/yellow/state";
isReadOnly = false;
};
containers.yellow.bindMounts."/var/download" = {
hostPath = "/var/download";
isReadOnly = false;
};
# krebs.iptables.tables.filter.FORWARD.rules = [
# { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; }
# { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; }
# ];
# krebs.iptables.tables.nat.PREROUTING.rules = [
# { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; }
# { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; }
# ];
networking.firewall.allowedTCPPorts = [ 8096 8920 ];
networking.firewall.allowedUDPPorts = [ 1900 7359 ];
containers.yellow.forwardPorts = [
{ hostPort = 8096; containerPort = 8096; protocol = "tcp"; }
{ hostPort = 8920; containerPort = 8920; protocol = "tcp"; }
{ hostPort = 1900; containerPort = 1900; protocol = "udp"; }
{ hostPort = 7359; containerPort = 7359; protocol = "udp"; }
];
services.nginx.virtualHosts."flix.lassul.us" = {
# forceSSL = true;
# enableACME = true;
locations."/" = {
proxyPass = "http://yellow.r:8096";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
}

316
lass/2configs/services/flix/default.nix Normal file
View File

@ -0,0 +1,316 @@
{ config, lib, pkgs, ... }:
{
users.groups.download.members = [ "transmission" ];
services.transmission = {
enable = true;
home = "/var/state/transmission";
group = "download";
downloadDirPermissions = "775";
settings = {
download-dir = "/var/download/transmission";
incomplete-dir-enabled = false;
rpc-bind-address = "::";
message-level = 1;
umask = 18;
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
};
};
security.acme.defaults.email = "spam@krebsco.de";
security.acme.acceptTerms = true;
security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL;
services.nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [
fancyindex
];
};
virtualHosts."yellow.r" = {
default = true;
enableACME = true;
addSSL = true;
locations."/" = {
root = "/var/download";
extraConfig = ''
fancyindex on;
fancyindex_footer "/fancy.html";
include ${pkgs.nginx}/conf/mime.types;
include ${pkgs.writeText "extrMime" ''
types {
video/webm mkv;
}
''};
create_full_put_path on;
'';
};
locations."/chatty" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
rewrite /chatty/(.*) /$1 break;
proxy_set_header Host $host;
'';
};
locations."= /fancy.html".extraConfig = ''
alias ${pkgs.writeText "nginx_footer" ''
<div id="mydiv">
<!-- Include a header DIV with the same name as the draggable DIV, followed by "header" -->
<div id="mydivheader">Click here to move</div>
<iframe src="/chatty/index.html"></iframe>
</div>
<style>
#mydiv {
position: absolute;
z-index: 9;
background-color: #f1f1f1;
border: 1px solid #d3d3d3;
text-align: center;
}
#mydivheader {
padding: 10px;
cursor: move;
z-index: 10;
background-color: #2196F3;
color: #fff;
}
</style>
<script>
// Make the DIV element draggable:
dragElement(document.getElementById("mydiv"));
function dragElement(elmnt) {
var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0;
if (document.getElementById(elmnt.id + "header")) {
// if present, the header is where you move the DIV from:
document.getElementById(elmnt.id + "header").onmousedown = dragMouseDown;
} else {
// otherwise, move the DIV from anywhere inside the DIV:
elmnt.onmousedown = dragMouseDown;
}
function dragMouseDown(e) {
e = e || window.event;
e.preventDefault();
// get the mouse cursor position at startup:
pos3 = e.clientX;
pos4 = e.clientY;
document.onmouseup = closeDragElement;
// call a function whenever the cursor moves:
document.onmousemove = elementDrag;
}
function elementDrag(e) {
e = e || window.event;
e.preventDefault();
// calculate the new cursor position:
pos1 = pos3 - e.clientX;
pos2 = pos4 - e.clientY;
pos3 = e.clientX;
pos4 = e.clientY;
// set the element's new position:
elmnt.style.top = (elmnt.offsetTop - pos2) + "px";
elmnt.style.left = (elmnt.offsetLeft - pos1) + "px";
}
function closeDragElement() {
// stop moving when mouse button is released:
document.onmouseup = null;
document.onmousemove = null;
}
}
</script>
''};
'';
};
virtualHosts."jelly.r" = {
enableACME = true;
addSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:8096/;
proxy_set_header Accept-Encoding "";
'';
};
virtualHosts."transmission.r" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:9091";
};
};
virtualHosts."radar.r" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:7878";
};
};
virtualHosts."sonar.r" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:8989";
};
};
};
services.samba = {
enable = true;
enableNmbd = false;
extraConfig = ''
workgroup = WORKGROUP
server string = ${config.networking.hostName}
# only allow retiolum addresses
hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16
# Use sendfile() for performance gain
use sendfile = true
# No NetBIOS is needed
disable netbios = true
# Only mangle non-valid NTFS names, don't care about DOS support
mangled names = illegal
# Performance optimizations
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
# Disable all printing
load printers = false
disable spoolss = true
printcap name = /dev/null
map to guest = Bad User
max log size = 50
dns proxy = no
security = user
[global]
syslog only = yes
'';
shares.public = {
comment = "Warez";
path = "/var/download";
public = "yes";
"only guest" = "yes";
"create mask" = "0644";
"directory mask" = "2777";
writable = "no";
printable = "no";
};
};
systemd.services.bruellwuerfel =
let
bruellwuerfelSrc = pkgs.fetchFromGitHub {
owner = "krebs";
repo = "bruellwuerfel";
rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015";
sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd";
};
in {
wantedBy = [ "multi-user.target" ];
environment = {
IRC_CHANNEL = "#flix";
IRC_NICK = "bruelli";
IRC_SERVER = "irc.r";
IRC_HISTORY_FILE = "/tmp/bruelli.history";
};
serviceConfig = {
ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts";
};
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
{ predicate = "-p tcp --dport 8920"; target = "ACCEPT"; } # jellyfin
{ predicate = "-p udp --dport 1900"; target = "ACCEPT"; } # jellyfin
{ predicate = "-p udp --dport 7359"; target = "ACCEPT"; } # jellyfin
{ predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr
{ predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr
{ predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr
{ predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr
# smbd
{ predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
};
systemd.services.flix-index = {
wantedBy = [ "multi-user.target" ];
path = [
pkgs.coreutils
pkgs.findutils
pkgs.inotify-tools
];
serviceConfig = {
Restart = "always";
ExecStart = pkgs.writers.writeDash "flix-index" ''
set -efu
DIR=/var/download
cd "$DIR"
while inotifywait -rq -e create -e move -e delete "$DIR"; do
find . -type f > "$DIR"/index.tmp
mv "$DIR"/index.tmp "$DIR"/index
done
'';
};
};
services.jellyfin = {
enable = true;
group = "download";
};
# movies
services.radarr = {
enable = true;
group = "download";
};
# shows
services.sonarr = {
enable = true;
group = "download";
};
# indexers
services.prowlarr = {
enable = true;
};
# subtitles
services.bazarr = {
enable = true;
group = "download";
};
}

