Merge remote-tracking branch 'prism/master'

2017-10-26 18:43:33 +02:00 · 2017-10-26 18:43:33 +02:00 · d5fd5107e6
commit d5fd5107e6
parent 1993cbc421 458bd5f6bd
26 changed files with 204 additions and 43 deletions
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@ -16,6 +16,7 @@
      vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
      weechat|http://dev.weechat.org/feed/atom|#news
      xkcd|https://xkcd.com/rss.xml|#news
+      painload|https://github.com/krebscode/painload/commits/master.atom|#news
    '';
  };
 }
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@ -437,8 +437,14 @@ with import <stockholm/lib>;
          ip4.addr = "129.215.90.4";
          aliases = [ "eddie.i" ];
        };
-        retiolum = {
+        retiolum = rec {
          via = internet;
+          addrs = [
+            # edinburgh university
+            "129.215.0.0/16"
+            ip4.addr
+            ip6.addr
+          ];
          ip4.addr = "10.243.29.170";
          ip6.addr = "42:4992:6a6d:700::1";
          aliases = [ "eddie.r" ];
--- a/krebs/5pkgs/simple/Reaktor/plugins.nix
+++ b/krebs/5pkgs/simple/Reaktor/plugins.nix
@ -144,7 +144,8 @@ rec {
    '';
  };
  wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" {
-    script = pkgs.writeDash "wiki-todo-add" ''
+    pattern = "^wiki-show$";
+    script = pkgs.writeDash "wiki-show" ''
      ${pkgs.coreutils}/bin/cat wiki-todo
    '';
  };
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@ -115,4 +115,6 @@ with import <stockholm/lib>;
   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
  ];
+
+  lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
 }
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@ -168,6 +168,14 @@ in {
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
        ];
      };
+      users.users.hellrazor = {
+        uid = genid "hellrazor";
+        isNormalUser = true;
+        extraGroups = [
+          "download"
+        ];
+        openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
+      };
    }
    {
      #hotdog
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@ -6,7 +6,6 @@ in {
  imports = [
    ./mpv.nix
    ./power-action.nix
-    ./screenlock.nix
    ./copyq.nix
    ./xresources.nix
    ./livestream.nix
@ -31,15 +30,15 @@ in {
      options.lass.fonts = {
        regular = mkOption {
          type = types.str;
-          default = "xft:Hack-Regular:pixelsize=11,xft:Symbola";
+          default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
        };
        bold = mkOption {
          type = types.str;
-          default = "xft:Hack-Bold:pixelsize=11,xft:Symbola";
+          default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
        };
        italic = mkOption {
          type = types.str;
-          default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol";
+          default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
        };
      };
    }
@ -136,4 +135,5 @@ in {
  };

  services.urxvtd.enable = true;
+  lass.screenlock.enable = true;
 }
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@ -50,7 +50,7 @@ with import <stockholm/lib>;
        NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
      };
    }
-    (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
+    (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
      environment.variables = {
        CURL_CA_BUNDLE = ca-bundle;
        GIT_SSL_CAINFO = ca-bundle;
--- a/lass/2configs/dns-stuff.nix
+++ b/lass/2configs/dns-stuff.nix
@ -13,6 +13,7 @@ with import <stockholm/lib>;
  };
  services.dnsmasq = {
    enable = true;
+    resolveLocalQueries = false;
    extraConfig = ''
      server=127.1.0.1
      #no-resolv
--- a/lass/2configs/screenlock.nix
+++ b/lass/2configs/screenlock.nix
@ -1,17 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  systemd.services.screenlock = {
-    before = [ "sleep.target" ];
-    wantedBy = [ "sleep.target" ];
-    environment = {
-      DISPLAY = ":0";
-    };
-    serviceConfig = {
-      SyslogIdentifier = "screenlock";
-      ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
-      Type = "forking";
-      User = "lass";
-    };
-  };
-}
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@ -8,6 +8,7 @@ _:
    ./mysql-backup.nix
    ./news.nix
    ./pyload.nix
+    ./screenlock.nix
    ./umts.nix
    ./usershadow.nix
    ./xresources.nix
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@ -0,0 +1,37 @@
+{ pkgs, config, ... }:
+
+with import <stockholm/lib>;
+
+let
+  cfg = config.lass.screenlock;
+
+  out = {
+    options.lass.screenlock = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "news";
+    command = mkOption {
+      type = types.str;
+      default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+    };
+  };
+
+  imp = {
+    systemd.services.screenlock = {
+      before = [ "sleep.target" ];
+      wantedBy = [ "sleep.target" ];
+      environment = {
+        DISPLAY = ":0";
+      };
+      serviceConfig = {
+        SyslogIdentifier = "screenlock";
+        ExecStart = cfg.command;
+        Type = "forking";
+        User = "lass";
+      };
+    };
+  };
+
+in out
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@ -97,7 +97,7 @@ displaySomeException = displayException

