Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
d81b068113
@ -1,4 +1,4 @@
|
|||||||
arg@{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs) writeText;
|
inherit (pkgs) writeText;
|
||||||
|
@ -91,6 +91,7 @@ with config.krebs.lib;
|
|||||||
"prism.retiolum"
|
"prism.retiolum"
|
||||||
"prism.r"
|
"prism.r"
|
||||||
"cgit.prism.retiolum"
|
"cgit.prism.retiolum"
|
||||||
|
"cache.prism.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -107,36 +108,17 @@ with config.krebs.lib;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
||||||
};
|
};
|
||||||
fastpoke = {
|
domsen-nas = {
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "193.22.164.36";
|
|
||||||
aliases = [
|
aliases = [
|
||||||
"fastpoke.internet"
|
"domsen-nas.internet"
|
||||||
];
|
];
|
||||||
};
|
ip4.addr = "87.138.180.167";
|
||||||
retiolum = {
|
ssh.port = 2223;
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.253.152";
|
|
||||||
ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
|
|
||||||
aliases = [
|
|
||||||
"fastpoke.retiolum"
|
|
||||||
"fastpoke.r"
|
|
||||||
"cgit.fastpoke.retiolum"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
|
|
||||||
DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
|
|
||||||
FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
|
|
||||||
ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
|
|
||||||
EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
|
|
||||||
rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
|
ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
|
||||||
};
|
};
|
||||||
cloudkrebs = {
|
cloudkrebs = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -314,5 +296,13 @@ with config.krebs.lib;
|
|||||||
fritz = {
|
fritz = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||||
};
|
};
|
||||||
|
prism-repo-sync = {
|
||||||
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
|
||||||
|
mail = "lass@prism.r";
|
||||||
|
};
|
||||||
|
mors-repo-sync = {
|
||||||
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
|
||||||
|
mail = "lass@mors.r";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -48,6 +48,12 @@ with config.krebs.lib;
|
|||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
siem = {
|
||||||
|
ip4.addr = "10.8.10.2";
|
||||||
|
aliases = [
|
||||||
|
"darth.siem"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
tsp = {
|
tsp = {
|
||||||
@ -98,6 +104,12 @@ with config.krebs.lib;
|
|||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
siem = {
|
||||||
|
ip4.addr = "10.8.10.4";
|
||||||
|
aliases = [
|
||||||
|
"arch.siem"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
|
||||||
@ -184,6 +196,8 @@ with config.krebs.lib;
|
|||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "104.233.87.86";
|
ip4.addr = "104.233.87.86";
|
||||||
aliases = [
|
aliases = [
|
||||||
|
"wry.i"
|
||||||
|
"paste.i"
|
||||||
"wry.internet"
|
"wry.internet"
|
||||||
"paste.internet"
|
"paste.internet"
|
||||||
];
|
];
|
||||||
@ -194,10 +208,10 @@ with config.krebs.lib;
|
|||||||
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
||||||
aliases = [
|
aliases = [
|
||||||
"graphs.wry.retiolum"
|
"graphs.wry.retiolum"
|
||||||
"graphs.retiolum"
|
"graphs.r" "graphs.retiolum"
|
||||||
"paste.wry.retiolum"
|
"paste.wry.retiolum"
|
||||||
"paste.retiolum"
|
"paste.r" "paste.retiolum"
|
||||||
"wry.retiolum"
|
"wry.r" "wry.retiolum"
|
||||||
"wiki.makefu.retiolum"
|
"wiki.makefu.retiolum"
|
||||||
"wiki.wry.retiolum"
|
"wiki.wry.retiolum"
|
||||||
"blog.makefu.retiolum"
|
"blog.makefu.retiolum"
|
||||||
@ -232,15 +246,16 @@ with config.krebs.lib;
|
|||||||
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
|
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
|
||||||
aliases = [
|
aliases = [
|
||||||
"filepimp.retiolum"
|
"filepimp.retiolum"
|
||||||
|
"filepimp.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
|
||||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
|
||||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
|
||||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
|
||||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
|
||||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
|
||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||||
};
|
};
|
||||||
|
shoney = rec {
|
||||||
|
cores = 1;
|
||||||
|
nets = {
|
||||||
|
siem = {
|
||||||
|
ip4.addr = "10.8.10.1";
|
||||||
|
aliases = [
|
||||||
|
"sjump.siem"
|
||||||
|
"graphs.siem"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
internet = {
|
||||||
|
ip4.addr = "64.137.234.215";
|
||||||
|
aliases = [
|
||||||
|
"shoney.i"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.205.131";
|
||||||
|
ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
|
||||||
|
aliases = [
|
||||||
|
"shoney.retiolum"
|
||||||
|
"shoney.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
|
||||||
|
ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
|
||||||
|
okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
|
||||||
|
M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
|
||||||
|
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
|
||||||
|
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# non-stockholm
|
# non-stockholm
|
||||||
|
|
||||||
@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
lariat = rec {
|
||||||
|
cores = 2;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.64.7";
|
||||||
|
aliases = [
|
||||||
|
"lariat.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
|
||||||
|
eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
|
||||||
|
269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
|
||||||
|
unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
|
||||||
|
d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
|
||||||
|
yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
soundflower = rec {
|
soundflower = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
@ -568,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
} // { # hosts only maintained in stockholm, not owned by me
|
||||||
muhbaasu = rec {
|
muhbaasu = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
@ -596,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
} // { # hosts only maintained in stockholm, not owned by me
|
|
||||||
tpsw = {
|
tpsw = {
|
||||||
cores = 2;
|
cores = 2;
|
||||||
owner = config.krebs.users.ciko; # main laptop
|
owner = config.krebs.users.ciko; # main laptop
|
||||||
|
@ -11,14 +11,14 @@ let
|
|||||||
|
|
||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "repo-sync";
|
enable = mkEnableOption "repo-sync";
|
||||||
config = mkOption {
|
repos = mkOption {
|
||||||
type = with types;attrsOf (attrsOf (attrsOf str));
|
type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
|
||||||
example = literalExample ''
|
example = literalExample ''
|
||||||
# see `repo-sync --help`
|
# see `repo-sync --help`
|
||||||
# `ref` provides sane defaults and can be omitted
|
# `ref` provides sane defaults and can be omitted
|
||||||
|
|
||||||
# attrset will be converted to json and be used as config
|
# attrset will be converted to json and be used as config
|
||||||
{
|
{ repo = {
|
||||||
makefu = {
|
makefu = {
|
||||||
origin = {
|
origin = {
|
||||||
url = http://github.com/makefu/repo ;
|
url = http://github.com/makefu/repo ;
|
||||||
@ -44,6 +44,7 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
timerConfig = mkOption {
|
timerConfig = mkOption {
|
||||||
@ -56,53 +57,75 @@ let
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
default = "/var/lib/repo-sync";
|
default = "/var/lib/repo-sync";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.user;
|
||||||
|
default = {
|
||||||
|
name = "repo-sync";
|
||||||
|
home = cfg.stateDir;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
privateKeyFile = mkOption {
|
privateKeyFile = mkOption {
|
||||||
type = types.str;
|
type = types.secret-file;
|
||||||
description = ''
|
default = {
|
||||||
used by repo-sync to identify with ssh service
|
path = "${cfg.stateDir}/ssh.priv";
|
||||||
|
owner = cfg.user;
|
||||||
|
source-path = toString <secrets> + "/repo-sync.ssh.key";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
unitConfig = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
|
||||||
|
example = literalExample ''
|
||||||
|
# do not start when running on umts
|
||||||
|
{ ConditionPathExists = "!/var/run/ppp0.pid"; }
|
||||||
'';
|
'';
|
||||||
default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
|
default = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
repo-sync-config = pkgs.writeText "repo-sync-config.json"
|
|
||||||
(builtins.toJSON cfg.config);
|
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
users.users.repo-sync = {
|
krebs.secret.files.repo-sync-key = cfg.privateKeyFile;
|
||||||
name = "repo-sync";
|
users.users.${cfg.user.name} = {
|
||||||
uid = genid "repo-sync";
|
inherit (cfg.user) home name uid;
|
||||||
description = "repo-sync user";
|
|
||||||
home = cfg.stateDir;
|
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
description = "repo-sync user";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers.repo-sync = {
|
systemd.timers = mapAttrs' (name: repo:
|
||||||
|
nameValuePair "repo-sync-${name}" {
|
||||||
description = "repo-sync timer";
|
description = "repo-sync timer";
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
|
|
||||||
timerConfig = cfg.timerConfig;
|
timerConfig = cfg.timerConfig;
|
||||||
};
|
}
|
||||||
systemd.services.repo-sync = {
|
) cfg.repos;
|
||||||
description = "repo-sync";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
|
|
||||||
path = with pkgs; [ ];
|
systemd.services = mapAttrs' (name: repo:
|
||||||
|
let
|
||||||
|
repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
|
||||||
|
(builtins.toJSON repo);
|
||||||
|
in nameValuePair "repo-sync-${name}" {
|
||||||
|
description = "repo-sync";
|
||||||
|
after = [ "network.target" "secret.service" ];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
|
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
|
||||||
|
REPONAME = "${name}.git";
|
||||||
};
|
};
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
|
|
||||||
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
|
||||||
chown repo-sync ${cfg.stateDir}/ssh.priv
|
|
||||||
'';
|
|
||||||
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
||||||
WorkingDirectory = cfg.stateDir;
|
WorkingDirectory = cfg.stateDir;
|
||||||
User = "repo-sync";
|
User = "repo-sync";
|
||||||
};
|
};
|
||||||
};
|
unitConfig = cfg.unitConfig;
|
||||||
|
}
|
||||||
|
) cfg.repos;
|
||||||
};
|
};
|
||||||
in out
|
in out
|
||||||
|
@ -20,6 +20,18 @@ let
|
|||||||
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
|
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hostsPath = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Path to Hosts directory";
|
||||||
|
default = "${config.krebs.retiolum.hostsPackage}";
|
||||||
|
};
|
||||||
|
|
||||||
|
network = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Tinc Network to use";
|
||||||
|
default = "retiolum";
|
||||||
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
|
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
|
||||||
|
|
||||||
@ -85,7 +97,8 @@ let
|
|||||||
EXTERNAL_FOLDER = external_dir;
|
EXTERNAL_FOLDER = external_dir;
|
||||||
INTERNAL_FOLDER = internal_dir;
|
INTERNAL_FOLDER = internal_dir;
|
||||||
GEODB = cfg.geodbPath;
|
GEODB = cfg.geodbPath;
|
||||||
TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
|
TINC_HOSTPATH = cfg.hostsPath;
|
||||||
|
TINC_NETWORK = cfg.network;
|
||||||
};
|
};
|
||||||
|
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
@ -103,7 +116,7 @@ let
|
|||||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
|
||||||
|
|
||||||
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
||||||
# TODO: this may break if workingDir is set to something stupid
|
# TODO: this may break if workingDir is set to something stupid
|
||||||
@ -121,8 +134,9 @@ let
|
|||||||
uid = genid "tinc_graphs";
|
uid = genid "tinc_graphs";
|
||||||
home = "/var/spool/tinc_graphs";
|
home = "/var/spool/tinc_graphs";
|
||||||
};
|
};
|
||||||
|
krebs.nginx = mkIf cfg.nginx.enable {
|
||||||
krebs.nginx.servers = mkIf cfg.nginx.enable {
|
enable = mkDefault true;
|
||||||
|
servers = {
|
||||||
tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
|
tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
|
||||||
locations = [
|
locations = [
|
||||||
(nameValuePair "/" ''
|
(nameValuePair "/" ''
|
||||||
@ -141,6 +155,7 @@ let
|
|||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
@ -3,6 +3,9 @@
|
|||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "Reaktor-${version}";
|
name = "Reaktor-${version}";
|
||||||
version = "0.5.1";
|
version = "0.5.1";
|
||||||
|
|
||||||
|
doCheck = false;
|
||||||
|
|
||||||
propagatedBuildInputs = with pkgs;[
|
propagatedBuildInputs = with pkgs;[
|
||||||
python3Packages.docopt
|
python3Packages.docopt
|
||||||
python3Packages.requests2
|
python3Packages.requests2
|
||||||
|
@ -38,13 +38,13 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
||||||
|
|
||||||
#buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
|
buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
|
||||||
# inherit (pkgs.pythonPackages) twisted jinja2;
|
inherit (pkgs.pythonPackages) twisted jinja2;
|
||||||
# dateutil = pkgs.pythonPackages.dateutil_1_5;
|
dateutil = pkgs.pythonPackages.dateutil_1_5;
|
||||||
# sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
|
sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
|
||||||
# doCheck = false;
|
doCheck = false;
|
||||||
# });
|
});
|
||||||
#};
|
};
|
||||||
|
|
||||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||||
symlinkJoin = { name, paths, ... }@args: let
|
symlinkJoin = { name, paths, ... }@args: let
|
||||||
|
@ -8,13 +8,14 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
# TODO irc-announce should return a derivation
|
# TODO irc-announce should return a derivation
|
||||||
irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: ''
|
irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
export PATH=${makeBinPath (with pkgs; [
|
export PATH=${makeBinPath (with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
git
|
git
|
||||||
|
gnugrep
|
||||||
gnused
|
gnused
|
||||||
])}
|
])}
|
||||||
|
|
||||||
@ -54,6 +55,12 @@ let
|
|||||||
|
|
||||||
h=$(echo $ref | sed 's:^refs/heads/::')
|
h=$(echo $ref | sed 's:^refs/heads/::')
|
||||||
|
|
||||||
|
${optionalString (branches != []) ''
|
||||||
|
if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then
|
||||||
|
echo "we are not serving this branch: $h"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
''}
|
||||||
# empty_tree=$(git hash-object -t tree /dev/null)
|
# empty_tree=$(git hash-object -t tree /dev/null)
|
||||||
empty_tree=4b825dc6
|
empty_tree=4b825dc6
|
||||||
|
|
||||||
|
@ -13,7 +13,6 @@ in {
|
|||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/realwallpaper.nix
|
../2configs/realwallpaper.nix
|
||||||
../2configs/realwallpaper-server.nix
|
|
||||||
../2configs/privoxy-retiolum.nix
|
../2configs/privoxy-retiolum.nix
|
||||||
{
|
{
|
||||||
networking.interfaces.enp2s1.ip4 = [
|
networking.interfaces.enp2s1.ip4 = [
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
../.
|
../.