12
lass/2configs/services/flix/proxy.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
services.nginx.virtualHosts."flix.lassul.us" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://yellow.r:8096";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
}

0
lass/2configs/radio/container-host.nix → lass/2configs/services/radio/container-host.nix
View File

0
lass/2configs/radio/controls.html → lass/2configs/services/radio/controls.html
View File

0
lass/2configs/radio/default.nix → lass/2configs/services/radio/default.nix
View File

0
lass/2configs/radio/news.nix → lass/2configs/services/radio/news.nix
View File

17
lass/2configs/services/radio/proxy.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.nginx.virtualHosts."radio.lassul.us" = {
enableACME = true;
addSSL = true;
locations."/" = {
# recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://radio.r";
extraConfig = ''
proxy_set_header Host radio.r;
# get source ip for weather reports
proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
'';
};
};
}

0
lass/2configs/radio/radio.liq → lass/2configs/services/radio/radio.liq
View File

0
lass/2configs/radio/shell.nix → lass/2configs/services/radio/shell.nix
View File

0
lass/2configs/radio/weather.nix → lass/2configs/services/radio/weather.nix
View File

0
lass/2configs/radio/weather_for_ips.py → lass/2configs/services/radio/weather_for_ips.py
View File

26
lass/2configs/xdg-open.nix
View File

@ -1,12 +1,13 @@
{ config, pkgs, lib, ... }: with import <stockholm/lib>; let
xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
/run/wrappers/bin/sudo -u lass ${xdg-open} "$@"
exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1
'';
xdg-open = pkgs.writeBash "xdg-open" ''
set -e
xdg-open = pkgs.writeBashBin "xdg-open" ''
set -xe
FILE="$1"
PATH=/run/current-system/sw/bin
mime=
case "$FILE" in
@ -35,15 +36,13 @@
case "$mime" in
special/mailaddress)
urxvtc --execute vim "$FILE" ;;
${optionalString (hasAttr "browser" config.lass) ''
alacritty --execute vim "$FILE" ;;
text/html)
${config.lass.browser.select}/bin/browser-select "$FILE" ;;
firefox "$FILE" ;;
text/xml)
${config.lass.browser.select}/bin/browser-select "$FILE" ;;
''}
firefox "$FILE" ;;
text/*)
urxvtc --execute vim "$FILE" ;;
alacritty --execute vim "$FILE" ;;
image/*)
sxiv "$FILE" ;;
application/x-bittorrent)
@ -51,17 +50,18 @@
application/pdf)
zathura "$FILE" ;;
inode/directory)
sudo -u lass -i urxvtc --execute mc "$FILE" ;;
alacritty --execute mc "$FILE" ;;
*)
# open dmenu and ask for program to open with
$(dmenu_path | dmenu) "$FILE";;
runner=$(print -rC1 -- ''${(ko)commands} | dmenu)
exec $runner "$FILE";;
esac
'';
in {
environment.systemPackages = [ xdg-open-wrapper ];
security.sudo.extraConfig = ''
cr ALL=(lass) NOPASSWD: ${xdg-open} *
ff ALL=(lass) NOPASSWD: ${xdg-open} *
cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
'';
}