 myKeyMap :: [([Char], X ())]
 myKeyMap =
-    [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
+    [ ("M4-<F11>", spawn "${config.lass.screenlock.command}")
    , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
    , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
    , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
@ -139,6 +139,8 @@ myKeyMap =
    , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
    , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
    , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
+
+    , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
    ]

 forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
--- a/lass/source.nix
+++ b/lass/source.nix
@ -10,7 +10,7 @@ in
      nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
      nixpkgs.git = {
        url = https://github.com/nixos/nixpkgs;
-        ref = "1987983";
+        ref = "c99239b";
      };
      secrets.file = getAttr builder {
        buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
--- a/lib/types.nix
+++ b/lib/types.nix
@ -92,7 +92,7 @@ rec {
        default = null;
      };
      addrs = mkOption {
-        type = listOf addr;
+        type = listOf cidr;
        default =
          optional (config.ip4 != null) config.ip4.addr ++
          optional (config.ip6 != null) config.ip6.addr;
@ -109,7 +109,7 @@ rec {
              type = addr4;
            };
            prefix = mkOption ({
-              type = str; # TODO routing prefix (CIDR)
+              type = cidr4;
            } // optionalAttrs (config.name == "retiolum") {
              default = "10.243.0.0/16";
            });
@ -125,7 +125,7 @@ rec {
              apply = lib.normalize-ip6-addr;
            };
            prefix = mkOption ({
-              type = str; # TODO routing prefix (CIDR)
+              type = cidr6;
            } // optionalAttrs (config.name == "retiolum") {
              default = "42::/16";
            });
@ -364,6 +364,26 @@ rec {
    merge = mergeOneOption;
  };

+  cidr = either cidr4 cidr6;
+  cidr4 = mkOptionType {
+    name = "CIDRv4 address";
+    check = let
+      CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
+        concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?";
+    in
+      test CIDRv4address;
+    merge = mergeOneOption;
+  };
+  cidr6 = mkOptionType {
+    name = "CIDRv6 address";
+    check = let
+      # TODO check IPv6 address harder
+      CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?";
+    in
+      test CIDRv6address;
+    merge = mergeOneOption;
+  };
+
  binary-cache-pubkey = str;

  pgp-pubkey = str;
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@ -6,6 +6,9 @@
 # configure your hw:
 # <stockholm/makefu/2configs/save-diskspace.nix>
  ];
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    config.krebs.users.tv.pubkey
+  ];
  krebs = {
    enable = true;
    tinc.retiolum.enable = true;
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@ -26,6 +26,7 @@ in {
    <stockholm/makefu/2configs/zsh-user.nix>
    # Services
    <stockholm/makefu/2configs/remote-build/slave.nix>
+    <stockholm/makefu/2configs/torrent.nix>

  ];
  krebs = {
--- a/makefu/1systems/latte/source.nix
+++ b/makefu/1systems/latte/source.nix
@ -1,3 +1,4 @@
 import <stockholm/makefu/source.nix> {
-  name="latte";
+  name = "latte";
+  torrent = true;
 }
--- a/makefu/2configs/binary-cache/lass.nix
+++ b/makefu/2configs/binary-cache/lass.nix
@ -7,6 +7,7 @@
    ];
    binaryCachePublicKeys = [
      "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+      "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
    ];
  };
 }
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@ -16,5 +16,6 @@
    whatsupnix
    brain
    gen-oath-safe
+    cdrtools
  ];
 }
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@ -15,6 +15,7 @@ _:
    ./torrent.nix
    ./udpt.nix
    ./umts.nix
+    ./wvdial.nix
  ];
 }