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../2configs/default.nix
|
../2configs/default.nix
|
||||||
../2configs/exim-retiolum.nix
|
#../2configs/exim-retiolum.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
{
|
{
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
@ -63,6 +63,35 @@
|
|||||||
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
#TODO: abstract & move to own file
|
||||||
|
krebs.exim-smarthost = {
|
||||||
|
enable = true;
|
||||||
|
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
|
||||||
|
config.krebs.hosts.mors
|
||||||
|
config.krebs.hosts.uriel
|
||||||
|
config.krebs.hosts.helios
|
||||||
|
];
|
||||||
|
system-aliases = [
|
||||||
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
{ from = "postmaster"; to = "root"; }
|
||||||
|
{ from = "nobody"; to = "root"; }
|
||||||
|
{ from = "hostmaster"; to = "root"; }
|
||||||
|
{ from = "usenet"; to = "root"; }
|
||||||
|
{ from = "news"; to = "root"; }
|
||||||
|
{ from = "webmaster"; to = "root"; }
|
||||||
|
{ from = "www"; to = "root"; }
|
||||||
|
{ from = "ftp"; to = "root"; }
|
||||||
|
{ from = "abuse"; to = "root"; }
|
||||||
|
{ from = "noc"; to = "root"; }
|
||||||
|
{ from = "security"; to = "root"; }
|
||||||
|
{ from = "root"; to = "lass"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.dishfire;
|
krebs.build.host = config.krebs.hosts.dishfire;
|
||||||
|
@ -11,7 +11,7 @@ in {
|
|||||||
../2configs/default.nix
|
../2configs/default.nix
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/realwallpaper-server.nix
|
../2configs/realwallpaper.nix
|
||||||
../2configs/privoxy-retiolum.nix
|
../2configs/privoxy-retiolum.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
#../2configs/redis.nix
|
#../2configs/redis.nix
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
|
../2configs/hw/tp-x220.nix
|
||||||
../2configs/baseX.nix
|
../2configs/baseX.nix
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/programs.nix
|
../2configs/programs.nix
|
||||||
@ -14,22 +15,18 @@
|
|||||||
../2configs/elster.nix
|
../2configs/elster.nix
|
||||||
../2configs/steam.nix
|
../2configs/steam.nix
|
||||||
../2configs/wine.nix
|
../2configs/wine.nix
|
||||||
#../2configs/texlive.nix
|
|
||||||
../2configs/binary-caches.nix
|
|
||||||
#../2configs/ircd.nix
|
|
||||||
../2configs/chromium-patched.nix
|
../2configs/chromium-patched.nix
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
#../2configs/wordpress.nix
|
|
||||||
../2configs/bitlbee.nix
|
../2configs/bitlbee.nix
|
||||||
#../2configs/firefoxPatched.nix
|
|
||||||
../2configs/skype.nix
|
../2configs/skype.nix
|
||||||
../2configs/teamviewer.nix
|
../2configs/teamviewer.nix
|
||||||
../2configs/libvirt.nix
|
../2configs/libvirt.nix
|
||||||
../2configs/fetchWallpaper.nix
|
../2configs/fetchWallpaper.nix
|
||||||
../2configs/cbase.nix
|
../2configs/c-base.nix
|
||||||
../2configs/mail.nix
|
../2configs/mail.nix
|
||||||
../2configs/krebs-pass.nix
|
../2configs/krebs-pass.nix
|
||||||
#../2configs/buildbot-standalone.nix
|
../2configs/umts.nix
|
||||||
|
../2configs/repo-sync.nix
|
||||||
{
|
{
|
||||||
#risk of rain port
|
#risk of rain port
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
@ -57,17 +54,10 @@
|
|||||||
# package = pkgs.postgresql;
|
# package = pkgs.postgresql;
|
||||||
# };
|
# };
|
||||||
#}
|
#}
|
||||||
{
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.mors;
|
krebs.build.host = config.krebs.hosts.mors;
|
||||||
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.enable = true;
|
loader.grub.enable = true;
|
||||||
loader.grub.version = 2;
|
loader.grub.version = 2;
|
||||||
@ -77,7 +67,6 @@
|
|||||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
#kernelModules = [ "kvm-intel" "msr" ];
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
kernelModules = [ "msr" ];
|
|
||||||
};
|
};
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/" = {
|
"/" = {
|
||||||
@ -131,8 +120,8 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
#TODO activationScripts seem broken, fix them!
|
#TODO activationScripts seem broken, fix them!
|
||||||
@ -146,7 +135,7 @@
|
|||||||
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
|
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
|
||||||
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
|
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
|
||||||
#Autosuspend for USB device Biometric Coprocessor
|
#Autosuspend for USB device Biometric Coprocessor
|
||||||
echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
|
#echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
|
||||||
|
|
||||||
#Runtime PMs
|
#Runtime PMs
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
|
||||||
@ -168,22 +157,6 @@
|
|||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
|
||||||
'';
|
'';
|
||||||
|
|
||||||
hardware.trackpoint = {
|
|
||||||
enable = true;
|
|
||||||
sensitivity = 220;
|
|
||||||
speed = 0;
|
|
||||||
emulateWheel = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.xserver = {
|
|
||||||
videoDriver = "intel";
|
|
||||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
|
||||||
deviceSection = ''
|
|
||||||
Option "AccelMethod" "sna"
|
|
||||||
BusID "PCI:0:2:0"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
acronym
|
acronym
|
||||||
cac-api
|
cac-api
|
||||||
@ -214,15 +187,11 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
krebs.repo-sync.timerConfig = {
|
||||||
|
OnCalendar = "00:37";
|
||||||
|
};
|
||||||
|
|
||||||
services.mongodb = {
|
services.mongodb = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
tables = {
|
|
||||||
filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -19,6 +19,8 @@ in {
|
|||||||
../2configs/privoxy-retiolum.nix
|
../2configs/privoxy-retiolum.nix
|
||||||
../2configs/radio.nix
|
../2configs/radio.nix
|
||||||
../2configs/buildbot-standalone.nix
|
../2configs/buildbot-standalone.nix
|
||||||
|
../2configs/repo-sync.nix
|
||||||
|
../2configs/binary-cache/server.nix
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
@ -66,8 +68,6 @@ in {
|
|||||||
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
#boot.loader.gummiboot.enable = true;
|
|
||||||
#boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
devices = [
|
devices = [
|
||||||
"/dev/sda"
|
"/dev/sda"
|
||||||
@ -110,10 +110,6 @@ in {
|
|||||||
{
|
{
|
||||||
sound.enable = false;
|
sound.enable = false;
|
||||||
}
|
}
|
||||||
#{
|
|
||||||
# #workaround for server dying after 6-7h
|
|
||||||
# boot.kernelPackages = pkgs.linuxPackages_4_2;
|
|
||||||
#}
|
|
||||||
{
|
{
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
}
|
}
|
||||||
@ -202,7 +198,7 @@ in {
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../2configs/realwallpaper-server.nix
|
../2configs/realwallpaper.nix
|
||||||
];
|
];
|
||||||
krebs.nginx.servers."lassul.us".locations = [
|
krebs.nginx.servers."lassul.us".locations = [
|
||||||
(lib.nameValuePair "/wallpaper.png" ''
|
(lib.nameValuePair "/wallpaper.png" ''
|
||||||
|
@ -4,7 +4,9 @@ with builtins;
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
|
../2configs/hw/tp-x220.nix
|
||||||
../2configs/baseX.nix
|
../2configs/baseX.nix
|
||||||
|
../2configs/git.nix
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/browsers.nix
|
../2configs/browsers.nix
|
||||||
../2configs/programs.nix
|
../2configs/programs.nix
|
||||||
@ -19,34 +21,10 @@ with builtins;
|
|||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
#}
|
#}
|
||||||
{
|
|
||||||
#x220 config from mors
|
|
||||||
#TODO: make x220 config file (or look in other user dir)
|
|
||||||
hardware.trackpoint = {
|
|
||||||
enable = true;
|
|
||||||
sensitivity = 220;
|
|
||||||
speed = 0;
|
|
||||||
emulateWheel = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.xserver = {
|
|
||||||
videoDriver = "intel";
|
|
||||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
|
||||||
deviceSection = ''
|
|
||||||
Option "AccelMethod" "sna"
|
|
||||||
BusID "PCI:0:2:0"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.shodan;
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.enable = true;
|
loader.grub.enable = true;
|
||||||
loader.grub.version = 2;
|
loader.grub.version = 2;
|
||||||
@ -56,7 +34,6 @@ with builtins;
|
|||||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
#kernelModules = [ "kvm-intel" "msr" ];
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
kernelModules = [ "msr" ];
|
|
||||||
};
|
};
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/" = {
|
"/" = {
|
||||||
@ -67,10 +44,15 @@ with builtins;
|
|||||||
"/boot" = {
|
"/boot" = {
|
||||||
device = "/dev/sda1";
|
device = "/dev/sda1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"/home/lass" = {
|
||||||
|
device = "/dev/pool/home-lass";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
||||||
#'';
|
'';
|
||||||
}
|
}
|
||||||
|
@ -8,7 +8,13 @@ in {
|
|||||||
#./urxvt.nix
|
#./urxvt.nix
|
||||||
./xserver
|
./xserver
|
||||||
./mpv.nix
|
./mpv.nix
|
||||||
|
#./pulse.nix
|
||||||
|
./power-action.nix
|
||||||
];
|
];
|
||||||
|
hardware.pulseaudio = {
|
||||||
|
enable = true;
|
||||||
|
systemWide = true;
|
||||||
|
};
|
||||||
|
|
||||||
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
||||||
|
|
||||||
@ -16,11 +22,6 @@ in {
|
|||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
|
||||||
hardware.pulseaudio = {
|
|
||||||
enable = true;
|
|
||||||
systemWide = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.ssh.startAgent = false;
|
programs.ssh.startAgent = false;
|
||||||
|
|
||||||
security.setuidPrograms = [ "slock" ];
|
security.setuidPrograms = [ "slock" ];
|
||||||
@ -32,6 +33,7 @@ in {
|
|||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
||||||
|
acpi
|
||||||
dmenu
|
dmenu
|
||||||
gitAndTools.qgit
|
gitAndTools.qgit
|
||||||
lm_sensors
|
lm_sensors
|
||||||
@ -44,6 +46,7 @@ in {
|
|||||||
sxiv
|
sxiv
|
||||||
xclip
|
xclip
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
|
xorg.xhost
|
||||||
xsel
|
xsel
|
||||||
zathura
|
zathura
|
||||||
|
|
||||||
|
9
lass/2configs/binary-cache/client.nix
Normal file
9
lass/2configs/binary-cache/client.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
nix = {
|
||||||
|
binaryCaches = ["http://cache.prism.r"];
|
||||||
|
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
30
lass/2configs/binary-cache/server.nix
Normal file
30
lass/2configs/binary-cache/server.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ config, lib, pkgs, ...}:
|
||||||
|
|
||||||
|
{
|
||||||
|
# generate private key with:
|
||||||
|
# nix-store --generate-binary-cache-key my-secret-key my-public-key
|
||||||
|
services.nix-serve = {
|
||||||
|
enable = true;
|
||||||
|
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.nix-serve = {
|
||||||
|
requires = ["secret.service"];
|
||||||
|
after = ["secret.service"];
|
||||||
|
};
|
||||||
|
krebs.secret.files.nix-serve-key = {
|
||||||
|
path = "/run/secret/nix-serve.key";
|
||||||
|
owner.name = "nix-serve";
|
||||||
|
source-path = toString <secrets> + "/nix-serve.key";
|
||||||
|
};
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = true;
|
||||||
|
servers.nix-serve = {
|
||||||
|
server-names = [ "cache.prism.r" ];
|
||||||
|
locations = lib.singleton (lib.nameValuePair "/" ''
|
||||||
|
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
{ config, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
nix.sshServe.enable = true;
|
|
||||||
nix.sshServe.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
|
|
||||||
];
|
|
||||||
nix.binaryCaches = [
|
|
||||||
#"scp://nix-ssh@mors"
|
|
||||||
#"scp://nix-ssh@uriel"
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,6 +1,14 @@
|
|||||||
{ lib, config, pkgs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
{
|
|
||||||
krebs.buildbot.master = let
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
sshWrapper = pkgs.writeDash "ssh-wrapper" ''
|
||||||
|
${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
config.krebs.buildbot.master = let
|
||||||
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
||||||
in {
|
in {
|
||||||
slaves = {
|
slaves = {
|
||||||
@ -25,20 +33,38 @@
|
|||||||
sched.append(schedulers.SingleBranchScheduler(
|
sched.append(schedulers.SingleBranchScheduler(
|
||||||
## all branches
|
## all branches
|
||||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||||
# treeStableTimer=10,
|
treeStableTimer=10,
|
||||||
name="fast-all-branches",
|
name="fast-all-branches",
|
||||||
builderNames=["fast-tests"]))
|
builderNames=["fast-tests"]))
|
||||||
'';
|
'';
|
||||||
|
build-scheduler = ''
|
||||||
|
# build all hosts
|
||||||
|
sched.append(schedulers.SingleBranchScheduler(
|
||||||
|
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||||
|
treeStableTimer=10,
|
||||||
|
name="prism-all-branches",
|
||||||
|
builderNames=["build-all"]))
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
builder_pre = ''
|
builder_pre = ''
|
||||||
# prepare grab_repo step for stockholm
|
# prepare grab_repo step for stockholm
|
||||||
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
||||||
|
|
||||||
env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
|
# TODO: get nixpkgs/stockholm paths from krebs
|
||||||
|
env_lass = {
|
||||||
|
"LOGNAME": "lass",
|
||||||
|
"NIX_REMOTE": "daemon",
|
||||||
|
"dummy_secrets": "true",
|
||||||
|
}
|
||||||
|
env_makefu = {
|
||||||
|
"LOGNAME": "makefu",
|
||||||
|
"NIX_REMOTE": "daemon",
|
||||||
|
"dummy_secrets": "true",
|
||||||
|
}
|
||||||
|
|
||||||
# prepare nix-shell
|
# prepare nix-shell
|
||||||
# the dependencies which are used by the test script
|
# the dependencies which are used by the test script
|
||||||
deps = [ "gnumake", "jq","nix","rsync" ]
|
deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
|
||||||
# TODO: --pure , prepare ENV in nix-shell command:
|
# TODO: --pure , prepare ENV in nix-shell command:
|
||||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||||
nixshell = ["nix-shell",
|
nixshell = ["nix-shell",
|
||||||
@ -51,16 +77,45 @@
|
|||||||
factory.addStep(steps.ShellCommand(**kwargs))
|
factory.addStep(steps.ShellCommand(**kwargs))
|
||||||
'';
|
'';
|
||||||
builder = {
|
builder = {
|
||||||
|
build-all = ''
|
||||||
|
f = util.BuildFactory()
|
||||||
|
f.addStep(grab_repo)
|
||||||
|
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||||
|
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||||
|
command=nixshell + \
|
||||||
|
["make \
|
||||||
|
test \
|
||||||
|
ssh=${sshWrapper} \
|
||||||
|
target=build@localhost:${config.users.users.build.home}/testbuild \
|
||||||
|
method=build \
|
||||||
|
system={}".format(i)])
|
||||||
|
|
||||||
|
for i in [ "pornocauster", "wry" ]:
|
||||||
|
addShell(f,name="build-{}".format(i),env=env_makefu,
|
||||||
|
command=nixshell + \
|
||||||
|
["make \
|
||||||
|
test \
|
||||||
|
ssh=${sshWrapper} \
|
||||||
|
target=build@localhost:${config.users.users.build.home}/testbuild \
|
||||||
|
method=build \
|
||||||
|
system={}".format(i)])
|
||||||
|
|
||||||
|
bu.append(util.BuilderConfig(name="build-all",
|
||||||
|
slavenames=slavenames,
|
||||||
|
factory=f))
|
||||||
|
|
||||||
|
'';
|
||||||
|
|
||||||
fast-tests = ''
|
fast-tests = ''
|
||||||
f = util.BuildFactory()
|
f = util.BuildFactory()
|
||||||
f.addStep(grab_repo)