6
lass/2configs/xmonad.nix
View File

@ -159,14 +159,14 @@ myKeyMap =
${pkgs.clipmenu}/bin/clipmenu
''}")
, ("M4-<F2>", windows copyToAll)
, ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu")
, ("M4-<Insert>", spawn "${pkgs.writeDash "paste" ''
${pkgs.coreutils}/bin/sleep 0.4
${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f -
''}")
, ("M4-<F1>", spawn "/run/current-system/sw/bin/gamepad_mouse_toggle")
, ("M4-<F2>", windows copyToAll)
, ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu")
, ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1")
, ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10")
, ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33")

14
lass/2configs/yellow-host.nix
View File

@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
krebs.sync-containers3.containers.yellow = {
sshKey = "${toString <secrets>}/yellow.sync.key";
};
containers.yellow.bindMounts."/var/lib" = {
hostPath = "/var/lib/sync-containers3/yellow/state";
isReadOnly = false;
};
containers.yellow.bindMounts."/var/download" = {
hostPath = "/var/download";
isReadOnly = false;
};
}

94
lass/3modules/browsers.nix
View File

@ -1,94 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.browser;
browserScripts = {
brave = "${pkgs.brave}/bin/brave";
chrome = "${pkgs.google-chrome}/bin/chrome";
chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
firefox = "${pkgs.firefox.override {
extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
}}/bin/firefox";
qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser";
};
browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(filter (x: ! x.value.hidden)
(mapAttrsToList (name: value: { inherit name value; })
cfg.config));
in if (lib.length sortedPaths) > 1 then
pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
case $BROWSER in
${concatMapStringsSep "\n" (n: ''
${n.name})
export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name}
;;
'') (sortedPaths)}
esac
$BIN "$@"
''
else
let
name = (lib.head sortedPaths).name;
in pkgs.writeScriptBin "browser-select" ''
${config.lass.xjail-bins.${name}}/bin/${name} "$@"
''
;
in {
options.lass.browser = {
select = mkOption {
type = types.path;
};
config = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
};
hidden = mkOption {
type = types.bool;
default = false;
};
precedence = mkOption {
type = types.int;
default = 0;
};
user = mkOption {
type = types.str;
default = config._module.args.name;
};
browser = mkOption {
type = types.enum (attrNames browserScripts);
default = "brave";
};
groups = mkOption {
type = types.listOf types.str;
default = [];
};
};
}));
default = {};
};
};
config = (mkIf (cfg.config != {}) {
lass.xjail = mapAttrs' (name: browser:
nameValuePair name {
script = browserScripts.${browser.browser};
groups = browser.groups;
}
) cfg.config;
environment.systemPackages = (map (browser:
config.lass.xjail-bins.${browser.name}
) (attrValues cfg.config)) ++ [
browser-select
];
lass.browser.select = browser-select;
});
}

2
lass/3modules/default.nix
View File

@ -12,8 +12,6 @@ _:
./pyload.nix
./screenlock.nix
./usershadow.nix
./xjail.nix
./autowifi.nix
./browsers.nix
];
}

173
lass/3modules/xjail.nix
View File

@ -1,173 +0,0 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
{
options.lass.xjail = mkOption {
type = types.attrsOf (types.submodule ({ config, ...}: {
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
};
user = mkOption {
type = types.str;
default = config.name;
};
groups = mkOption {
type = types.listOf types.str;
default = [];
};
from = mkOption {
type = types.str;
default = "lass";
};
display = mkOption {
type = types.str;
default = toString (genid_uint31 config._module.args.name);
};
dpi = mkOption {
type = types.int;
default = 90;
};
extraXephyrArgs = mkOption {
type = types.str;
default = "";
};
extraVglrunArgs = mkOption {
type = types.str;
default = "";
};
script = mkOption {
type = types.path;
default = pkgs.writeScript "echo_lol" "echo lol";
};
wm = mkOption {
#TODO find type
type = types.str;
defaultText = "script";
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
executables.xmonad = {
extra-depends = [
"containers"
"unix"
"xmonad"
];
text = /* haskell */ ''
module Main where
import XMonad
import Data.Monoid
import System.Posix.Process (executeFile)
import qualified Data.Map as Map
main :: IO ()
main = do
xmonad def
{ workspaces = [ "1" ]
, layoutHook = myLayoutHook
, keys = myKeys
, normalBorderColor = "#000000"
, focusedBorderColor = "#000000"
, handleEventHook = myEventHook
}
myEventHook :: Event -> X All
myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
return (All True)
myEventHook _ = do
return (All True)
myLayoutHook = Full
myKeys _ = Map.fromList []
'';
};
}}/bin/xmonad";
};
};
}));
default = {};
};
options.lass.xjail-bins = mkOption {
type = types.attrsOf types.path;
};
# implementation
config = let
scripts = mapAttrs' (name: cfg:
let
newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
if test $? -eq 0; then
echo using existing xephyr
${sudo_} "$@"
else
echo starting new xephyr
${xephyr_} "$@"
fi
'';
xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
XEPHYR_PID=$!
DISPLAY=:${cfg.display} ${cfg.wm} &
WM_PID=$!
${sudo_} "$@"
${pkgs.coreutils}/bin/kill $WM_PID
${pkgs.coreutils}/bin/kill $XEPHYR_PID
'';
# TODO fix xephyr which doesn't honor resizes anymore
sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
#/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
'';
in nameValuePair name {
existing = newOrExisting;
xephyr = xephyr_;
sudo = sudo_;
}
) config.lass.xjail;
in {
users.users = mapAttrs' (_: cfg:
nameValuePair cfg.name {
uid = genid_uint31 cfg.name;
home = "/home/${cfg.name}";
useDefaultShell = true;
createHome = true;
extraGroups = cfg.groups;
isNormalUser = true;
}
) config.lass.xjail;
users.groups = mapAttrs' (_: cfg:
nameValuePair cfg.name {
members = [
cfg.name
cfg.from
];
}
) config.lass.xjail;
security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
polkit.addRule(function(action, subject) {
if (
subject.user == "${cfg.from}" &&
action.id == "org.freedesktop.machine1.host-shell" &&
action.lookup("user") == "${cfg.user}" &&
action.lookup("program") == "${cfg.script}" &&
true
) {
return polkit.Result.YES;
}
});
'') config.lass.xjail));
lass.xjail-bins = mapAttrs' (name: cfg:
nameValuePair name (pkgs.writeScriptBin cfg.name ''
${scripts.${name}.sudo} "$@"
'')
) config.lass.xjail;
};
}

