Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2017-10-26 18:43:33 +02:00
commit d5fd5107e6
26 changed files with 204 additions and 43 deletions

View File

@ -16,6 +16,7 @@
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news weechat|http://dev.weechat.org/feed/atom|#news
xkcd|https://xkcd.com/rss.xml|#news xkcd|https://xkcd.com/rss.xml|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news
''; '';
}; };
} }

View File

@ -437,8 +437,14 @@ with import <stockholm/lib>;
ip4.addr = "129.215.90.4"; ip4.addr = "129.215.90.4";
aliases = [ "eddie.i" ]; aliases = [ "eddie.i" ];
}; };
retiolum = { retiolum = rec {
via = internet; via = internet;
addrs = [
# edinburgh university
"129.215.0.0/16"
ip4.addr
ip6.addr
];
ip4.addr = "10.243.29.170"; ip4.addr = "10.243.29.170";
ip6.addr = "42:4992:6a6d:700::1"; ip6.addr = "42:4992:6a6d:700::1";
aliases = [ "eddie.r" ]; aliases = [ "eddie.r" ];

View File

@ -144,7 +144,8 @@ rec {
''; '';
}; };
wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" { wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" {
script = pkgs.writeDash "wiki-todo-add" '' pattern = "^wiki-show$";
script = pkgs.writeDash "wiki-show" ''
${pkgs.coreutils}/bin/cat wiki-todo ${pkgs.coreutils}/bin/cat wiki-todo
''; '';
}; };

View File

@ -115,4 +115,6 @@ with import <stockholm/lib>;
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
]; ];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
} }

View File

@ -168,6 +168,14 @@ in {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
]; ];
}; };
users.users.hellrazor = {
uid = genid "hellrazor";
isNormalUser = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
} }
{ {
#hotdog #hotdog

View File

@ -6,7 +6,6 @@ in {
imports = [ imports = [
./mpv.nix ./mpv.nix
./power-action.nix ./power-action.nix
./screenlock.nix
./copyq.nix ./copyq.nix
./xresources.nix ./xresources.nix
./livestream.nix ./livestream.nix
@ -31,15 +30,15 @@ in {
options.lass.fonts = { options.lass.fonts = {
regular = mkOption { regular = mkOption {
type = types.str; type = types.str;
default = "xft:Hack-Regular:pixelsize=11,xft:Symbola"; default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
}; };
bold = mkOption { bold = mkOption {
type = types.str; type = types.str;
default = "xft:Hack-Bold:pixelsize=11,xft:Symbola"; default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
}; };
italic = mkOption { italic = mkOption {
type = types.str; type = types.str;
default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol"; default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
}; };
}; };
} }
@ -136,4 +135,5 @@ in {
}; };
services.urxvtd.enable = true; services.urxvtd.enable = true;
lass.screenlock.enable = true;
} }

View File

@ -50,7 +50,7 @@ with import <stockholm/lib>;
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
}; };
} }
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = { environment.variables = {
CURL_CA_BUNDLE = ca-bundle; CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle; GIT_SSL_CAINFO = ca-bundle;

View File

@ -13,6 +13,7 @@ with import <stockholm/lib>;
}; };
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
resolveLocalQueries = false;
extraConfig = '' extraConfig = ''
server=127.1.0.1 server=127.1.0.1
#no-resolv #no-resolv

View File

@ -1,17 +0,0 @@
{ pkgs, config, ... }:
{
systemd.services.screenlock = {
before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "screenlock";
ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
Type = "forking";
User = "lass";
};
};
}

View File

@ -8,6 +8,7 @@ _:
./mysql-backup.nix ./mysql-backup.nix
./news.nix ./news.nix
./pyload.nix ./pyload.nix
./screenlock.nix
./umts.nix ./umts.nix
./usershadow.nix ./usershadow.nix
./xresources.nix ./xresources.nix

View File

@ -0,0 +1,37 @@
{ pkgs, config, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.screenlock;
out = {
options.lass.screenlock = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "news";
command = mkOption {
type = types.str;
default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
};
};
imp = {
systemd.services.screenlock = {
before = [ "sleep.target" ];
wantedBy = [ "sleep.target" ];
environment = {
DISPLAY = ":0";
};
serviceConfig = {
SyslogIdentifier = "screenlock";
ExecStart = cfg.command;
Type = "forking";
User = "lass";
};
};
};
in out

View File

@ -97,7 +97,7 @@ displaySomeException = displayException
myKeyMap :: [([Char], X ())] myKeyMap :: [([Char], X ())]
myKeyMap = myKeyMap =
[ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") [ ("M4-<F11>", spawn "${config.lass.screenlock.command}")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
@ -139,6 +139,8 @@ myKeyMap =
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
] ]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

View File

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "1987983"; ref = "c99239b";
}; };
secrets.file = getAttr builder { secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