|
f.addStep(grab_repo)
|
||||||
for i in [ "prism", "mors", "echelon" ]:
|
for i in [ "prism", "mors", "echelon" ]:
|
||||||
addShell(f,name="populate-{}".format(i),env=env,
|
addShell(f,name="populate-{}".format(i),env=env_lass,
|
||||||
command=nixshell + \
|
command=nixshell + \
|
||||||
["{}( make system={} eval.config.krebs.build.populate \
|
["{}( make system={} eval.config.krebs.build.populate \
|
||||||
| jq -er .)".format("!" if "failing" in i else "",i)])
|
| jq -er .)".format("!" if "failing" in i else "",i)])
|
||||||
|
|
||||||
addShell(f,name="build-test-minimal",env=env,
|
addShell(f,name="build-test-minimal",env=env_lass,
|
||||||
command=nixshell + \
|
command=nixshell + \
|
||||||
["nix-instantiate \
|
["nix-instantiate \
|
||||||
--show-trace --eval --strict --json \
|
--show-trace --eval --strict --json \
|
||||||
@ -86,17 +141,17 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.buildbot.slave = {
|
config.krebs.buildbot.slave = {
|
||||||
enable = true;
|
enable = true;
|
||||||
masterhost = "localhost";
|
masterhost = "localhost";
|
||||||
username = "testslave";
|
username = "testslave";
|
||||||
password = "lasspass";
|
password = "lasspass";
|
||||||
packages = with pkgs;[ git nix gnumake jq rsync ];
|
packages = with pkgs;[ git nix gnumake jq rsync ];
|
||||||
extraEnviron = {
|
extraEnviron = {
|
||||||
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
|
NIX_PATH="nixpkgs=/var/src/nixpkgs";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
krebs.iptables = {
|
config.krebs.iptables = {
|
||||||
tables = {
|
tables = {
|
||||||
filter.INPUT.rules = [
|
filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
|
||||||
@ -104,4 +159,29 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#ssh workaround for make test
|
||||||
|
options.lass.build-ssh-privkey = mkOption {
|
||||||
|
type = types.secret-file;
|
||||||
|
default = {
|
||||||
|
path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
|
||||||
|
owner = { inherit (config.users.users.buildbotSlave ) name uid;};
|
||||||
|
source-path = toString <secrets> + "/build.ssh.key";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config.krebs.secret.files = {
|
||||||
|
build-ssh-privkey = config.lass.build-ssh-privkey;
|
||||||
|
};
|
||||||
|
config.users.users = {
|
||||||
|
build = {
|
||||||
|
name = "build";
|
||||||
|
uid = genid "build";
|
||||||
|
home = "/home/build";
|
||||||
|
useDefaultShell = true;
|
||||||
|
createHome = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,9 @@ with config.krebs.lib;
|
|||||||
../2configs/zsh.nix
|
../2configs/zsh.nix
|
||||||
../2configs/mc.nix
|
../2configs/mc.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
|
../2configs/nixpkgs.nix
|
||||||
|
../2configs/binary-cache/client.nix
|
||||||
|
../2configs/gc.nix
|
||||||
./backups.nix
|
./backups.nix
|
||||||
{
|
{
|
||||||
users.extraUsers =
|
users.extraUsers =
|
||||||
@ -52,21 +55,18 @@ with config.krebs.lib;
|
|||||||
user = config.krebs.users.lass;
|
user = config.krebs.users.lass;
|
||||||
source = mapAttrs (_: mkDefault) ({
|
source = mapAttrs (_: mkDefault) ({
|
||||||
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
|
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
|
||||||
secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
|
secrets = if getEnv "dummy_secrets" == "true"
|
||||||
|
then toString <stockholm/lass/2configs/tests/dummy-secrets>
|
||||||
|
else "/home/lass/secrets/${config.krebs.build.host.name}";
|
||||||
#secrets-common = "/home/lass/secrets/common";
|
#secrets-common = "/home/lass/secrets/common";
|
||||||
stockholm = "/home/lass/stockholm";
|
stockholm = getEnv "PWD";
|
||||||
nixpkgs = {
|
|
||||||
url = https://github.com/lassulus/nixpkgs;
|
|
||||||
rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894";
|
|
||||||
dev = "/home/lass/src/nixpkgs";
|
|
||||||
};
|
|
||||||
} // optionalAttrs config.krebs.build.host.secure {
|
} // optionalAttrs config.krebs.build.host.secure {
|
||||||
#secrets-master = "/home/lass/secrets/master";
|
#secrets-master = "/home/lass/secrets/master";
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.useChroot = true;
|
nix.useSandbox = true;
|
||||||
|
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
|
||||||
@ -114,8 +114,13 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
#neat utils
|
#neat utils
|
||||||
krebspaste
|
krebspaste
|
||||||
|
pciutils
|
||||||
psmisc
|
psmisc
|
||||||
|
q
|
||||||
|
rs
|
||||||
|
tmux
|
||||||
untilport
|
untilport
|
||||||
|
usbutils
|
||||||
|
|
||||||
#unpack stuff
|
#unpack stuff
|
||||||
p7zip
|
p7zip
|
||||||
|
@ -21,6 +21,7 @@ in {
|
|||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-uriel.pubkey
|
config.krebs.users.lass-uriel.pubkey
|
||||||
|
config.krebs.users.lass-shodan.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -28,6 +28,8 @@ with config.krebs.lib;
|
|||||||
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
|
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
|
||||||
{ from = "finanzamt@lassul.us"; to = lass.mail; }
|
{ from = "finanzamt@lassul.us"; to = lass.mail; }
|
||||||
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
|
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
|
||||||
|
{ from = "netzclub@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "nebenan@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
@ -5,7 +5,8 @@ let
|
|||||||
in {
|
in {
|
||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
url = "cloudkrebs/wallpaper.png";
|
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||||
|
url = "prism/wallpaper.png";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
8
lass/2configs/gc.nix
Normal file
8
lass/2configs/gc.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
{
|
||||||
|
nix.gc = {
|
||||||
|
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ];
|
||||||
|
};
|
||||||
|
}
|
@ -29,18 +29,10 @@ let
|
|||||||
rules = concatMap make-rules (attrValues repos);
|
rules = concatMap make-rules (attrValues repos);
|
||||||
|
|
||||||
public-repos = mapAttrs make-public-repo {
|
public-repos = mapAttrs make-public-repo {
|
||||||
painload = {};
|
|
||||||
stockholm = {
|
stockholm = {
|
||||||
cgit.desc = "take all the computers hostage, they'll love you!";
|
cgit.desc = "take all the computers hostage, they'll love you!";
|
||||||
};
|
};
|
||||||
wai-middleware-time = {};
|
|
||||||
web-routes-wai-custom = {};
|
|
||||||
go = {};
|
|
||||||
newsbot-js = {};
|
|
||||||
kimsufi-check = {};
|
kimsufi-check = {};
|
||||||
realwallpaper = {};
|
|
||||||
xmonad-stockholm = {};
|
|
||||||
the_playlist = {};
|
|
||||||
} // mapAttrs make-public-repo-silent {
|
} // mapAttrs make-public-repo-silent {
|
||||||
the_playlist = {};
|
the_playlist = {};
|
||||||
};
|
};
|
||||||
@ -50,8 +42,6 @@ let
|
|||||||
brain = {
|
brain = {
|
||||||
collaborators = with config.krebs.users; [ tv makefu ];
|
collaborators = with config.krebs.users; [ tv makefu ];
|
||||||
};
|
};
|
||||||
extraction_webinterface = {};
|
|
||||||
politics-fetching = {};
|
|
||||||
} //
|
} //
|
||||||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||||
);
|
);
|
||||||
@ -66,6 +56,7 @@ let
|
|||||||
channel = "#retiolum";
|
channel = "#retiolum";
|
||||||
server = "cd.retiolum";
|
server = "cd.retiolum";
|
||||||
verbose = config.krebs.build.host.name == "prism";
|
verbose = config.krebs.build.host.name == "prism";
|
||||||
|
branches = [ "master" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -84,7 +75,7 @@ let
|
|||||||
with git // config.krebs.users;
|
with git // config.krebs.users;
|
||||||
repo:
|
repo:
|
||||||
singleton {
|
singleton {
|
||||||
user = [ lass lass-helios lass-uriel ];
|
user = [ lass lass-uriel ];
|
||||||
repo = [ repo ];
|
repo = [ repo ];
|
||||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||||
} ++
|
} ++
|
||||||
|
54
lass/2configs/hw/tp-x220.nix
Normal file
54
lass/2configs/hw/tp-x220.nix
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
{
|
||||||
|
networking.wireless.enable = lib.mkDefault true;
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
zramSwap.enable = true;
|
||||||
|
zramSwap.numDevices = 2;
|
||||||
|
|
||||||
|
hardware.trackpoint = {
|
||||||
|
enable = true;
|
||||||
|
sensitivity = 220;
|
||||||
|
speed = 0;
|
||||||
|
emulateWheel = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.tlp.enable = true;
|
||||||
|
services.tlp.extraConfig = ''
|
||||||
|
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
||||||
|
#START_CHARGE_THRESH_BAT0=80
|
||||||
|
STOP_CHARGE_THRESH_BAT0=95
|
||||||
|
|
||||||
|
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||||
|
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||||
|
CPU_MIN_PERF_ON_AC=0
|
||||||
|
CPU_MAX_PERF_ON_AC=100
|
||||||
|
CPU_MIN_PERF_ON_BAT=0
|
||||||
|
CPU_MAX_PERF_ON_BAT=30
|
||||||
|
'';
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
|
||||||
|
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.opengl.extraPackages = [
|
||||||
|
pkgs.vaapiIntel
|
||||||
|
pkgs.vaapiVdpau
|
||||||
|
];
|
||||||
|
|
||||||
|
services.xserver = {
|
||||||
|
videoDriver = "intel";
|
||||||
|
deviceSection = ''
|
||||||
|
Option "AccelMethod" "sna"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
security.rngd.enable = true;
|
||||||
|
}
|
@ -10,8 +10,9 @@ let
|
|||||||
account default: prism
|
account default: prism
|
||||||
'';
|
'';
|
||||||
|
|
||||||
msmtp = pkgs.writeDashBin "msmtp" ''
|
msmtp = pkgs.writeBashBin "msmtp" ''
|
||||||
exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
|
${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
|
||||||
|
${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
muttrc = pkgs.writeText "muttrc" ''
|
muttrc = pkgs.writeText "muttrc" ''
|
||||||
@ -42,7 +43,7 @@ let
|
|||||||
set nm_record = yes
|
set nm_record = yes
|
||||||
set nm_record_tags = "-inbox me archive"
|
set nm_record_tags = "-inbox me archive"
|
||||||
set virtual_spoolfile=yes # enable virtual folders
|
set virtual_spoolfile=yes # enable virtual folders
|
||||||
set sendmail="msmtp" # enables parsing of outgoing mail
|
set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
|
||||||
set use_from=yes
|
set use_from=yes
|
||||||
set envelope_from=yes
|
set envelope_from=yes
|
||||||
|
|
||||||
|
@ -41,7 +41,6 @@ let
|
|||||||
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
|
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
|
||||||
csm|http://rss.csmonitor.com/feeds/csm|#news
|
csm|http://rss.csmonitor.com/feeds/csm|#news
|
||||||
csm_world|http://rss.csmonitor.com/feeds/world|#news
|
csm_world|http://rss.csmonitor.com/feeds/world|#news
|
||||||
cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news
|
|
||||||
danisch|http://www.danisch.de/blog/feed/|#news
|
danisch|http://www.danisch.de/blog/feed/|#news
|
||||||
dod|http://www.defense.gov/news/afps2.xml|#news
|
dod|http://www.defense.gov/news/afps2.xml|#news
|
||||||
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
|
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
|
||||||
@ -102,7 +101,7 @@ let
|
|||||||
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
|
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
|
||||||
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
|
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
|
||||||
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
|
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
|
||||||
nsa|http://www.nsa.gov/rss.shtml|#news #bullerei
|
nsa|https://www.nsa.gov/rss.xml|#news #bullerei
|
||||||
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
|
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
|
||||||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
||||||
phys|http://phys.org/rss-feed/|#news
|
phys|http://phys.org/rss-feed/|#news
|
||||||
|
8
lass/2configs/nixpkgs.nix
Normal file
8
lass/2configs/nixpkgs.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.build.source.nixpkgs = {
|
||||||
|
url = https://github.com/lassulus/nixpkgs;
|
||||||
|
rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290";
|
||||||
|
};
|
||||||
|
}
|
41
lass/2configs/power-action.nix
Normal file
41
lass/2configs/power-action.nix
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
suspend = pkgs.writeDash "suspend" ''
|
||||||
|
${pkgs.systemd}/bin/systemctl suspend
|
||||||
|
'';
|
||||||
|
|
||||||
|
speak = text:
|
||||||
|
pkgs.writeDash "speak" ''
|
||||||
|
${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
lass.power-action = {
|
||||||
|
enable = true;
|
||||||
|
plans.low-battery = {
|
||||||
|
upperLimit = 30;
|
||||||
|
lowerLimit = 25;
|
||||||
|
charging = false;
|
||||||
|
action = pkgs.writeDash "warn-low-battery" ''
|
||||||
|
${speak "power level low"}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
plans.suspend = {
|
||||||
|
upperLimit = 10;
|
||||||
|
lowerLimit = 0;
|
||||||
|
charging = false;
|
||||||
|
action = pkgs.writeDash "suspend-wrapper" ''
|
||||||
|
/var/setuid-wrappers/sudo ${suspend}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.power-action.extraGroups = [
|
||||||
|
"audio"
|
||||||
|
];
|
||||||
|
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend}
|
||||||
|
'';
|
||||||
|
}
|
96
lass/2configs/pulse.nix
Normal file
96
lass/2configs/pulse.nix
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
let
|
||||||
|
pkg = pkgs.pulseaudioLight;
|
||||||
|
runDir = "/run/pulse";
|
||||||
|
|
||||||
|
alsaConf = pkgs.writeText "asound.conf" ''
|
||||||
|
ctl_type.pulse {
|
||||||
|
libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so;
|
||||||
|
}
|
||||||
|
pcm_type.pulse {
|
||||||
|
libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so;
|
||||||
|
}
|
||||||
|
ctl.!default {
|
||||||
|
type pulse
|
||||||
|
}
|
||||||
|
pcm.!default {
|
||||||
|
type pulse
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
clientConf = pkgs.writeText "client.conf" ''
|
||||||
|
autospawn=no
|
||||||
|
default-server = unix:${runDir}/socket
|
||||||
|
'';
|
||||||
|
|
||||||
|
daemonConf = pkgs.writeText "daemon.conf" ''
|
||||||
|
exit-idle-time=0
|
||||||
|
flat-volumes = no
|
||||||
|
default-fragments = 4
|
||||||
|
default-fragment-size-msec = 25
|
||||||
|
'';
|
||||||
|
|
||||||
|
configFile = pkgs.writeText "default.pa" ''
|
||||||
|
.include ${pkg}/etc/pulse/default.pa
|
||||||
|
load-module ${toString [
|
||||||
|
"module-native-protocol-unix"
|
||||||
|
"auth-anonymous=1"
|
||||||
|
"socket=${runDir}/socket"
|
||||||
|
]}
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
environment = {
|
||||||
|
etc = {
|
||||||
|
"asound.conf".source = alsaConf;
|
||||||
|
# XXX mkForce is not strong enough (and neither is mkOverride) to create
|
||||||
|
# /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
|
||||||
|
#"pulse/client.conf" = mkForce { source = clientConf; };
|
||||||
|
#"pulse/client.conf".source = mkForce clientConf;
|
||||||
|
"pulse/default.pa".source = configFile;
|
||||||
|
"pulse/daemon.pa".source = daemonConf;
|
||||||
|
};
|
||||||
|
systemPackages = [
|
||||||
|
pkg
|
||||||
|
] ++ optionals config.services.xserver.enable [
|
||||||
|
pkgs.pavucontrol
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow PulseAudio to get realtime priority using rtkit.