2
lib/default.nix
View File

@ -45,6 +45,8 @@ let
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
genid_uint32 = import ./genid.nix { inherit lib; };
hexchars = stringToCharacters "0123456789abcdef";
lpad = n: c: s:
if lib.stringLength s < n
then lib.lpad n c (c + s)

3
lib/genid.nix
View File

@ -32,6 +32,5 @@ let out = genid;
hexint = x: hexvals.${toLower x};
# :: attrset char uint4
hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; })
(stringToCharacters "0123456789abcdef"));
hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; }) hexchars);
in out

149
lib/svg-colors.json Normal file
View File

@ -0,0 +1,149 @@
[
"aliceblue",
"antiquewhite",
"aqua",
"aquamarine",
"azure",
"beige",
"bisque",
"black",
"blanchedalmond",
"blue",
"blueviolet",
"brown",
"burlywood",
"cadetblue",
"chartreuse",
"chocolate",
"coral",
"cornflowerblue",
"cornsilk",
"crimson",
"cyan",
"darkblue",
"darkcyan",
"darkgoldenrod",
"darkgray",
"darkgreen",
"darkgrey",
"darkkhaki",
"darkmagenta",
"darkolivegreen",
"darkorange",
"darkorchid",
"darkred",
"darksalmon",
"darkseagreen",
"darkslateblue",
"darkslategray",
"darkslategrey",
"darkturquoise",
"darkviolet",
"deeppink",
"deepskyblue",
"dimgray",
"dimgrey",
"dodgerblue",
"firebrick",
"floralwhite",
"forestgreen",
"fuchsia",
"gainsboro",
"ghostwhite",
"gold",
"goldenrod",
"gray",
"green",
"greenyellow",
"grey",
"honeydew",
"hotpink",
"indianred",
"indigo",
"ivory",
"khaki",
"lavender",
"lavenderblush",
"lawngreen",
"lemonchiffon",
"lightblue",
"lightcoral",
"lightcyan",
"lightgoldenrodyellow",
"lightgray",
"lightgreen",
"lightgrey",
"lightpink",
"lightsalmon",
"lightseagreen",
"lightskyblue",
"lightslategray",
"lightslategrey",
"lightsteelblue",
"lightyellow",
"lime",
"limegreen",
"linen",
"magenta",
"maroon",
"mediumaquamarine",
"mediumblue",
"mediumorchid",
"mediumpurple",
"mediumseagreen",
"mediumslateblue",
"mediumspringgreen",
"mediumturquoise",
"mediumvioletred",
"midnightblue",
"mintcream",
"mistyrose",
"moccasin",
"navajowhite",
"navy",
"oldlace",
"olive",
"olivedrab",
"orange",
"orangered",
"orchid",
"palegoldenrod",
"palegreen",
"paleturquoise",
"palevioletred",
"papayawhip",
"peachpuff",
"peru",
"pink",
"plum",
"powderblue",
"purple",
"red",
"rosybrown",
"royalblue",
"saddlebrown",
"salmon",
"sandybrown",
"seagreen",
"seashell",
"sienna",
"silver",
"skyblue",
"slateblue",
"slategray",
"slategrey",
"snow",
"springgreen",
"steelblue",
"tan",
"teal",
"thistle",
"tomato",
"turquoise",
"violet",
"wheat",
"white",
"whitesmoke",
"yellow",
"yellowgreen"
]