--- a/makefu/3modules/wvdial.nix
+++ b/makefu/3modules/wvdial.nix
@ -0,0 +1,71 @@
+# Global configuration for wvdial.
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  configFile = ''
+    [Dialer Defaults]
+    PPPD PATH = ${pkgs.ppp}/sbin/pppd
+    ${config.environment.wvdial.dialerDefaults}
+  '';
+
+  cfg = config.environment.wvdial;
+
+in
+{
+  ###### interface
+
+  options = {
+
+    environment.wvdial = {
+
+      dialerDefaults = mkOption {
+        default = "";
+        type = types.str;
+        example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
+        description = ''
+          Contents of the "Dialer Defaults" section of
+          <filename>/etc/wvdial.conf</filename>.
+        '';
+      };
+
+      pppDefaults = mkOption {
+        default = ''
+          noipdefault
+          usepeerdns
+          defaultroute
+          persist
+          noauth
+        '';
+        type = types.str;
+        description = "Default ppp settings for wvdial.";
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf (cfg.dialerDefaults != "") {
+
+    environment = {
+
+      etc =
+      [
+        { source = pkgs.writeText "wvdial.conf" configFile;
+          target = "wvdial.conf";
+        }
+        { source = pkgs.writeText "wvdial" cfg.pppDefaults;
+          target = "ppp/peers/wvdial";
+        }
+      ];
+
+    };
+
+  };
+
+}
--- a/makefu/source.nix
+++ b/makefu/source.nix
@ -11,8 +11,7 @@ let
              then "buildbot"
              else "makefu";
  _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "727a3a3"; # unstable @ 2017-10-07
-                   # + revert wvdial (76f4910)
+  ref = "809cf38"; # unstable @ 2017-10-07
                   # + ruby stuff (2f0b17e4be9,55a952be5b5)
                   # + mitmproxy fix (360a5efd,ef52c95b)

--- a/nin/1systems/hiawatha/config.nix
+++ b/nin/1systems/hiawatha/config.nix
@ -15,6 +15,7 @@ with lib;
    <stockholm/nin/2configs/git.nix>
    <stockholm/nin/2configs/retiolum.nix>
    <stockholm/nin/2configs/termite.nix>
+    <stockholm/nin/2configs/skype.nix>
  ];

  krebs.build.host = config.krebs.hosts.hiawatha;
@ -98,10 +99,6 @@ with lib;

    allowUnfree = true;

-    firefox = {
-      enableGoogleTalkPlugin = true;
-      enableAdobeFlash = true;
-    };
  };

  #services.logind.extraConfig = "HandleLidSwitch=ignore";
--- a/nin/2configs/default.nix
+++ b/nin/2configs/default.nix
@ -4,6 +4,7 @@ with import <stockholm/lib>;
 {
  imports = [
    ../2configs/vim.nix
+    <stockholm/krebs/2configs/binary-cache/prism.nix>
    {
      users.extraUsers =
        mapAttrs (_: h: { hashedPassword = h; })
@ -45,12 +46,6 @@ with import <stockholm/lib>;
        SSL_CERT_FILE = ca-bundle;
      };
    })
-    {
-      nix = {
-        binaryCaches = ["http://cache.prism.r"];
-        binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
-      };
-    }
  ];

  networking.hostName = config.krebs.build.host.name;
@ -96,6 +91,7 @@ with import <stockholm/lib>;
    gnumake
    jq
    proot
+    pavucontrol
    populate
    p7zip
    termite
@ -158,6 +154,7 @@ with import <stockholm/lib>;
      filter.INPUT.rules = [
        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
        { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
        { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
        { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
--- a/nin/2configs/skype.nix
+++ b/nin/2configs/skype.nix
@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  mainUser = config.users.extraUsers.nin;
+  inherit (import <stockholm/lib>) genid;
+
+in {
+  users.extraUsers = {
+    skype = {
+      name = "skype";
+      uid = genid "skype";
+      description = "user for running skype";
+      home = "/home/skype";
+      useDefaultShell = true;
+      extraGroups = [ "audio" "video" ];
+      createHome = true;
+    };
+  };
+
+  krebs.per-user.skype.packages = [
+    pkgs.skype
+  ];
+
+  security.sudo.extraConfig = ''
+    ${mainUser.name} ALL=(skype) NOPASSWD: ALL
+  '';
+}
--- a/nin/source.nix
+++ b/nin/source.nix
@ -14,6 +14,6 @@ in
    stockholm.file = toString <stockholm>;
    nixpkgs.git = {
      url = https://github.com/nixos/nixpkgs;
-      ref = "799435b";
+      ref = "c99239b";
    };
  }