|
||||||
|
security.rtkit.enable = true;
|
||||||
|
|
||||||
|
system.activationScripts.pulseaudio-hack = ''
|
||||||
|
ln -fns ${clientConf} /etc/pulse/client.conf
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services.pulse = {
|
||||||
|
wantedBy = [ "sound.target" ];
|
||||||
|
before = [ "sound.target" ];
|
||||||
|
environment = {
|
||||||
|
PULSE_RUNTIME_PATH = "${runDir}/home";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkg}/bin/pulseaudio";
|
||||||
|
ExecStartPre = pkgs.writeDash "pulse-start" ''
|
||||||
|
install -o pulse -g audio -m 0750 -d ${runDir}
|
||||||
|
install -o pulse -g audio -m 0700 -d ${runDir}/home
|
||||||
|
'';
|
||||||
|
PermissionsStartOnly = "true";
|
||||||
|
User = "pulse";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
groups.pulse.gid = config.users.users.pulse.uid;
|
||||||
|
users.pulse = {
|
||||||
|
uid = genid "pulse";
|
||||||
|
group = "pulse";
|
||||||
|
extraGroups = [ "audio" ];
|
||||||
|
home = "${runDir}/home";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -11,7 +11,7 @@ let
|
|||||||
source-password = import <secrets/icecast-source-pw>;
|
source-password = import <secrets/icecast-source-pw>;
|
||||||
|
|
||||||
add_random = pkgs.writeDashBin "add_random" ''
|
add_random = pkgs.writeDashBin "add_random" ''
|
||||||
mpc add "$(mpc ls | shuf -n1)"
|
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
skip_track = pkgs.writeDashBin "skip_track" ''
|
skip_track = pkgs.writeDashBin "skip_track" ''
|
||||||
@ -52,13 +52,8 @@ in {
|
|||||||
print_current
|
print_current
|
||||||
ncmpcpp
|
ncmpcpp
|
||||||
mpc_cli
|
mpc_cli
|
||||||
tmux
|
|
||||||
];
|
];
|
||||||
|
|
||||||
security.sudo.extraConfig = ''
|
|
||||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.mpd = {
|
services.mpd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "radio";
|
group = "radio";
|
||||||
@ -67,7 +62,7 @@ in {
|
|||||||
audio_output {
|
audio_output {
|
||||||
type "shout"
|
type "shout"
|
||||||
encoding "ogg"
|
encoding "ogg"
|
||||||
name "my cool stream"
|
name "the_playlist"
|
||||||
host "localhost"
|
host "localhost"
|
||||||
port "8000"
|
port "8000"
|
||||||
mount "/radio.ogg"
|
mount "/radio.ogg"
|
||||||
@ -84,7 +79,7 @@ in {
|
|||||||
# Optional Parameters
|
# Optional Parameters
|
||||||
user "source"
|
user "source"
|
||||||
# description "here is my long description"
|
# description "here is my long description"
|
||||||
# genre "jazz"
|
genre "good music"
|
||||||
} # end of audio_output
|
} # end of audio_output
|
||||||
|
|
||||||
'';
|
'';
|
||||||
@ -114,7 +109,7 @@ in {
|
|||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
|
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "*:*";
|
OnCalendar = "*:0/1";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -123,8 +118,8 @@ in {
|
|||||||
LIMIT=$1 #in secconds
|
LIMIT=$1 #in secconds
|
||||||
|
|
||||||
timeLeft () {
|
timeLeft () {
|
||||||
playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
|
playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
|
||||||
currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
|
currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
|
||||||
expr ''${playlistDuration:-0} - ''${currentTime:-0}
|
expr ''${playlistDuration:-0} - ''${currentTime:-0}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -136,16 +131,10 @@ in {
|
|||||||
description = "radio playlist autoadder";
|
description = "radio playlist autoadder";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
||||||
path = with pkgs; [
|
|
||||||
gawk
|
|
||||||
mpc_cli
|
|
||||||
];
|
|
||||||
|
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Restart = "always";
|
ExecStart = "${autoAdd} 150";
|
||||||
ExecStart = "${autoAdd} 100";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,32 +0,0 @@
|
|||||||
{ config, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
hostname = config.krebs.build.host.name;
|
|
||||||
inherit (lib)
|
|
||||||
nameValuePair
|
|
||||||
;
|
|
||||||
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
./realwallpaper.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.nginx.servers.wallpaper = {
|
|
||||||
server-names = [
|
|
||||||
hostname
|
|
||||||
];
|
|
||||||
locations = [
|
|
||||||
(nameValuePair "/wallpaper.png" ''
|
|
||||||
root /tmp/;
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
tables = {
|
|
||||||
filter.INPUT.rules = [
|
|
||||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,5 +1,30 @@
|
|||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
hostname = config.krebs.build.host.name;
|
||||||
|
inherit (lib)
|
||||||
|
nameValuePair
|
||||||
|
;
|
||||||
|
|
||||||
|
in {
|
||||||
krebs.realwallpaper.enable = true;
|
krebs.realwallpaper.enable = true;
|
||||||
|
|
||||||
|
krebs.nginx.servers.wallpaper = {
|
||||||
|
server-names = [
|
||||||
|
hostname
|
||||||
|
];
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/wallpaper.png" ''
|
||||||
|
root /tmp/;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.iptables = {
|
||||||
|
tables = {
|
||||||
|
filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
106
lass/2configs/repo-sync.nix
Normal file
106
lass/2configs/repo-sync.nix
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
mirror = "git@${config.networking.hostName}:";
|
||||||
|
|
||||||
|
defineRepo = name: announce: let
|
||||||
|
repo = {
|
||||||
|
public = true;
|
||||||
|
name = mkDefault "${name}";
|
||||||
|
cgit.desc = mkDefault "mirror for ${name}";
|
||||||
|
hooks = mkIf announce (mkDefault {
|
||||||
|
post-receive = pkgs.git-hooks.irc-announce {
|
||||||
|
nick = config.networking.hostName;
|
||||||
|
verbose = false;
|
||||||
|
channel = "#retiolum";
|
||||||
|
server = "cd.retiolum";
|
||||||
|
branches = [ "newest" ];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
rules = with git; singleton {
|
||||||
|
user = with config.krebs.users; [
|
||||||
|
config.krebs.users."${config.networking.hostName}-repo-sync"
|
||||||
|
lass
|
||||||
|
lass-shodan
|
||||||
|
];
|
||||||
|
repo = [ repo ];
|
||||||
|
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
|
||||||
|
};
|
||||||
|
repos."${name}" = repo;
|
||||||
|
};
|
||||||
|
|
||||||
|
sync-retiolum = name:
|
||||||
|
{
|
||||||
|
krebs.repo-sync.repos.${name} = {
|
||||||
|
makefu = {
|
||||||
|
origin.url = "http://cgit.gum/${name}";
|
||||||
|
mirror.url = "${mirror}${name}";
|
||||||
|
};
|
||||||
|
tv = {
|
||||||
|
origin.url = "http://cgit.cd/${name}";
|
||||||
|
mirror.url = "${mirror}${name}";
|
||||||
|
};
|
||||||
|
lassulus = {
|
||||||
|
origin.url = "http://cgit.prism/${name}";
|
||||||
|
mirror.url = "${mirror}${name}";
|
||||||
|
};
|
||||||
|
"@latest" = {
|
||||||
|
mirror.url = "${mirror}${name}";
|
||||||
|
mirror.ref = "heads/newest";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.git = defineRepo name (config.networking.hostName == "prism");
|
||||||
|
};
|
||||||
|
|
||||||
|
sync-remote = name: url:
|
||||||
|
{
|
||||||
|
krebs.repo-sync.repos.${name} = {
|
||||||
|
remote = {
|
||||||
|
origin.url = url;
|
||||||
|
mirror.url = "${mirror}${name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.git = defineRepo name (config.networking.hostName == "prism");
|
||||||
|
};
|
||||||
|
|
||||||
|
sync-remote-silent = name: url:
|
||||||
|
{
|
||||||
|
krebs.repo-sync.repos.${name} = {
|
||||||
|
remote = {
|
||||||
|
origin.url = url;
|
||||||
|
mirror.url = "${mirror}${name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.git = defineRepo name false;
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
krebs.repo-sync = {
|
||||||
|
enable = true;
|
||||||
|
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||||
|
};
|
||||||
|
imports = [
|
||||||
|
(sync-remote "array" "https://github.com/makefu/array")
|
||||||
|
(sync-remote "email-header" "https://github.com/4z3/email-header")
|
||||||
|
(sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask")
|
||||||
|
(sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot")
|
||||||
|
(sync-remote "repo-sync" "https://github.com/makefu/repo-sync")
|
||||||
|
(sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
|
||||||
|
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
|
||||||
|
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
|
||||||
|
(sync-retiolum "go")
|
||||||
|
(sync-retiolum "much")
|
||||||
|
(sync-retiolum "newsbot-js")
|
||||||
|
(sync-retiolum "painload")
|
||||||
|
(sync-retiolum "realwallpaper")
|
||||||
|
(sync-retiolum "stockholm")
|
||||||
|
(sync-retiolum "wai-middleware-time")
|
||||||
|
(sync-retiolum "web-routes-wai-custom")
|
||||||
|
(sync-retiolum "xmonad-stockholm")
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
0
lass/2configs/tests/dummy-secrets/cbase.txt
Normal file
0
lass/2configs/tests/dummy-secrets/cbase.txt
Normal file
1
lass/2configs/tests/dummy-secrets/hashedPasswords.nix
Normal file
1
lass/2configs/tests/dummy-secrets/hashedPasswords.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
{}
|
1
lass/2configs/tests/dummy-secrets/icecast-admin-pw
Normal file
1
lass/2configs/tests/dummy-secrets/icecast-admin-pw
Normal file
@ -0,0 +1 @@
|
|||||||
|
"blabla"
|
1
lass/2configs/tests/dummy-secrets/icecast-source-pw
Normal file
1
lass/2configs/tests/dummy-secrets/icecast-source-pw
Normal file
@ -0,0 +1 @@
|
|||||||
|
"blabla"
|
3
lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
Normal file
3
lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
this is a private key
|
||||||
|
-----END RSA PRIVATE KEY-----
|
1
lass/2configs/tests/dummy-secrets/mysql_rootPassword
Normal file
1
lass/2configs/tests/dummy-secrets/mysql_rootPassword
Normal file
@ -0,0 +1 @@
|
|||||||
|
blabla123
|
1
lass/2configs/tests/dummy-secrets/nix-serve.key
Normal file
1
lass/2configs/tests/dummy-secrets/nix-serve.key
Normal file
@ -0,0 +1 @@
|
|||||||
|
key-name:blabla123
|
1
lass/2configs/tests/dummy-secrets/repos.nix
Normal file
1
lass/2configs/tests/dummy-secrets/repos.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
_: {}
|
4
lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
Normal file
4
lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
this is a private key
|
||||||
|
-----END RSA PRIVATE KEY-----
|
3
lass/2configs/tests/dummy-secrets/ssh.id_ed25519
Normal file
3
lass/2configs/tests/dummy-secrets/ssh.id_ed25519
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
private key bla
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
3
lass/2configs/tests/dummy-secrets/ssh.id_rsa
Normal file
3
lass/2configs/tests/dummy-secrets/ssh.id_rsa
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
private key bla
|
||||||
|
-----END RSA PRIVATE KEY-----
|
1
lass/2configs/tests/dummy-secrets/transmission-pw
Normal file
1
lass/2configs/tests/dummy-secrets/transmission-pw
Normal file
@ -0,0 +1 @@
|
|||||||
|
"krebskrebs123"
|
62
lass/2configs/umts.nix
Normal file
62
lass/2configs/umts.nix
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||||
|
owner = "NixOS"; repo = "nixpkgs-channels";
|
||||||
|
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
|
||||||
|
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
|
||||||
|
}) {};
|
||||||
|
|
||||||
|
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
|
||||||
|
|
||||||
|
modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
|
||||||
|
|
||||||
|
# TODO: currently it is only netzclub
|
||||||
|
umts-bin = pkgs.writeScriptBin "umts" ''
|
||||||
|
#!/bin/sh
|
||||||
|
set -euf
|
||||||
|
systemctl stop wpa_supplicant
|
||||||
|
systemctl start umts
|
||||||
|
trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT
|
||||||
|
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
|
||||||
|
journalctl -xfu umts
|
||||||
|
'';
|
||||||
|
|
||||||
|
wvdial-defaults = ''
|
||||||
|
Modem = ${modem-device}
|
||||||
|
Init1 = AT+CFUN=1
|
||||||
|
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
||||||
|
Baud = 460800
|
||||||
|
phone= *99#
|
||||||
|
Username = netzclub
|
||||||
|
Password = netzclub
|
||||||
|
Stupid Mode = 1
|
||||||
|
Idle Seconds = 0
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
out = {
|
||||||
|
environment.shellAliases = {
|
||||||
|
umts = "sudo ${umts-bin}/bin/umts";
|
||||||
|
};
|
||||||
|
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment.wvdial.dialerDefaults = wvdial-defaults;
|
||||||
|
|
||||||
|
systemd.services.umts = {
|
||||||
|
description = "UMTS wvdial Service";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10s";
|
||||||
|
ExecStart = "${wvdial}/bin/wvdial -n";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in out
|
||||||
|
|
@ -1,158 +1,351 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
let
|
let
|
||||||
customPlugins = {
|
out = {
|
||||||
mustang2 = pkgs.vimUtils.buildVimPlugin {
|
|
||||||
name = "Mustang2";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "croaker";
|
|
||||||
repo = "mustang-vim";
|
|
||||||
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
|
|
||||||
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
unimpaired = pkgs.vimUtils.buildVimPlugin {
|
|
||||||
name = "unimpaired-vim";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "tpope";
|
|
||||||
repo = "vim-unimpaired";
|
|
||||||
rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
|
|
||||||
sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
brogrammer = pkgs.vimUtils.buildVimPlugin {
|
|
||||||