38
lib/types.nix
View File

@ -3,11 +3,11 @@
let
inherit (lib)
all any attrNames concatMapStringsSep concatStringsSep const filter flip
genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
genid_uint31 hasSuffix head importJSON isInt isString length mergeOneOption
mkOption mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test testString typeOf;
inherit (lib.types)
attrsOf bool either enum int lines listOf nullOr path str submodule;
addCheck attrsOf bool either enum int lines listOf nullOr path str submodule;
in
rec {
@ -287,15 +287,27 @@ rec {
};
});
boundedInt = min: max: mkOptionType {
name = "bounded integer";
check = x: isInt x && min <= x && x <= max;
merge = mergeOneOption;
};
lowerBoundedInt = min: mkOptionType {
name = "lower bounded integer";
check = x: isInt x && min <= x;
merge = mergeOneOption;
};
positive = mkOptionType {
inherit (lowerBoundedInt 1) check;
name = "positive integer";
check = x: isInt x && x > 0;
merge = mergeOneOption;
};
uint = mkOptionType {
inherit (lowerBoundedInt 0) check;
name = "unsigned integer";
check = x: isInt x && x >= 0;
merge = mergeOneOption;
};
@ -583,6 +595,9 @@ rec {
};
};
flameshot.color =
either (addCheck str (test "#[0-9A-Fa-f]{6}")) svg.color-keyword;
file-mode = mkOptionType {
name = "file mode";
check = test "[0-7]{4}";
@ -601,6 +616,19 @@ rec {
merge = mergeOneOption;
};
# SVG 1.1, 4.4 Recognized color keyword names
#
# svg-colors.json has been generated with:
# curl -sS https://www.w3.org/TR/SVG11/types.html#ColorKeywords |
# fq -d html '[
# grep_by(.["@class"]=="color-keywords") |
# grep_by(.["@class"]=="prop-value"and.["#text"]!="").["#text"]
# ] | sort'
#
svg.color-keyword = enum (importJSON ./svg-colors.json) // {
name = "SVG 1.1 recognized color keyword";
};
systemd.unit-name = mkOptionType {
name = "systemd unit name";
check = x:

2
submodules/nix-writers

@ -1 +1 @@
Subproject commit 0c8de150426476b5287cf2787bbd85263691a802
Subproject commit 66a1f6833464bbb121b6d94247ad769f277351f8

2
tv/1systems/bu/config.nix
View File

@ -13,8 +13,6 @@ with import ./lib;
krebs.build.host = config.krebs.hosts.bu;
networking.hostId = lib.mkDefault "00000000";
networking.wireless.enable = true;
networking.useDHCP = false;
networking.interfaces.enp0s25.useDHCP = true;

1
tv/2configs/default.nix
View File

@ -6,6 +6,7 @@ with import ./lib;
krebs.build.user = config.krebs.users.tv;
networking.hostId = mkDefault (hashToLength 8 config.networking.hostName);
networking.hostName = config.krebs.build.host.name;
imports = [

6
tv/2configs/gitrepos.nix
View File

@ -74,9 +74,6 @@ with import ./lib;
disko = {
cgit.desc = "declarative partitioning and formatting tool";
};
flameshot-once = {
cgit.desc = "flameshot runner that automatically starts/stops the daemon";
};
fswm = {
cgit.desc = "simple full screen window manager";
};
@ -139,6 +136,9 @@ with import ./lib;
cgserver = {};
crude-mail-setup = {};
dot-xmonad = {};
flameshot-once = {
cgit.desc = "flameshot runner that automatically starts/stops the daemon";
};
hirc = {};
hstool = {
cgit.desc = "Haskell Development Environment ^_^";

26
tv/2configs/urlwatch.nix
View File

@ -2,12 +2,16 @@ with import ./lib;
{ config, pkgs, ... }: let
exec = filename: args: url: {
inherit url;
filter = "system:${
concatMapStringsSep " " shell.escape ([filename] ++ toList args)
}";
filter = singleton {
system =
concatMapStringsSep " " shell.escape ([filename] ++ toList args);
};
};
json = json' ["."];
json' = exec "${pkgs.jq}/bin/jq";
urigrep' = exec (pkgs.writeDash "urigrep" ''
${pkgs.urix}/bin/urix | ${pkgs.gnugrep}/bin/grep -E "$1"
'');
xml = xml' ["--format" "-"];
xml' = exec "${pkgs.libxml2}/bin/xmllint";
in {
@ -68,22 +72,30 @@ in {
https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/services/x11/xserver.nix
https://www.rabbitmq.com/changelog.html
(urigrep' ["software-resources"] https://semiconductor.samsung.com/consumer-storage/support/tools/)
];
hooksFile = toFile "hooks.py" ''
import subprocess
import urlwatch
class CaseFilter(urlwatch.filters.FilterBase):
class SystemFilter(urlwatch.filters.FilterBase):
"""Filter for piping data through an external process"""
__kind__ = 'system'
__supported_subfilters__ = {
'command': 'shell command line to tranform data',
}
__default_subfilter__ = 'command'
def filter(self, data, subfilter=None):
if subfilter is None:
raise ValueError('The system filter needs a command')
if 'command' not in subfilter:
raise ValueError('{} filter needs a command'.format(self.__kind__))
proc = subprocess.Popen(
subfilter,
subfilter['command'],
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,