View File

@ -92,7 +92,7 @@ rec {
default = null; default = null;
}; };
addrs = mkOption { addrs = mkOption {
type = listOf addr; type = listOf cidr;
default = default =
optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip4 != null) config.ip4.addr ++
optional (config.ip6 != null) config.ip6.addr; optional (config.ip6 != null) config.ip6.addr;
@ -109,7 +109,7 @@ rec {
type = addr4; type = addr4;
}; };
prefix = mkOption ({ prefix = mkOption ({
type = str; # TODO routing prefix (CIDR) type = cidr4;
} // optionalAttrs (config.name == "retiolum") { } // optionalAttrs (config.name == "retiolum") {
default = "10.243.0.0/16"; default = "10.243.0.0/16";
}); });
@ -125,7 +125,7 @@ rec {
apply = lib.normalize-ip6-addr; apply = lib.normalize-ip6-addr;
}; };
prefix = mkOption ({ prefix = mkOption ({
type = str; # TODO routing prefix (CIDR) type = cidr6;
} // optionalAttrs (config.name == "retiolum") { } // optionalAttrs (config.name == "retiolum") {
default = "42::/16"; default = "42::/16";
}); });
@ -364,6 +364,26 @@ rec {
merge = mergeOneOption; merge = mergeOneOption;
}; };
cidr = either cidr4 cidr6;
cidr4 = mkOptionType {
name = "CIDRv4 address";
check = let
CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?";
in
test CIDRv4address;
merge = mergeOneOption;
};
cidr6 = mkOptionType {
name = "CIDRv6 address";
check = let
# TODO check IPv6 address harder
CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?";
in
test CIDRv6address;
merge = mergeOneOption;
};
binary-cache-pubkey = str; binary-cache-pubkey = str;
pgp-pubkey = str; pgp-pubkey = str;

View File

@ -6,6 +6,9 @@
# configure your hw: # configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix> # <stockholm/makefu/2configs/save-diskspace.nix>
]; ];
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
krebs = { krebs = {
enable = true; enable = true;
tinc.retiolum.enable = true; tinc.retiolum.enable = true;

View File

@ -26,6 +26,7 @@ in {
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
# Services # Services
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/torrent.nix>
]; ];
krebs = { krebs = {

View File

@ -1,3 +1,4 @@
import <stockholm/makefu/source.nix> { import <stockholm/makefu/source.nix> {
name="latte"; name = "latte";
torrent = true;
} }

View File

@ -7,6 +7,7 @@
]; ];
binaryCachePublicKeys = [ binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
]; ];
}; };
} }

View File

@ -16,5 +16,6 @@
whatsupnix whatsupnix
brain brain
gen-oath-safe gen-oath-safe
cdrtools
]; ];
} }

View File

@ -15,6 +15,7 @@ _:
./torrent.nix ./torrent.nix
./udpt.nix ./udpt.nix
./umts.nix ./umts.nix
./wvdial.nix
]; ];
} }

View File

@ -0,0 +1,71 @@
# Global configuration for wvdial.
{ config, lib, pkgs, ... }:
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

View File

@ -11,8 +11,7 @@ let
then "buildbot" then "buildbot"
else "makefu"; else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "727a3a3"; # unstable @ 2017-10-07 ref = "809cf38"; # unstable @ 2017-10-07
# + revert wvdial (76f4910)
# + ruby stuff (2f0b17e4be9,55a952be5b5) # + ruby stuff (2f0b17e4be9,55a952be5b5)
# + mitmproxy fix (360a5efd,ef52c95b) # + mitmproxy fix (360a5efd,ef52c95b)

View File

@ -15,6 +15,7 @@ with lib;
<stockholm/nin/2configs/git.nix> <stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix> <stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix> <stockholm/nin/2configs/termite.nix>
<stockholm/nin/2configs/skype.nix>
]; ];
krebs.build.host = config.krebs.hosts.hiawatha; krebs.build.host = config.krebs.hosts.hiawatha;
@ -98,10 +99,6 @@ with lib;
allowUnfree = true; allowUnfree = true;
firefox = {
enableGoogleTalkPlugin = true;
enableAdobeFlash = true;
};
}; };
#services.logind.extraConfig = "HandleLidSwitch=ignore"; #services.logind.extraConfig = "HandleLidSwitch=ignore";

View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
../2configs/vim.nix ../2configs/vim.nix
<stockholm/krebs/2configs/binary-cache/prism.nix>
{ {
users.extraUsers = users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; }) mapAttrs (_: h: { hashedPassword = h; })
@ -45,12 +46,6 @@ with import <stockholm/lib>;
SSL_CERT_FILE = ca-bundle; SSL_CERT_FILE = ca-bundle;
}; };
}) })
{
nix = {
binaryCaches = ["http://cache.prism.r"];
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
};
}
]; ];
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;
@ -96,6 +91,7 @@ with import <stockholm/lib>;
gnumake gnumake
jq jq
proot proot
pavucontrol
populate populate
p7zip p7zip
termite termite
@ -158,6 +154,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }

27
nin/2configs/skype.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.users.extraUsers.nin;
inherit (import <stockholm/lib>) genid;
in {
users.extraUsers = {
skype = {
name = "skype";
uid = genid "skype";
description = "user for running skype";
home = "/home/skype";
useDefaultShell = true;
extraGroups = [ "audio" "video" ];
createHome = true;
};
};
krebs.per-user.skype.packages = [
pkgs.skype
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(skype) NOPASSWD: ALL
'';
}

View File

@ -14,6 +14,6 @@ in
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "799435b"; ref = "c99239b";
}; };
} }