name = "brogrammer";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "marciomazza";
|
|
||||||
repo = "vim-brogrammer-theme";
|
|
||||||
rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
|
|
||||||
sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
file-line = pkgs.vimUtils.buildVimPlugin {
|
|
||||||
name = "file-line";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "bogado";
|
|
||||||
repo = "file-line";
|
|
||||||
rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
|
|
||||||
sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
in {
|
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
(pkgs.vim_configurable.customize {
|
vim
|
||||||
name = "vim";
|
];
|
||||||
|
|
||||||
vimrcConfig.customRC = ''
|
environment.etc.vimrc.source = vimrc;
|
||||||
set nocompatible
|
|
||||||
set t_Co=16
|
environment.variables.EDITOR = mkForce "vim";
|
||||||
syntax on
|
environment.variables.VIMINIT = ":so /etc/vimrc";
|
||||||
" TODO autoload colorscheme file
|
};
|
||||||
|
|
||||||
|
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||||
|
pkgs.vimPlugins.Gundo
|
||||||
|
pkgs.vimPlugins.Syntastic
|
||||||
|
pkgs.vimPlugins.undotree
|
||||||
|
(pkgs.vimUtils.buildVimPlugin {
|
||||||
|
name = "file-line-1.0";
|
||||||
|
src = pkgs.fetchgit {
|
||||||
|
url = git://github.com/bogado/file-line;
|
||||||
|
rev = "refs/tags/1.0";
|
||||||
|
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||||
|
name = "hack";
|
||||||
|
in {
|
||||||
|
name = "vim-color-${name}-1.0.2";
|
||||||
|
destination = "/colors/${name}.vim";
|
||||||
|
text = /* vim */ ''
|
||||||
set background=dark
|
set background=dark
|
||||||
colorscheme brogrammer
|
hi clear
|
||||||
filetype off
|
if exists("syntax_on")
|
||||||
filetype plugin indent on
|
syntax clear
|
||||||
|
endif
|
||||||
|
|
||||||
imap <F1> <nop>
|
let colors_name = ${toJSON name}
|
||||||
|
|
||||||
set mouse=a
|
hi Normal ctermbg=235
|
||||||
set ruler
|
hi Comment ctermfg=242
|
||||||
set showmatch
|
hi Constant ctermfg=062
|
||||||
set backspace=2
|
hi Identifier ctermfg=068
|
||||||
set visualbell
|
hi Function ctermfg=041
|
||||||
set encoding=utf8
|
hi Statement ctermfg=167
|
||||||
set showcmd
|
hi PreProc ctermfg=167
|
||||||
set wildmenu
|
hi Type ctermfg=041
|
||||||
|
hi Delimiter ctermfg=251
|
||||||
|
hi Special ctermfg=062
|
||||||
|
|
||||||
set title
|
hi Garbage ctermbg=088
|
||||||
set titleold=
|
hi TabStop ctermbg=016
|
||||||
set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
|
hi Todo ctermfg=174 ctermbg=NONE
|
||||||
|
|
||||||
|
hi NixCode ctermfg=148
|
||||||
|
hi NixData ctermfg=149
|
||||||
|
hi NixQuote ctermfg=150
|
||||||
|
|
||||||
|
hi diffNewFile ctermfg=207
|
||||||
|
hi diffFile ctermfg=207
|
||||||
|
hi diffLine ctermfg=207
|
||||||
|
hi diffSubname ctermfg=207
|
||||||
|
hi diffAdded ctermfg=010
|
||||||
|
hi diffRemoved ctermfg=009
|
||||||
|
'';
|
||||||
|
})))
|
||||||
|
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||||
|
name = "vim";
|
||||||
|
in {
|
||||||
|
name = "vim-syntax-${name}-1.0.0";
|
||||||
|
destination = "/syntax/${name}.vim";
|
||||||
|
text = /* vim */ ''
|
||||||
|
${concatMapStringsSep "\n" (s: /* vim */ ''
|
||||||
|
syn keyword vimColor${s} ${s}
|
||||||
|
\ containedin=ALLBUT,vimComment,vimLineComment
|
||||||
|
hi vimColor${s} ctermfg=${s}
|
||||||
|
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
|
||||||
|
'';
|
||||||
|
})))
|
||||||
|
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||||
|
name = "showsyntax";
|
||||||
|
in {
|
||||||
|
name = "vim-plugin-${name}-1.0.0";
|
||||||
|
destination = "/plugin/${name}.vim";
|
||||||
|
text = /* vim */ ''
|
||||||
|
if exists('g:loaded_showsyntax')
|
||||||
|
finish
|
||||||
|
endif
|
||||||
|
let g:loaded_showsyntax = 0
|
||||||
|
|
||||||
|
fu! ShowSyntax()
|
||||||
|
let id = synID(line("."), col("."), 1)
|
||||||
|
let name = synIDattr(id, "name")
|
||||||
|
let transName = synIDattr(synIDtrans(id),"name")
|
||||||
|
if name != transName
|
||||||
|
let name .= " (" . transName . ")"
|
||||||
|
endif
|
||||||
|
echo "Syntax: " . name
|
||||||
|
endfu
|
||||||
|
|
||||||
|
command! -n=0 -bar ShowSyntax :call ShowSyntax()
|
||||||
|
'';
|
||||||
|
})))
|
||||||
|
];
|
||||||
|
|
||||||
|
dirs = {
|
||||||
|
backupdir = "$HOME/.cache/vim/backup";
|
||||||
|
swapdir = "$HOME/.cache/vim/swap";
|
||||||
|
undodir = "$HOME/.cache/vim/undo";
|
||||||
|
};
|
||||||
|
files = {
|
||||||
|
viminfo = "$HOME/.cache/vim/info";
|
||||||
|
};
|
||||||
|
|
||||||
|
mkdirs = let
|
||||||
|
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
|
||||||
|
in assert out != ""; out;
|
||||||
|
alldirs = attrValues dirs ++ map dirOf (attrValues files);
|
||||||
|
in unique (sort lessThan alldirs);
|
||||||
|
|
||||||
|
vim = pkgs.writeDashBin "vim" ''
|
||||||
|
set -efu
|
||||||
|
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
|
||||||
|
exec ${pkgs.neovim}/bin/nvim "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
|
vimrc = pkgs.writeText "vimrc" ''
|
||||||
|
set nocompatible
|
||||||
|
|
||||||
set autoindent
|
set autoindent
|
||||||
|
set backspace=indent,eol,start
|
||||||
set ttyfast
|
set backup
|
||||||
|
set backupdir=${dirs.backupdir}/
|
||||||
|
set directory=${dirs.swapdir}//
|
||||||
|
set hlsearch
|
||||||
|
set incsearch
|
||||||
|
set mouse=a
|
||||||
|
set noruler
|
||||||
set pastetoggle=<INS>
|
set pastetoggle=<INS>
|
||||||
|
set runtimepath=${extra-runtimepath},$VIMRUNTIME
|
||||||
|
set shortmess+=I
|
||||||
|
set showcmd
|
||||||
|
set showmatch
|
||||||
|
set ttimeoutlen=0
|
||||||
|
set undodir=${dirs.undodir}
|
||||||
|
set undofile
|
||||||
|
set undolevels=1000000
|
||||||
|
set undoreload=1000000
|
||||||
|
set viminfo='20,<1000,s100,h,n${files.viminfo}
|
||||||
|
set visualbell
|
||||||
|
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
|
||||||
|
set wildmenu
|
||||||
|
set wildmode=longest,full
|
||||||
|
|
||||||
|
set et ts=2 sts=2 sw=2
|
||||||
|
|
||||||
" Force Saving Files that Require Root Permission
|
filetype plugin indent on
|
||||||
command! W silent w !sudo tee "%" >/dev/null
|
|
||||||
|
|
||||||
nnoremap <C-c> :q<Return>
|
set t_Co=256
|
||||||
|
colorscheme hack
|
||||||
|
syntax on
|
||||||
|
|
||||||
|
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
||||||
|
\ | syn match TabStop containedin=ALL /\t\+/
|
||||||
|
\ | syn keyword Todo containedin=ALL TODO
|
||||||
|
|
||||||
|
au BufRead,BufNewFile *.hs so ${hs.vim}
|
||||||
|
|
||||||
|
au BufRead,BufNewFile *.nix so ${nix.vim}
|
||||||
|
|
||||||
|
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
|
||||||
|
|
||||||
|
"Syntastic config
|
||||||
|
let g:syntastic_python_checkers=['flake8']
|
||||||
|
|
||||||
|
nmap <esc>q :buffer
|
||||||
|
nmap <M-q> :buffer
|
||||||
|
|
||||||
|
cnoremap <C-A> <Home>
|
||||||
|
|
||||||
|
noremap <C-c> :q<cr>
|
||||||
vnoremap < <gv
|
vnoremap < <gv
|
||||||
vnoremap > >gv
|
vnoremap > >gv
|
||||||
|
|
||||||
nmap <esc>q :buffer
|
nnoremap <esc>[5^ :tabp<cr>
|
||||||
|
nnoremap <esc>[6^ :tabn<cr>
|
||||||
|
nnoremap <esc>[5@ :tabm -1<cr>
|
||||||
|
nnoremap <esc>[6@ :tabm +1<cr>
|
||||||
|
|
||||||
|
nnoremap <f1> :tabp<cr>
|
||||||
|
nnoremap <f2> :tabn<cr>
|
||||||
|
inoremap <f1> <esc>:tabp<cr>
|
||||||
|
inoremap <f2> <esc>:tabn<cr>
|
||||||
|
|
||||||
"Tabwidth
|
" <C-{Up,Down,Right,Left>
|
||||||
set ts=2 sts=2 sw=2 et
|
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
|
||||||
|
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
|
||||||
" create Backup/tmp/undo dirs
|
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
|
||||||
function! InitBackupDir()
|
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
|
||||||
let l:parent = $HOME . '/.vim/'
|
" <[C]S-{Up,Down,Right,Left>
|
||||||
let l:backup = l:parent . 'backups/'
|
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
|
||||||
let l:tmpdir = l:parent . 'tmp/'
|
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
|
||||||
let l:undodi = l:parent . 'undo/'
|
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
|
||||||
|
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
|
||||||
if !isdirectory(l:parent)
|
vnoremap u <nop>
|
||||||
call mkdir(l:parent)
|
|
||||||
endif
|
|
||||||
if !isdirectory(l:backup)
|
|
||||||
call mkdir(l:backup)
|
|
||||||
endif
|
|
||||||
if !isdirectory(l:tmpdir)
|
|
||||||
call mkdir(l:tmpdir)
|
|
||||||
endif
|
|
||||||
if !isdirectory(l:undodi)
|
|
||||||
call mkdir(l:undodi)
|
|
||||||
endif
|
|
||||||
endfunction
|
|
||||||
call InitBackupDir()
|
|
||||||
|
|
||||||
" Backups & Files
|
|
||||||
set backup
|
|
||||||
set backupdir=~/.vim/backups
|
|
||||||
set directory=~/.vim/tmp//
|
|
||||||
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
|
|
||||||
set undodir=$HOME/.vim/undo
|
|
||||||
set undofile
|
|
||||||
|
|
||||||
" highlight whitespaces
|
|
||||||
highlight ExtraWhitespace ctermbg=red guibg=red
|
|
||||||
match ExtraWhitespace /\s\+$/
|
|
||||||
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
|
|
||||||
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
|
|
||||||
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
|
|
||||||
autocmd BufWinLeave * call clearmatches()
|
|
||||||
|
|
||||||
"ft specific stuff
|
|
||||||
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
|
|
||||||
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
|
|
||||||
|
|
||||||
"esc timeout
|
|
||||||
set timeoutlen=1000 ttimeoutlen=0
|
|
||||||
|
|
||||||
"foldfunctions
|
|
||||||
inoremap <F9> <C-O>za
|
|
||||||
nnoremap <F9> za
|
|
||||||
onoremap <F9> <C-C>za
|
|
||||||
vnoremap <F9> zf
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
hs.vim = pkgs.writeText "hs.vim" ''
|
||||||
vimrcConfig.vam.pluginDictionaries = [
|
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
|
||||||
{ names = [
|
|
||||||
"brogrammer"
|
|
||||||
"file-line"
|
|
||||||
"Gundo"
|
|
||||||
]; }
|
|
||||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
})
|
hi link ConId Identifier
|
||||||
|
hi link VarId Identifier
|
||||||
|
hi link hsDelimiter Delimiter
|
||||||
|
'';
|
||||||
|
|
||||||
|
nix.vim = pkgs.writeText "nix.vim" ''
|
||||||
|
setf nix
|
||||||
|
|
||||||
|
" Ref <nix/src/libexpr/lexer.l>
|
||||||
|
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
|
||||||
|
syn match NixINT /\<[0-9]\+\>/
|
||||||
|
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||||
|
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||||
|
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
|
||||||
|
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
|
||||||
|
syn region NixSTRING
|
||||||
|
\ matchgroup=NixSTRING
|
||||||
|
\ start='"'
|
||||||
|
\ skip='\\"'
|
||||||
|
\ end='"'
|
||||||
|
syn region NixIND_STRING
|
||||||
|
\ matchgroup=NixIND_STRING
|
||||||
|
\ start="'''"
|
||||||
|
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||||
|
\ end="'''"
|
||||||
|
|
||||||
|
syn match NixOther /[():/;=.,?\[\]]/
|
||||||
|
|
||||||
|
syn match NixCommentMatch /\(^\|\s\)#.*/
|
||||||
|
syn region NixCommentRegion start="/\*" end="\*/"
|
||||||
|
|
||||||
|
hi link NixCode Statement
|
||||||
|
hi link NixData Constant
|
||||||
|
hi link NixComment Comment
|
||||||
|
|
||||||
|
hi link NixCommentMatch NixComment
|
||||||
|
hi link NixCommentRegion NixComment
|
||||||
|
hi link NixID NixCode
|
||||||
|
hi link NixINT NixData
|
||||||
|
hi link NixPATH NixData
|
||||||
|
hi link NixHPATH NixData
|
||||||
|
hi link NixSPATH NixData
|
||||||
|
hi link NixURI NixData
|
||||||
|
hi link NixSTRING NixData
|
||||||
|
hi link NixIND_STRING NixData
|
||||||
|
|
||||||
|
hi link NixEnter NixCode
|
||||||
|
hi link NixOther NixCode
|
||||||
|
hi link NixQuote NixData
|
||||||
|
|
||||||
|
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
|
||||||
|
syn cluster nix_ind_strings contains=NixIND_STRING
|
||||||
|
syn cluster nix_strings contains=NixSTRING
|
||||||
|
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
|
||||||
|
startAlts = filter isString [
|
||||||
|
''/\* ${lang} \*/''
|
||||||
|
extraStart
|
||||||
];
|
];
|
||||||
}
|
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
|
||||||
|
in /* vim */ ''
|
||||||
|
syn include @nix_${lang}_syntax syntax/${lang}.vim
|
||||||
|
unlet b:current_syntax
|
||||||
|
|
||||||
|
syn match nix_${lang}_sigil
|
||||||
|
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
|
||||||
|
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
|
||||||
|
\ transparent
|
||||||
|
|
||||||
|
syn region nix_${lang}_region_STRING
|
||||||
|
\ matchgroup=NixSTRING
|
||||||
|
\ start='"'
|
||||||
|
\ skip='\\"'
|
||||||
|
\ end='"'
|
||||||
|
\ contained
|
||||||
|
\ contains=@nix_${lang}_syntax
|
||||||
|
\ transparent
|
||||||
|
|
||||||
|
syn region nix_${lang}_region_IND_STRING
|
||||||
|
\ matchgroup=NixIND_STRING
|
||||||
|
\ start="'''"
|
||||||
|
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||||
|
\ end="'''"
|
||||||
|
\ contained
|
||||||
|
\ contains=@nix_${lang}_syntax
|
||||||
|
\ transparent
|
||||||
|
|
||||||
|
syn cluster nix_ind_strings
|
||||||
|
\ add=nix_${lang}_region_IND_STRING
|
||||||
|
|
||||||
|
syn cluster nix_strings
|
||||||
|
\ add=nix_${lang}_region_STRING
|
||||||
|
|
||||||
|
syn cluster nix_has_dollar_curly
|
||||||
|
\ add=@nix_${lang}_syntax
|
||||||
|
'') {
|
||||||
|
c = {};
|
||||||
|
cabal = {};
|
||||||
|
haskell = {};
|
||||||
|