37
tv/2configs/wiregrill.nix Normal file
View File

@ -0,0 +1,37 @@
with import ./lib;
{ config, pkgs, ... }: let
cfg = {
enable = cfg.net != null;
net = config.krebs.build.host.nets.wiregrill or null;
};
toCidrNotation = ip: "${ip.addr}/${toString ip.prefixLength}";
in
mkIf cfg.enable {
networking.wireguard.interfaces.wiregrill = {
ips =
optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++
optional (cfg.net.ip6 != null) cfg.net.ip6.addr;
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wiregrill.key";
allowedIPsAsRoutes = true;
peers = mapAttrsToList
(_: host: {
allowedIPs = host.nets.wiregrill.wireguard.subnets;
endpoint =
mkIf (host.nets.wiregrill.via != null) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
persistentKeepalive = mkIf (host.nets.wiregrill.via != null) 61;
publicKey =
replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey;
})
(filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
};
systemd.network.networks.wiregrill = {
matchConfig.Name = "wiregrill";
address =
optional (cfg.net.ip4 != null) (toCidrNotation cfg.net.ip4) ++
optional (cfg.net.ip6 != null) (toCidrNotation cfg.net.ip6);
};
tv.iptables.extra.filter.INPUT = [
"-p udp --dport ${toString cfg.net.wireguard.port} -j ACCEPT"
];
}

8
tv/2configs/xserver/default.nix
View File

@ -120,13 +120,7 @@ in {
};
path = [
config.tv.slock.package
(pkgs.flameshot-once.override {
config.imgur.enable = true;
config.imgur.createUrl = "http://ni.r/image";
config.imgur.deleteUrl = "http://ni.r/image/delete/%1";
config.imgur.xdg-open.browser = "/etc/profiles/per-user/tv/bin/cr";
config.timeout = 200;
})
pkgs.flameshot-once-tv
pkgs.pulseaudio.out
pkgs.rxvt_unicode
pkgs.xcalib

8
tv/5pkgs/haskell/xmonad-tv/default.nix
View File

@ -1,6 +1,5 @@
{ mkDerivation, aeson, base, bytestring, containers, directory
, extra, filepath, lib, systemd, template-haskell, th-env
, transformers, unix, X11, xmonad, xmonad-contrib
, extra, filepath, lib, pager, unix, X11, xmonad, xmonad-contrib
}:
mkDerivation {
pname = "xmonad-tv";
@ -9,8 +8,9 @@ mkDerivation {
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson base bytestring containers directory extra filepath systemd
template-haskell th-env transformers unix X11 xmonad xmonad-contrib
aeson base bytestring containers directory extra filepath pager
unix X11 xmonad xmonad-contrib
];
license = lib.licenses.mit;
mainProgram = "xmonad";
}

117
tv/5pkgs/haskell/xmonad-tv/src/XMonad/Hooks/EwmhDesktops/Extra.hs Normal file
View File

@ -0,0 +1,117 @@
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE MultiWayIf #-}
{-# LANGUAGE NamedFieldPuns #-}
module XMonad.Hooks.EwmhDesktops.Extra where
import Control.Monad (when)
import Data.Maybe (fromMaybe)
import Data.Monoid (All)
import Data.Tuple.Extra (both)
import Graphics.X11.EWMH (getDesktopNames, setDesktopNames)
import Graphics.X11.EWMH.Atom (_NET_DESKTOP_NAMES)
import Graphics.X11.Xlib.Display.Extra (withDefaultDisplay)
import XMonad hiding (workspaces)
import XMonad.Actions.DynamicWorkspaces (addHiddenWorkspace, removeEmptyWorkspaceByTag)
import XMonad.StackSet (mapWorkspace, tag, workspaces)
import XMonad.Util.WorkspaceCompare (getSortByIndex)
import qualified Data.Map.Strict as Map
import qualified Data.Set as Set
import qualified XMonad
ewmhExtra :: XConfig a -> IO (XConfig a)
ewmhExtra c = do
-- XMonad.Hooks.EwmhDesktops.setDesktopViewport uses _NET_DESKTOP_VIEWPORT
-- only if it exists. This seems to be a harmless issue, but by creating
-- the atom here, we suppress the error message:
--
-- xmonad: X11 error: BadAtom (invalid Atom parameter),
-- request code=18, error code=5
--
_ <-
withDefaultDisplay $ \dpy -> internAtom dpy "_NET_DESKTOP_VIEWPORT" False
initialWorkspaces <-
Data.Maybe.fromMaybe (XMonad.workspaces def)
<$> withDefaultDisplay getDesktopNames
return
c { handleEventHook = ewmhDesktopsExtraEventHook <> handleEventHook c
, rootMask = rootMask c .|. propertyChangeMask
, XMonad.workspaces = initialWorkspaces
}
ewmhDesktopsExtraEventHook :: Event -> X All
ewmhDesktopsExtraEventHook = \case
PropertyEvent{ev_window, ev_atom} -> do
r <- asks theRoot
when (ev_window == r && ev_atom == _NET_DESKTOP_NAMES) $
withDisplay $ \dpy -> do
sort <- getSortByIndex
oldNames <- gets $ map tag . sort . workspaces . windowset
newNames <- fromMaybe oldNames <$> io (getDesktopNames dpy)
let
(renamesFrom, renamesTo) = both Set.fromList $ unzip renames
renames = go oldNames newNames where
go old@(headOld : tailOld) new@(headNew : tailNew) = do
let
deleteOld = Set.member headOld deleteNameSet
createNew = Set.member headNew createNameSet
if
| headOld == headNew ->
-- assert (not deleteOld && not createNew)
go tailOld tailNew
| deleteOld && createNew ->
(headOld, headNew) :
go tailOld tailNew
| deleteOld ->
go tailOld new
| createNew ->
go old tailNew
| otherwise ->
-- assert (headOld == headNew)
go tailOld tailNew
go _ _ = []
oldNameSet = Set.fromList oldNames
newNameSet = Set.fromList newNames
deleteNameSet = Set.difference oldNameSet newNameSet
createNameSet = Set.difference newNameSet oldNameSet
deleteNames = Set.toAscList $
Set.difference deleteNameSet renamesFrom
createNames = Set.toAscList $
Set.difference createNameSet renamesTo
mapM_ addHiddenWorkspace createNames
mapM_ removeEmptyWorkspaceByTag deleteNames
when (not (null renames)) $ do
let
renameMap = Map.fromList renames
rename w =
case Map.lookup (tag w) renameMap of
Just newName -> w { tag = newName }
Nothing -> w
modifyWindowSet $ mapWorkspace rename
names <- gets $ map tag . sort . workspaces . windowset
when (names /= newNames) $ do
trace $ "setDesktopNames " <> show names
io (setDesktopNames names dpy)
mempty
_ ->
mempty

42
tv/5pkgs/haskell/xmonad-tv/src/main.hs
View File

@ -5,16 +5,15 @@ module Main (main) where
import System.Exit (exitFailure)
import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.EwmhDesktops.Extra (ewmhExtra)
import XMonad.Hooks.RefocusLast (refocusLastLayoutHook, toggleFocus)
import Control.Exception
import Control.Monad.Extra (whenJustM)
import qualified Data.Aeson
import qualified Data.ByteString.Char8
import qualified Data.List
import qualified Data.Maybe
import Graphics.X11.ExtraTypes.XF86
import Text.Read (readEither)
import XMonad
import XMonad.Extra (isFloatingX)
import System.IO (hPutStrLn, stderr)
@ -23,6 +22,7 @@ import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Layout.Gaps (Direction2D(U,R,D,L), gaps)
import XMonad.Layout.NoBorders ( smartBorders )
import XMonad.Layout.ResizableTile (ResizableTall(ResizableTall))
import XMonad.Layout.ResizableTile (MirrorResize(MirrorExpand,MirrorShrink))
@ -58,22 +58,27 @@ main = getArgs >>= \case
readEnv :: Data.Aeson.FromJSON b => String -> IO b
readEnv name =
Data.Maybe.fromJust
readEnv' (error $ "could not get environment variable: " <> name) name
readEnv' :: Data.Aeson.FromJSON b => b -> String -> IO b
readEnv' defaultValue name =
Data.Maybe.fromMaybe defaultValue
. Data.Aeson.decodeStrict'
. Data.ByteString.Char8.pack
<$> getEnv name
. Data.Maybe.fromMaybe mempty
<$> lookupEnv name
mainNoArgs :: IO ()
mainNoArgs = do
myScreenGaps <- readEnv' [] "XMONAD_SCREEN_GAPS" :: IO [Int]
myScreenWidth <- readEnv "XMONAD_SCREEN_WIDTH" :: IO Dimension
myTermFont <- getEnv "XMONAD_TERM_FONT"
myTermFontWidth <- readEnv "XMONAD_TERM_FONT_WIDTH" :: IO Dimension
myTermPadding <- readEnv "XMONAD_TERM_PADDING" :: IO Dimension
workspaces0 <- getWorkspaces0
handleShutdownEvent <- newShutdownEventHandler
let
config =
ewmh
config <-
ewmhExtra
$ ewmh
$ withUrgencyHookC
BorderUrgencyHook
{ urgencyBorderColor = "#ff0000"
@ -86,9 +91,9 @@ mainNoArgs = do
{ terminal = {-pkg:alacritty-tv-}"alacritty"
, modMask = mod4Mask
, keys = myKeys myTermFont
, workspaces = workspaces0
, layoutHook =
refocusLastLayoutHook $
gaps (zip [U,R,D,L] myScreenGaps) $
smartBorders $
ResizableTall
1
@ -117,23 +122,6 @@ mainNoArgs = do
launch config directories
getWorkspaces0 :: IO [String]
getWorkspaces0 =
try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
Left e -> warn (displaySomeException e)
Right p -> try (readFile p) >>= \case
Left e -> warn (displaySomeException e)
Right x -> case readEither x of
Left e -> warn e
Right y -> return y
where
warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
forkFile path args env =
xfork (executeFile path True args env) >> return ()
@ -198,7 +186,7 @@ myKeys font conf = Map.fromList $
, ((_4, xK_Prior), forkFile {-pkg-}"xcalib" ["-invert", "-alter"] Nothing)
, ((0, xK_Print), forkFile {-pkg-}"flameshot" [] Nothing)
, ((0, xK_Print), forkFile {-pkg:flameshot-once-tv-}"flameshot-once" [] Nothing)
, ((_C, xF86XK_Forward), forkFile {-pkg:xdpytools-}"xdpychvt" ["next"] Nothing)
, ((_C, xF86XK_Back), forkFile {-pkg:xdpytools-}"xdpychvt" ["prev"] Nothing)