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
|
||||||
|
vim.extraStart =
|
||||||
|
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
|
||||||
|
})}
|
||||||
|
|
||||||
|
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
|
||||||
|
syn clear shVarAssign
|
||||||
|
|
||||||
|
syn region nixINSIDE_DOLLAR_CURLY
|
||||||
|
\ matchgroup=NixEnter
|
||||||
|
\ start="[$]{"
|
||||||
|
\ end="}"
|
||||||
|
\ contains=TOP
|
||||||
|
\ containedin=@nix_has_dollar_curly
|
||||||
|
\ transparent
|
||||||
|
|
||||||
|
syn region nix_inside_curly
|
||||||
|
\ matchgroup=NixEnter
|
||||||
|
\ start="{"
|
||||||
|
\ end="}"
|
||||||
|
\ contains=TOP
|
||||||
|
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
|
||||||
|
\ transparent
|
||||||
|
|
||||||
|
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
|
||||||
|
\ containedin=@nix_ind_strings
|
||||||
|
\ contained
|
||||||
|
|
||||||
|
syn match NixQuote /\\./he=s+1
|
||||||
|
\ containedin=@nix_strings
|
||||||
|
\ contained
|
||||||
|
|
||||||
|
syn sync fromstart
|
||||||
|
|
||||||
|
let b:current_syntax = "nix"
|
||||||
|
|
||||||
|
set isk=@,48-57,_,192-255,-,'
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
out
|
||||||
|
@ -11,9 +11,9 @@ let
|
|||||||
serveWordpress;
|
serveWordpress;
|
||||||
|
|
||||||
msmtprc = pkgs.writeText "msmtprc" ''
|
msmtprc = pkgs.writeText "msmtprc" ''
|
||||||
account prism
|
account localhost
|
||||||
host localhost
|
host localhost
|
||||||
account default: prism
|
account default: localhost
|
||||||
'';
|
'';
|
||||||
|
|
||||||
sendmail = pkgs.writeDash "msmtp" ''
|
sendmail = pkgs.writeDash "msmtp" ''
|
||||||
@ -23,23 +23,55 @@ let
|
|||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./sqlBackup.nix
|
./sqlBackup.nix
|
||||||
(ssl [ "reich-gebaeudereinigung.de" ])
|
(ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||||
(servePage [ "reich-gebaeudereinigung.de" ])
|
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||||
|
|
||||||
(ssl [ "karlaskop.de" ])
|
(ssl [ "karlaskop.de" "www.karlaskop.de" ])
|
||||||
(servePage [ "karlaskop.de" ])
|
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
|
||||||
|
|
||||||
(ssl [ "makeup.apanowicz.de" ])
|
(ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
|
||||||
(servePage [ "makeup.apanowicz.de" ])
|
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
|
||||||
|
|
||||||
(ssl [ "pixelpocket.de" ])
|
(ssl [ "pixelpocket.de" "www.pixelpocket.de" ])
|
||||||
(servePage [ "pixelpocket.de" ])
|
(servePage [ "pixelpocket.de" "www.pixelpocket.de" ])
|
||||||
|
|
||||||
(ssl [ "o.ubikmedia.de" ])
|
(ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
|
||||||
(serveOwncloud [ "o.ubikmedia.de" ])
|
(serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
|
||||||
|
|
||||||
(ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
|
(ssl [
|
||||||
(serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
|
"ubikmedia.de"
|
||||||
|
"aldona.ubikmedia.de"
|
||||||
|
"apanowicz.de"
|
||||||
|
"nirwanabluete.de"
|
||||||
|
"aldonasiech.com"
|
||||||
|
"360gradvideo.tv"
|
||||||
|
"ubikmedia.eu"
|
||||||
|
"facts.cloud"
|
||||||
|
"www.ubikmedia.de"
|
||||||
|
"www.aldona.ubikmedia.de"
|
||||||
|
"www.apanowicz.de"
|
||||||
|
"www.nirwanabluete.de"
|
||||||
|
"www.aldonasiech.com"
|
||||||
|
"www.360gradvideo.tv"
|
||||||
|
"www.ubikmedia.eu"
|
||||||
|
"www.facts.cloud"
|
||||||
|
])
|
||||||
|
(serveWordpress [
|
||||||
|
"ubikmedia.de"
|
||||||
|
"apanowicz.de"
|
||||||
|
"nirwanabluete.de"
|
||||||
|
"aldonasiech.com"
|
||||||
|
"360gradvideo.tv"
|
||||||
|
"ubikmedia.eu"
|
||||||
|
"facts.cloud"
|
||||||
|
"*.ubikmedia.de"
|
||||||
|
"www.apanowicz.de"
|
||||||
|
"www.nirwanabluete.de"
|
||||||
|
"www.aldonasiech.com"
|
||||||
|
"www.360gradvideo.tv"
|
||||||
|
"www.ubikmedia.eu"
|
||||||
|
"www.facts.cloud"
|
||||||
|
])
|
||||||
];
|
];
|
||||||
|
|
||||||
lass.mysqlBackup.config.all.databases = [
|
lass.mysqlBackup.config.all.databases = [
|
||||||
@ -47,6 +79,27 @@ in {
|
|||||||
"o_ubikmedia_de"
|
"o_ubikmedia_de"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
krebs.backup.plans = {
|
||||||
|
prism-sql-domsen = {
|
||||||
|
method = "push";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||||
|
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; };
|
||||||
|
startAt = "00:01";
|
||||||
|
};
|
||||||
|
prism-http-domsen = {
|
||||||
|
method = "push";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||||
|
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; };
|
||||||
|
startAt = "00:10";
|
||||||
|
};
|
||||||
|
prism-o-ubikmedia-domsen = {
|
||||||
|
method = "push";
|
||||||
|
src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; };
|
||||||
|
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; };
|
||||||
|
startAt = "00:30";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
users.users.domsen = {
|
users.users.domsen = {
|
||||||
uid = genid "domsen";
|
uid = genid "domsen";
|
||||||
description = "maintenance acc for domsen";
|
description = "maintenance acc for domsen";
|
||||||
@ -56,18 +109,18 @@ in {
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
#services.phpfpm.phpOptions = ''
|
services.phpfpm.phpOptions = ''
|
||||||
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
|
||||||
# sendmail_path = ${sendmail} -t
|
|
||||||
#'';
|
|
||||||
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
|
|
||||||
options = ''
|
|
||||||
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||||
sendmail_path = ${sendmail} -t -i"
|
sendmail_path = ${sendmail} -t
|
||||||
'';
|
|
||||||
} ''
|
|
||||||
cat ${pkgs.php}/etc/php-recommended.ini > $out
|
|
||||||
echo "$options" >> $out
|
|
||||||
'';
|
'';
|
||||||
|
#services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
|
||||||
|
# options = ''
|
||||||
|
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||||
|
# sendmail_path = "${sendmail} -t -i"
|
||||||
|
# '';
|
||||||
|
#} ''
|
||||||
|
# cat ${pkgs.php}/etc/php-recommended.ini > $out
|
||||||
|
# echo "$options" >> $out
|
||||||
|
#'';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
let
|
let
|
||||||
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
|
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
|
||||||
genid
|
genid
|
||||||
head
|
head
|
||||||
nameValuePair
|
|
||||||
;
|
;
|
||||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||||
ssl
|
ssl
|
||||||
@ -12,6 +12,16 @@ let
|
|||||||
serveWordpress
|
serveWordpress
|
||||||
;
|
;
|
||||||
|
|
||||||
|
msmtprc = pkgs.writeText "msmtprc" ''
|
||||||
|
account localhost
|
||||||
|
host localhost
|
||||||
|
account default: localhost
|
||||||
|
'';
|
||||||
|
|
||||||
|
sendmail = pkgs.writeDash "msmtp" ''
|
||||||
|
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./sqlBackup.nix
|
./sqlBackup.nix
|
||||||
@ -48,7 +58,34 @@ in {
|
|||||||
"ttf_kleinaspach_de"
|
"ttf_kleinaspach_de"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
#password protect some dirs
|
||||||
|
krebs.nginx.servers."biostase.de".locations = [
|
||||||
|
(nameValuePair "/old_biostase.de" ''
|
||||||
|
auth_basic "Administrator Login";
|
||||||
|
auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd;
|
||||||
|
'')
|
||||||
|
(nameValuePair "/mysqldumper" ''
|
||||||
|
auth_basic "Administrator Login";
|
||||||
|
auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.fritz.pubkey
|
config.krebs.users.fritz.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.phpfpm.phpOptions = ''
|
||||||
|
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||||
|
sendmail_path = ${sendmail} -t
|
||||||
|
'';
|
||||||
|
|
||||||
|
#services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
|
||||||
|
# options = ''
|
||||||
|
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||||
|
# sendmail_path = "${sendmail} -t -i"
|
||||||
|
# '';
|
||||||
|
#} ''
|
||||||
|
# cat ${pkgs.php}/etc/php-recommended.ini > $out
|
||||||
|
# echo "$options" >> $out
|
||||||
|
#'';
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,6 @@ let
|
|||||||
in {
|
in {
|
||||||
krebs.per-user.chat.packages = with pkgs; [
|
krebs.per-user.chat.packages = with pkgs; [
|
||||||
mosh
|
mosh
|
||||||
tmux
|
|
||||||
weechat
|
weechat
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -1,59 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
containers.wordpress = {
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "192.168.101.1";
|
|
||||||
localAddress = "192.168.101.2";
|
|
||||||
|
|
||||||
config = {
|
|
||||||
imports = [
|
|
||||||
../../krebs/3modules/iptables.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
enable = true;
|
|
||||||
tables = {
|
|
||||||
filter.INPUT.policy = "DROP";
|
|
||||||
filter.FORWARD.policy = "DROP";
|
|
||||||
filter.INPUT.rules = [
|
|
||||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
|
||||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
|
||||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
|
||||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
|
||||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
iptables
|
|
||||||
];
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.postgresql;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.httpd = {
|
|
||||||
enable = true;
|
|
||||||
adminAddr = "root@apanowicz.de";
|
|
||||||
extraModules = [
|
|
||||||
{ name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
|
|
||||||
];
|
|
||||||
virtualHosts = [
|
|
||||||
{
|
|
||||||
hostName = "wordpress";
|
|
||||||
serverAliases = [ "wordpress" "www.wordpress" ];
|
|
||||||
|
|
||||||
extraSubservices = [
|
|
||||||
{
|
|
||||||
serviceName = "wordpress";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -19,9 +19,48 @@ pkgs.writeText "Xresources" ''
|
|||||||
|
|
||||||
URxvt.intensityStyles: false
|
URxvt.intensityStyles: false
|
||||||
|
|
||||||
URxvt*background: #000000
|
URxvt*background: #050505
|
||||||
URxvt*foreground: #ffffff
|
! URxvt*background: #041204
|
||||||
|
|
||||||
|
!URxvt.depth: 32
|
||||||
|
!URxvt*background: rgba:0500/0500/0500/cccc
|
||||||
|
|
||||||
|
! URxvt*background: #080810
|
||||||
|
URxvt*foreground: #d0d7d0
|
||||||
|
! URxvt*background: black
|
||||||
|
! URxvt*foreground: white
|
||||||
|
! URxvt*background: rgb:00/00/40
|
||||||
|
! URxvt*foreground: rgb:a0/a0/d0
|
||||||
|
! XTerm*cursorColor: rgb:00/00/60
|
||||||
|
URxvt*cursorColor: #f042b0
|
||||||
|
URxvt*cursorColor2: #f0b000
|
||||||
|
URxvt*cursorBlink: off
|
||||||
|
! URxvt*cursorUnderline: true
|
||||||
|
! URxvt*highlightColor: #232323
|
||||||
|
! URxvt*highlightTextColor: #b0ffb0
|
||||||
|
|
||||||
|
URxvt*.pointerBlank: true
|
||||||
|
URxvt*.pointerBlankDelay: 987654321
|
||||||
|
URxvt*.pointerColor: #f042b0
|
||||||
|
URxvt*.pointerColor2: #050505
|
||||||
|
|
||||||
|
! URxvt*color0: #000000
|
||||||
|
! URxvt*color1: #c00000
|
||||||
|
! URxvt*color2: #80c070
|
||||||
|
URxvt*color3: #c07000
|
||||||
|
! URxvt*color4: #0000c0
|
||||||
|
URxvt*color4: #4040c0
|
||||||
|
! URxvt*color5: #c000c0
|
||||||
|
! URxvt*color6: #008080
|
||||||
|
URxvt*color7: #c0c0c0
|
||||||
|
|
||||||
|
URxvt*color8: #707070
|
||||||
|
URxvt*color9: #ff6060
|
||||||
|
URxvt*color10: #70ff70
|
||||||
|
URxvt*color11: #ffff70
|
||||||
|
URxvt*color12: #7070ff
|
||||||
|
URxvt*color13: #ff50ff
|
||||||
|
URxvt*color14: #70ffff
|
||||||
|
URxvt*color15: #ffffff
|
||||||
|
|
||||||
!change unreadable blue
|
|
||||||
URxvt*color4: #268bd2
|
|
||||||
''
|
''
|
||||||
|
@ -7,9 +7,6 @@
|
|||||||
zsh-newuser-install() { :; }
|
zsh-newuser-install() { :; }
|
||||||
'';
|
'';
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
HISTFILE=~/.histfile
|
|
||||||
HISTSIZE=1000000
|
|
||||||
SAVEHIST=100000
|
|
||||||
#unsetopt nomatch
|
#unsetopt nomatch
|
||||||
setopt autocd extendedglob
|
setopt autocd extendedglob
|
||||||
bindkey -e
|
bindkey -e
|
||||||
@ -92,6 +89,11 @@
|
|||||||
esac
|
esac
|
||||||
'';
|
'';
|
||||||
promptInit = ''
|
promptInit = ''
|
||||||
|
# TODO: figure out why we need to set this here
|
||||||
|
HISTSIZE=900001
|
||||||
|
HISTFILESIZE=$HISTSIZE
|
||||||
|
SAVEHIST=$HISTSIZE
|
||||||
|
|
||||||
autoload -U promptinit
|
autoload -U promptinit
|
||||||
promptinit
|
promptinit
|
||||||
|
|
||||||
|
@ -4,6 +4,7 @@ _:
|
|||||||
./ejabberd
|
./ejabberd
|
||||||
./folderPerms.nix
|
./folderPerms.nix
|
||||||
./mysql-backup.nix
|
./mysql-backup.nix
|
||||||
|
./power-action.nix
|
||||||
./urxvtd.nix
|
./urxvtd.nix
|
||||||
./wordpress_nginx.nix
|
./wordpress_nginx.nix
|
||||||
./xresources.nix
|
./xresources.nix
|
||||||
|
93
lass/3modules/power-action.nix
Normal file
93
lass/3modules/power-action.nix
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.lass.power-action;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.lass.power-action = api;
|
||||||
|
config = lib.mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "power-action";
|
||||||
|
user = mkOption {
|
||||||
|
type = types.user;
|
||||||
|
default = {
|
||||||
|
name = "power-action";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
startAt = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "*:0/1";
|
||||||
|
};
|
||||||
|
plans = mkOption {
|
||||||
|
type = with types; attrsOf (submodule {
|
||||||
|
options = {
|
||||||
|
charging = mkOption {
|
||||||
|
type = nullOr bool;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
check for charging status.