29
tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
View File

@ -9,20 +9,21 @@ cabal-version: >=1.10
executable xmonad
main-is: main.hs
build-depends:
aeson,
base,
bytestring,
containers,
directory,
extra,
filepath,
template-haskell,
th-env,
unix,
X11,
xmonad,
xmonad-contrib
base
, X11
, aeson
, bytestring
, containers
, directory
, extra
, filepath
, pager
, unix
, xmonad
, xmonad-contrib
other-modules:
Shutdown
XMonad.Extra
XMonad.Hooks.EwmhDesktops.Extra
default-language: Haskell2010
ghc-options: -O2 -Wall -threaded
ghc-options: -O2 -Wall

15
tv/5pkgs/override/flameshot/default.nix
View File

@ -1,15 +0,0 @@
self: super:
super.flameshot.overrideAttrs (old: rec {
name = "flameshot-${version}";
version = "0.10.2";
src = self.fetchFromGitHub {
owner = "flameshot-org";
repo = "flameshot";
rev = "v${version}";
sha256 = "sha256-rZUiaS32C77tFJmEkw/9MGbVTVscb6LOCyWaWO5FyR4=";
};
patches = old.patches or [] ++ [
./flameshot_imgur_0.10.2.patch
];
})

35
tv/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch
View File

@ -1,35 +0,0 @@
--- a/src/tools/imgur/imguruploader.cpp
+++ b/src/tools/imgur/imguruploader.cpp
@@ -31,6 +31,7 @@
#include <QTimer>
#include <QUrlQuery>
#include <QVBoxLayout>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap& capture, QWidget* parent)
: QWidget(parent)
@@ -79,8 +80,11 @@ void ImgurUploader::handleReply(QNetworkReply* reply)
m_imageURL.setUrl(data[QStringLiteral("link")].toString());
auto deleteToken = data[QStringLiteral("deletehash")].toString();
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
m_deleteImageURL.setUrl(
- QStringLiteral("https://imgur.com/delete/%1").arg(deleteToken));
+ QString::fromUtf8(deleteImageURLPattern).arg(deleteToken));
// save history
QString imageName = m_imageURL.toString();
@@ -133,7 +137,10 @@ void ImgurUploader::upload()
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem(QStringLiteral("description"), description);
- QUrl url(QStringLiteral("https://api.imgur.com/3/image"));
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(QString::fromUtf8(createImageURLPattern));
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,

48
tv/5pkgs/simple/flameshot-once-tv.nix Normal file
View File

@ -0,0 +1,48 @@
{ pkgs }:
pkgs.flameshot-once.override {
name = "flameshot-once-tv";
config.imgur.enable = true;
config.imgur.createUrl = "http://ni.r/image";
config.imgur.deleteUrl = "http://ni.r/image/delete/%1";
config.imgur.xdg-open.browser = "/etc/profiles/per-user/tv/bin/cr";
config.settings.General = {
autoCloseIdleDaemon = true;
buttons = [
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COPY"
"TYPE_DRAWER"
"TYPE_IMAGEUPLOADER"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_PENCIL"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_SAVE"
"TYPE_SELECTION"
"TYPE_TEXT"
];
checkForUpdates = false;
contrastOpacity = 220;
copyPathAfterSave = true;
disabledTrayIcon = true;
drawColor = "#E4002B";
drawThickness = 8;
filenamePattern = "%FT%T%z_flameshot";
fontFamily = "iosevka tv 2";
savePath = "/tmp";
savePathFixed = true;
showDesktopNotification = false;
showHelp = false;
showSidePanelButton = false;
showStartupLaunchMessage = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
};
config.settings.Shortcuts = {
TYPE_COPY = "Return";
TYPE_TOGGLE_PANEL = "`";
};
}

2
tv/5pkgs/simple/q/default.nix
View File

@ -25,7 +25,7 @@ let
fi |
${pkgs.gnused}/bin/sed -r '
# dim week numbers
s/((^ *| )[ 1-5][0-9]( *)?)(([ 1-3][0-9])*)/\1\4/g
s/((^| )[ 1-5][0-9])(( ..| \[7m..\[27m){7})/\1\3/g
# dim month and day names
s/^ *[A-Z].*/&/
# highlight current date