|
||||||
|
null = don't care
|
||||||
|
true = only if system is charging
|
||||||
|
false = only if system is discharging
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
upperLimit = mkOption {
|
||||||
|
type = int;
|
||||||
|
};
|
||||||
|
lowerLimit = mkOption {
|
||||||
|
type = int;
|
||||||
|
};
|
||||||
|
action = mkOption {
|
||||||
|
type = path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
systemd.services.power-action = {
|
||||||
|
serviceConfig = rec {
|
||||||
|
ExecStart = startScript;
|
||||||
|
User = cfg.user.name;
|
||||||
|
};
|
||||||
|
startAt = cfg.startAt;
|
||||||
|
};
|
||||||
|
users.users.${cfg.user.name} = {
|
||||||
|
inherit (cfg.user) name uid;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
startScript = pkgs.writeDash "power-action" ''
|
||||||
|
set -euf
|
||||||
|
|
||||||
|
power="$(${powerlvl})"
|
||||||
|
state="$(${state})"
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
|
||||||
|
'';
|
||||||
|
charging_check = plan:
|
||||||
|
if (plan.charging == null) then "" else
|
||||||
|
if plan.charging
|
||||||
|
then ''&& [ "$state" = "true" ]''
|
||||||
|
else ''&& ! [ "$state" = "true" ]''
|
||||||
|
;
|
||||||
|
|
||||||
|
writeRule = _: plan:
|
||||||
|
"if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
|
||||||
|
|
||||||
|
powerlvl = pkgs.writeDash "powerlvl" ''
|
||||||
|
cat /sys/class/power_supply/BAT0/capacity
|
||||||
|
'';
|
||||||
|
|
||||||
|
state = pkgs.writeDash "state" ''
|
||||||
|
if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Discharging" ]
|
||||||
|
then echo "false"
|
||||||
|
else echo "true"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
in out
|
@ -3,6 +3,9 @@
|
|||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = rec {
|
nixpkgs.config.packageOverrides = rec {
|
||||||
acronym = pkgs.callPackage ./acronym/default.nix {};
|
acronym = pkgs.callPackage ./acronym/default.nix {};
|
||||||
|
ejabberd = pkgs.callPackage ./ejabberd {
|
||||||
|
erlang = pkgs.erlangR16;
|
||||||
|
};
|
||||||
firefoxPlugins = {
|
firefoxPlugins = {
|
||||||
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
|
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
|
||||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||||
@ -10,11 +13,11 @@
|
|||||||
};
|
};
|
||||||
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
|
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
|
||||||
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
||||||
|
q = pkgs.callPackage ./q {};
|
||||||
|
rs = pkgs.callPackage ./rs/default.nix {};
|
||||||
untilport = pkgs.callPackage ./untilport/default.nix {};
|
untilport = pkgs.callPackage ./untilport/default.nix {};
|
||||||
urban = pkgs.callPackage ./urban/default.nix {};
|
urban = pkgs.callPackage ./urban/default.nix {};
|
||||||
xmonad-lass =
|
xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; };
|
||||||
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
|
||||||
pkgs.haskellPackages.callPackage src {};
|
|
||||||
yt-next = pkgs.callPackage ./yt-next/default.nix {};
|
yt-next = pkgs.callPackage ./yt-next/default.nix {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
185
lass/5pkgs/q/default.nix
Normal file
185
lass/5pkgs/q/default.nix
Normal file
@ -0,0 +1,185 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
q-cal = let
|
||||||
|
# XXX 23 is the longest line of cal's output
|
||||||
|
pad = ''{
|
||||||
|
${pkgs.gnused}/bin/sed '
|
||||||
|
# rtrim
|
||||||
|
s/ *$//
|
||||||
|
|
||||||
|
# delete last empty line
|
||||||
|
''${/^$/d}
|
||||||
|
' \
|
||||||
|
| ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
|
||||||
|
| ${pkgs.gnused}/bin/sed '
|
||||||
|
# colorize header
|
||||||
|
1,2s/.*/[38;5;238;1m&[39;22m/
|
||||||
|
|
||||||
|
# colorize week number
|
||||||
|
s/^[ 1-9][0-9]/[38;5;238;1m&[39;22m/
|
||||||
|
'
|
||||||
|
}'';
|
||||||
|
in ''
|
||||||
|
${pkgs.coreutils}/bin/paste \
|
||||||
|
<(${pkgs.utillinux}/bin/cal -mw \
|
||||||
|
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
|
||||||
|
| ${pad}
|
||||||
|
) \
|
||||||
|
<(${pkgs.utillinux}/bin/cal -mw \
|
||||||
|
| ${pkgs.gnused}/bin/sed '
|
||||||
|
# colorize day of month
|
||||||
|
s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/[31;1m&[39;22m/
|
||||||
|
' \
|
||||||
|
| ${pad}
|
||||||
|
) \
|
||||||
|
<(${pkgs.utillinux}/bin/cal -mw \
|
||||||
|
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
|
||||||
|
| ${pad}
|
||||||
|
) \
|
||||||
|
| ${pkgs.gnused}/bin/sed 's/\t/ /g'
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-isodate = ''
|
||||||
|
${pkgs.coreutils}/bin/date \
|
||||||
|
'+[1m%Y-%m-%d[;30mT[;38;5;085m%H:%M[m:%S%:z'
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-gitdir = ''
|
||||||
|
if test -d .git; then
|
||||||
|
#git status --porcelain
|
||||||
|
branch=$(
|
||||||
|
${pkgs.git}/bin/git branch \
|
||||||
|
| ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p'
|
||||||
|
)
|
||||||
|
echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-power_supply = ''
|
||||||
|
for uevent in /sys/class/power_supply/*/uevent; do
|
||||||
|
if test -f $uevent; then
|
||||||
|
eval "$(${pkgs.gnused}/bin/sed -n '
|
||||||
|
s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p
|
||||||
|
' $uevent)"
|
||||||
|
|
||||||
|
if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
charge_percentage=$(echo "
|
||||||
|
scale=2
|
||||||
|
$POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL
|
||||||
|
" | ${pkgs.bc}/bin/bc)
|
||||||
|
|
||||||
|
lfc=$POWER_SUPPLY_CHARGE_FULL
|
||||||
|
rc=$POWER_SUPPLY_CHARGE_NOW
|
||||||
|
#rc=2800
|
||||||
|
N=78; N=76
|
||||||
|
N=10
|
||||||
|
n=$(echo $N-1 | ${pkgs.bc}/bin/bc)
|
||||||
|
centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc)
|
||||||
|
deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc)
|
||||||
|
energy_evel=$(
|
||||||
|
echo -n '☳ ' # TRIGRAM FOR THUNDER
|
||||||
|
if test $centi -ge 42; then echo -n '[1;32m'
|
||||||
|
elif test $centi -ge 23; then echo -n '[1;33m'
|
||||||
|
elif test $centi -ge 11; then echo -n '[1;31m'
|
||||||
|
else echo -n '[5;1;31m'; fi
|
||||||
|
for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do
|
||||||
|
echo -n ■
|
||||||
|
done
|
||||||
|
echo -n '[;30m'
|
||||||
|
for i in $(${pkgs.coreutils}/bin/seq $deci $n); do
|
||||||
|
echo -n ■
|
||||||
|
done
|
||||||
|
echo '[m' $rc #/ $lfc
|
||||||
|
)
|
||||||
|
echo "$energy_evel $charge_percentage"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-virtualization = ''
|
||||||
|
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-wireless = ''
|
||||||
|
for dev in $(
|
||||||
|
${pkgs.iw}/bin/iw dev \
|
||||||
|
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
|
||||||
|
); do
|
||||||
|
inet=$(${pkgs.iproute}/bin/ip addr show $dev \
|
||||||
|
| ${pkgs.gnused}/bin/sed -n '
|
||||||
|
s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p
|
||||||
|
') \
|
||||||
|
|| unset inet
|
||||||
|
ssid=$(${pkgs.iw}/bin/iw dev $dev link \
|
||||||
|
| ${pkgs.gnused}/bin/sed -n '
|
||||||
|
s/.*\tSSID: \(.*\)/\1/p
|
||||||
|
') \
|
||||||
|
|| unset ssid
|
||||||
|
echo "$dev''${inet+ $inet}''${ssid+ $ssid}"
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-online = ''
|
||||||
|
if ${pkgs.curl.bin}/bin/curl -s google.com >/dev/null; then
|
||||||
|
echo '[32;1monline[m'
|
||||||
|
else
|
||||||
|
echo offline
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-thermal_zone = ''
|
||||||
|
for i in /sys/class/thermal/thermal_zone*; do
|
||||||
|
type=$(${pkgs.coreutils}/bin/cat $i/type)
|
||||||
|
temp=$(${pkgs.coreutils}/bin/cat $i/temp)
|
||||||
|
printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc)
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
|
||||||
|
q-todo = ''
|
||||||
|
TODO_file=$HOME/TODO
|
||||||
|
if test -e "$TODO_file"; then
|
||||||
|
${pkgs.coreutils}/bin/cat "$TODO_file" \
|
||||||
|
| ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
|
||||||
|
BEGIN { print "remind=0" }
|
||||||
|
/^[0-9]/{
|
||||||
|
x = $1
|
||||||
|
gsub(".", "\\\\&", x)
|
||||||
|
rest = substr($0, index($0, " "))
|
||||||
|
rest = $0
|
||||||
|
sub(" *", "", rest)
|
||||||
|
gsub(".", "\\\\&", rest)
|
||||||
|
print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
|
||||||
|
echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
|
||||||
|
(( remind++ ))"
|
||||||
|
}
|
||||||
|
END { print "test $remind = 0 && echo \"nothing to remind\"" }
|
||||||
|
' \
|
||||||
|
| {
|
||||||
|
# bash needed for (( ... ))
|
||||||
|
${pkgs.bash}/bin/bash
|
||||||
|
}
|
||||||
|
else
|
||||||
|
echo "$TODO_file: no such file or directory"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
# bash needed for <(...)
|
||||||
|
pkgs.writeBashBin "q" ''
|
||||||
|
set -eu
|
||||||
|
export PATH=/var/empty
|
||||||
|
${q-cal}
|
||||||
|
echo
|
||||||
|
${q-isodate}
|
||||||
|
(${q-gitdir}) &
|
||||||
|
(${q-power_supply}) &
|
||||||
|
(${q-virtualization}) &
|
||||||
|
(${q-wireless}) &
|
||||||
|
(${q-online}) &
|
||||||
|
(${q-thermal_zone}) &
|
||||||
|
wait
|
||||||
|
${q-todo}
|
||||||
|
''
|
6
lass/5pkgs/rs/default.nix
Normal file
6
lass/5pkgs/rs/default.nix
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
#TODO: get tab-completion working again
|
||||||
|
pkgs.writeBashBin "rs" ''
|
||||||
|
rsync -vaP --append-verify "$@"
|
||||||
|
''
|
@ -1,3 +1,15 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
pkgs.writeHaskell "xmonad-lass" {
|
||||||
|
executables.xmonad = {
|
||||||
|
extra-depends = [
|
||||||
|
"containers"
|
||||||
|
"unix"
|
||||||
|
"X11"
|
||||||
|
"xmonad"
|
||||||
|
"xmonad-contrib"
|
||||||
|
"xmonad-stockholm"
|
||||||
|
];
|
||||||
|
text = ''
|
||||||
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
|
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
|
||||||
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
|
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
|
||||||
{-# LANGUAGE LambdaCase #-}
|
{-# LANGUAGE LambdaCase #-}
|
||||||
@ -147,3 +159,8 @@ gridConfig = def
|
|||||||
, gs_navigate = navNSearch
|
, gs_navigate = navNSearch
|
||||||
, gs_font = myFont
|
, gs_font = myFont
|
||||||
}
|
}
|
||||||
|
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
1
lass/5pkgs/xmonad-lass/.gitignore
vendored
1
lass/5pkgs/xmonad-lass/.gitignore
vendored
@ -1 +0,0 @@
|
|||||||
/shell.nix
|
|
@ -1,6 +0,0 @@
|
|||||||
.PHONY: ghci
|
|
||||||
ghci: shell.nix
|
|
||||||
nix-shell --command 'exec ghci -Wall'
|
|
||||||
|
|
||||||
shell.nix: xmonad.cabal
|
|
||||||
cabal2nix --shell . > $@
|
|
@ -1,17 +0,0 @@
|
|||||||
Author: lass
|
|
||||||
Build-Type: Simple
|
|
||||||
Cabal-Version: >= 1.2
|
|
||||||
License: MIT
|
|
||||||
Name: xmonad-lass
|
|
||||||
Version: 0
|
|
||||||
|
|
||||||
Executable xmonad
|
|
||||||
Build-Depends:
|
|
||||||
base,
|
|
||||||
containers,
|
|
||||||
unix,
|
|
||||||
xmonad,
|
|
||||||
xmonad-contrib,
|
|
||||||
xmonad-stockholm
|
|
||||||
GHC-Options: -Wall -O3 -threaded -rtsopts
|
|
||||||
Main-Is: Main.hs
|
|
@ -17,19 +17,31 @@ in {
|
|||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/virtualization.nix
|
../2configs/virtualization.nix
|
||||||
];
|
];
|
||||||
|
services.tinc.networks.siem = {
|
||||||
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
|
name = "sdarth";
|
||||||
networking.firewall.allowedTCPPorts = [ 80 655 ];
|
extraConfig = "ConnectTo = sjump";
|
||||||
networking.firewall.checkReversePath = false;
|
};
|
||||||
#networking.firewall.enable = false;
|
#networking.firewall.enable = false;
|
||||||
# virtualisation.nova.enableSingleNode = true;
|
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
|
|
||||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
networking.wireless.enable = true;
|
networking = {
|
||||||
|
wireless.enable = true;
|
||||||
|
firewall = {
|
||||||
|
allowPing = true;
|
||||||
|
logRefusedConnections = false;
|
||||||
|
allowedUDPPorts = [ 80 655 1655 67 ];
|
||||||
|
allowedTCPPorts = [ 80 655 1655 ];
|
||||||
|
};
|
||||||
|
# fallback connection to the internal virtual network
|
||||||
|
interfaces.virbr3.ip4 = [{
|
||||||
|
address = "10.8.8.2";
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
# TODO smartd omo darth gum all-in-one
|
# TODO smartd omo darth gum all-in-one
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||||
|
@ -5,9 +5,10 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
byid = dev: "/dev/disk/by-id/" + dev;
|
||||||
keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
||||||
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
|
||||||
homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3";
|
rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
|
||||||
|
primaryInterface = "enp1s0";
|
||||||
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
||||||
# cryptsetup luksAddKey $dev tmpkey
|
# cryptsetup luksAddKey $dev tmpkey
|
||||||
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
||||||
@ -15,14 +16,14 @@ let
|
|||||||
|
|
||||||
# omo Chassis:
|
# omo Chassis:
|
||||||
# __FRONT_
|
# __FRONT_
|
||||||
# |* d2 |
|
# |* d0 |
|
||||||
# | |
|
# | |
|
||||||
# |* d3 |
|
# |* d3 |
|
||||||
# | |
|
# | |
|
||||||
# |* d0 |
|
# |* d3 |
|
||||||
# | |
|
# | |
|
||||||
# |* d1 |
|
|
||||||
# |* |
|
# |* |
|
||||||
|
# |* d2 |
|
||||||
# | * r0 |
|
# | * r0 |
|
||||||
# |_______|
|
# |_______|
|
||||||
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
|
||||||
@ -38,27 +39,31 @@ in {
|
|||||||
[
|
[
|
||||||
../.
|
../.
|
||||||
# TODO: unlock home partition via ssh
|
# TODO: unlock home partition via ssh
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/sda-crypto-root.nix
|
||||||
../2configs/zsh-user.nix
|
../2configs/zsh-user.nix
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/smart-monitor.nix
|
../2configs/smart-monitor.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/share-user-sftp.nix
|
#../2configs/graphite-standalone.nix
|
||||||
../2configs/graphite-standalone.nix
|
#../2configs/share-user-sftp.nix
|
||||||
../2configs/omo-share.nix
|
../2configs/omo-share.nix
|
||||||
|
|
||||||
|
## as long as pyload is not in nixpkgs:
|
||||||
|
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||||
# tcp:80 - nginx for sharing files
|
# tcp:80 - nginx for sharing files
|
||||||
# tcp:655 udp:655 - tinc
|
# tcp:655 udp:655 - tinc
|
||||||
# tcp:8111 - graphite
|
# tcp:8111 - graphite
|
||||||
|
# tcp:8112 - pyload
|
||||||
# tcp:9090 - sabnzbd
|
# tcp:9090 - sabnzbd
|
||||||
# tcp:9200 - elasticsearch
|
# tcp:9200 - elasticsearch
|
||||||
# tcp:5601 - kibana
|
# tcp:5601 - kibana
|
||||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
|
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
|
||||||
|
|
||||||
# services.openssh.allowSFTP = false;
|
# services.openssh.allowSFTP = false;
|
||||||
|
|
||||||
@ -66,6 +71,9 @@ in {
|
|||||||
services.sabnzbd.enable = true;
|
services.sabnzbd.enable = true;
|
||||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
|
|
||||||
# HDD Array stuff
|
# HDD Array stuff
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||||
|
|
||||||
@ -76,15 +84,11 @@ in {
|
|||||||
disks = map toMapper [ 0 1 ];
|
disks = map toMapper [ 0 1 ];
|
||||||
parity = toMapper 2;
|
parity = toMapper 2;
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = let
|
fileSystems = let
|
||||||
cryptMount = name:
|
cryptMount = name:
|
||||||
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
||||||
in {
|
in cryptMount "crypt0"
|
||||||
"/home" = {
|
|
||||||
device = "/dev/mapper/home";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
} // cryptMount "crypt0"
|
|
||||||
// cryptMount "crypt1"
|
// cryptMount "crypt1"
|
||||||
// cryptMount "crypt2";
|
// cryptMount "crypt2";
|
||||||
|
|
||||||
@ -101,15 +105,16 @@ in {
|
|||||||
usbkey = name: device: {
|
usbkey = name: device: {
|
||||||
inherit name device keyFile;
|
inherit name device keyFile;
|
||||||
keyFileSize = 4096;
|
keyFileSize = 4096;
|
||||||
|
allowDiscards = true;
|
||||||
};
|
};
|
||||||
in [
|
in [
|
||||||
(usbkey "home" homePartition)
|
(usbkey "luksroot" rootPartition)
|
||||||
(usbkey "crypt0" cryptDisk0)
|
(usbkey "crypt0" cryptDisk0)
|
||||||
(usbkey "crypt1" cryptDisk1)
|
(usbkey "crypt1" cryptDisk1)
|
||||||
(usbkey "crypt2" cryptDisk2)
|
(usbkey "crypt2" cryptDisk2)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
loader.grub.device = rootDisk;
|
loader.grub.device = lib.mkForce rootDisk;
|
||||||
|
|
||||||
initrd.availableKernelModules = [
|
initrd.availableKernelModules = [
|
||||||
"ahci"
|
"ahci"
|
||||||
@ -121,12 +126,12 @@ in {
|
|||||||
"usbhid"
|
"usbhid"
|
||||||
];
|
];
|
||||||
|
|
||||||
kernelModules = [ "kvm-amd" ];
|
kernelModules = [ "kvm-intel" ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
|
@ -31,6 +31,7 @@
|
|||||||
|
|
||||||
# hardware specifics are in here
|
# hardware specifics are in here
|
||||||
../2configs/hw/tp-x220.nix
|
../2configs/hw/tp-x220.nix
|
||||||
|
../2configs/hw/rtl8812au.nix
|
||||||
# mount points
|
# mount points
|
||||||
../2configs/fs/sda-crypto-root-home.nix
|
../2configs/fs/sda-crypto-root-home.nix
|
||||||
# ../2configs/mediawiki.nix
|
# ../2configs/mediawiki.nix
|
||||||
@ -43,6 +44,14 @@
|
|||||||
# ../2configs/temp/sabnzbd.nix
|
# ../2configs/temp/sabnzbd.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.tinc.networks.siem = {
|
||||||
|
name = "makefu";
|
||||||
|
extraConfig = ''
|
||||||
|
ConnectTo = sdarth
|
||||||
|
ConnectTo = sjump
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
krebs.nginx = {
|
krebs.nginx = {
|
||||||
default404 = false;
|
default404 = false;
|
||||||
servers.default.listen = [ "80 default_server" ];
|
servers.default.listen = [ "80 default_server" ];
|
||||||
@ -59,7 +68,6 @@
|
|||||||
networking.firewall.allowedUDPPorts = [ 665 ];
|
networking.firewall.allowedUDPPorts = [ 665 ];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.pornocauster;
|
krebs.build.host = config.krebs.hosts.pornocauster;
|
||||||
|
|
||||||
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
|
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
|
||||||
krebs.retiolum = {
|
krebs.retiolum = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -68,4 +76,6 @@
|
|||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
192.168.1.11 omo.local
|
192.168.1.11 omo.local
|
||||||
'';
|
'';
|
||||||
|
# hard dependency because otherwise the device will not be unlocked
|
||||||
|
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||||
}
|
}
|
||||||
|
54
makefu/1systems/shoney.nix
Normal file
54
makefu/1systems/shoney.nix
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
tinc-siem-ip = "10.8.10.1";
|
||||||
|
|
||||||
|
ip = "64.137.234.215";
|
||||||
|
alt-ip = "64.137.234.210";
|
||||||
|
extra-ip = "64.137.234.114"; #currently unused
|
||||||
|
gw = "64.137.234.1";
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
../.
|
||||||
|
../2configs/save-diskspace.nix
|
||||||
|
../2configs/hw/CAC.nix
|
||||||
|
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
services.tinc.networks.siem.name = "sjump";
|
||||||
|
|
||||||
|
krebs = {
|
||||||
|
enable = true;
|
||||||
|
retiolum.enable = true;
|
||||||
|
build.host = config.krebs.hosts.shoney;
|
||||||
|
nginx.enable = true;
|
||||||
|
tinc_graphs = {
|
||||||
|
enable = true;
|
||||||
|
network = "siem";
|
||||||
|
hostsPath = "/etc/tinc/siem/hosts";
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
# TODO: remove hard-coded hostname
|
||||||
|
complete = {
|
||||||
|
listen = [ "${tinc-siem-ip}:80" ];
|
||||||
|
server-names = [ "graphs.siem" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking = {
|
||||||
|
interfaces.enp2s1.ip4 = [
|
||||||
|
{ address = ip; prefixLength = 24; }
|
||||||
|
{ address = alt-ip; prefixLength = 24; }
|
||||||
|
];
|
||||||
|
|
||||||
|
defaultGateway = gw;
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
firewall = {
|
||||||
|
trustedInterfaces = [ "tinc.siem" ];
|
||||||
|
allowedUDPPorts = [ 655 1655 ];
|
||||||
|
allowedTCPPorts = [ 655 1655 ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -9,9 +9,9 @@ in {
|
|||||||
imports = [
|
imports = [
|
||||||
../.
|
../.
|
||||||
# TODO: copy this config or move to krebs
|
# TODO: copy this config or move to krebs
|
||||||
../../tv/2configs/hw/CAC.nix
|
../2configs/hw/CAC.nix
|
||||||
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
|
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||||
../2configs/headless.nix
|
../2configs/save-diskspace.nix
|
||||||
|
|
||||||
../2configs/bepasty-dual.nix
|
../2configs/bepasty-dual.nix
|
||||||
|
|
||||||
@ -27,8 +27,7 @@ in {
|
|||||||
../2configs/collectd/collectd-base.nix
|
../2configs/collectd/collectd-base.nix
|
||||||
];
|
];
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
services.nixosManual.enable = false;
|
|
||||||
programs.man.enable = false;
|
|
||||||
krebs.build.host = config.krebs.hosts.wry;
|
krebs.build.host = config.krebs.hosts.wry;
|
||||||
|
|
||||||
krebs.Reaktor = {
|
krebs.Reaktor = {
|
||||||
@ -83,9 +82,5 @@ in {
|
|||||||
nameservers = [ "8.8.8.8" ];
|
nameservers = [ "8.8.8.8" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# small machine - do not forget to gc every day
|
|
||||||
nix.gc.automatic = true;
|
|
||||||
nix.gc.dates = "03:10";
|
|
||||||
|
|
||||||
environment.systemPackages = [ ];
|
environment.systemPackages = [ ];
|
||||||
}
|
}
|
||||||
|
@ -16,6 +16,8 @@ with config.krebs.lib;
|
|||||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
dns.providers.siem = "hosts";
|
||||||
search-domain = "retiolum";
|
search-domain = "retiolum";
|
||||||
build = {
|
build = {
|
||||||
user = config.krebs.users.makefu;
|
user = config.krebs.users.makefu;
|
||||||
@ -24,7 +26,9 @@ with config.krebs.lib;
|
|||||||
url = https://github.com/nixos/nixpkgs;
|
url = https://github.com/nixos/nixpkgs;
|
||||||
rev = "63b9785"; # stable @ 2016-06-01
|
rev = "63b9785"; # stable @ 2016-06-01
|
||||||
};
|
};
|
||||||
secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
secrets = if getEnv "dummy_secrets" == "true"
|
||||||
|
then toString <stockholm/makefu/6tests/data/secrets>
|
||||||
|
else "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||||
stockholm = "/home/makefu/stockholm";
|
stockholm = "/home/makefu/stockholm";
|
||||||
|
|
||||||
# Defaults for all stockholm users?
|
# Defaults for all stockholm users?
|
||||||
@ -154,6 +158,15 @@ with config.krebs.lib;
|
|||||||
"net.ipv6.conf.default.use_tempaddr" = 2;
|
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.activationScripts.nix-defexpr = ''
|
||||||
|
(set -euf
|
||||||
|
for i in /home/makefu /root/;do
|
||||||
|
f="$i/.nix-defexpr"
|
||||||
|
rm -fr "$f"
|
||||||
|
ln -s /var/src/nixpkgs "$f"
|
||||||
|
done)
|
||||||
|
'';
|
||||||
|
|
||||||
i18n = {
|
i18n = {
|
||||||
consoleKeyMap = "us";
|
consoleKeyMap = "us";
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
20
makefu/2configs/fs/CAC-CentOS-7-64bit.nix
Normal file
20
makefu/2configs/fs/CAC-CentOS-7-64bit.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
_:
|
||||||
|
|
||||||
|
{
|
||||||
|
boot.loader.grub = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/centos/root";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
swapDevices = [
|
||||||
|
{ device = "/dev/centos/swap"; }
|
||||||
|
];
|
||||||
|
}
|
@ -1,16 +1,16 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
# sda: bootloader grub2
|
# sda: bootloader grub2
|
||||||
# sda1: boot ext4 (label nixboot)
|
# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required:
|
||||||
|
# boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||||
# sda2: cryptoluks -> ext4
|
# sda2: cryptoluks -> ext4
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
{
|
{
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.enable = true;
|
loader.grub.enable = true;
|
||||||
loader.grub.version = 2;
|
loader.grub.version = 2;
|
||||||
loader.grub.device = "/dev/sda";
|
loader.grub.device = lib.mkDefault "/dev/sda";
|
||||||
|
|
||||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
|
||||||
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
|
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
|
||||||
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
};
|
};
|
||||||
|
13
makefu/2configs/hw/CAC.nix
Normal file
13
makefu/2configs/hw/CAC.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
_:
|
||||||
|
{
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"vmw_pvscsi"
|
||||||
|
];
|
||||||
|
boot.loader.grub.splashImage = null;
|
||||||
|
nix = {
|
||||||
|
daemonIONiceLevel = 1;
|
||||||
|
daemonNiceLevel = 1;
|
||||||
|
};
|
||||||
|
sound.enable = false;
|
||||||
|
}
|
6
makefu/2configs/hw/fingerprint-reader.nix
Normal file
6
makefu/2configs/hw/fingerprint-reader.nix
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
_: {
|
||||||
|
# add fingerprint with fprintd-enroll
|
||||||
|
services.fprintd.enable = true;
|
||||||
|
security.pam.services.login.fprintAuth = true;
|
||||||
|
security.pam.services.xscreensaver.fprintAuth = true;
|
||||||
|
}
|
@ -5,7 +5,7 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
imports = [ ./tp-x2x0.nix ];
|
imports = [ ./tp-x2x0.nix ];
|
||||||
boot = {
|
boot = {
|
||||||
kernelModules = [ "kvm-intel" "acpi_call" ];
|
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
|
||||||
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -28,7 +28,7 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
# enable HDMI output switching with pulseaudio
|
# enable HDMI output switching with pulseaudio
|
||||||
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
|
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
|
||||||
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
|
${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"}
|
||||||
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"
|
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -22,7 +22,8 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
services.tlp.extraConfig = ''
|
services.tlp.extraConfig = ''
|
||||||
START_CHARGE_THRESH_BAT0=80
|
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
||||||
|
#START_CHARGE_THRESH_BAT0=80
|
||||||
STOP_CHARGE_THRESH_BAT0=95
|
STOP_CHARGE_THRESH_BAT0=95
|
||||||
|
|
||||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||||
|
9
makefu/2configs/save-diskspace.nix
Normal file
9
makefu/2configs/save-diskspace.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
_:
|
||||||
|
# TODO: do not check out nixpkgs master but fetch revision from github
|
||||||
|
{
|
||||||
|
services.nixosManual.enable = false;
|
||||||
|
programs.man.enable = false;
|
||||||
|
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||||
|
nix.gc.automatic = true;
|
||||||
|
nix.gc.dates = "03:10";
|
||||||
|
}
|
@ -3,6 +3,14 @@
|
|||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||||
|
owner = "NixOS"; repo = "nixpkgs-channels";
|
||||||
|
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
|
||||||
|
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
|
||||||
|
}) {};
|
||||||
|
|
||||||
|
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
|
||||||
|
|
||||||
# TODO: currently it is only netzclub
|
# TODO: currently it is only netzclub
|
||||||
umts-bin = pkgs.writeScriptBin "umts" ''
|
umts-bin = pkgs.writeScriptBin "umts" ''
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
@ -62,7 +70,7 @@ let
|
|||||||
Type = "simple";
|
Type = "simple";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "10s";
|
RestartSec = "10s";
|
||||||
ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
|
ExecStart = "${wvdial}/bin/wvdial -n";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
19
makefu/5pkgs/bintray-upload/default.nix
Normal file
19
makefu/5pkgs/bintray-upload/default.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.python3Packages.buildPythonPackage rec {
|
||||||
|
name = "bintray-upload-${version}";
|
||||||
|
version = "0.1.2";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "makefu";
|
||||||
|
repo = "bintray-upload";
|
||||||
|
rev = "4e76724";
|
||||||
|
sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9";
|
||||||
|
};
|
||||||
|
|
||||||
|
propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "Simple BinTray utility for uploading packages";
|
||||||
|
license = pkgs.stdenv.lib.licenses.asl20;
|
||||||
|
};
|
||||||
|
}
|
@ -13,7 +13,8 @@ in
|
|||||||
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
||||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||||
inherit (callPackage ./devpi {}) devpi-web devpi-server;
|
inherit (callPackage ./devpi {}) devpi-web devpi-server;
|
||||||
skytraq-logger = callPackage ./skytraq-logger/ {};
|
skytraq-logger = callPackage ./skytraq-logger {};
|
||||||
taskserver = callPackage ./taskserver {};
|
taskserver = callPackage ./taskserver {};
|
||||||
|
bintray-upload = callPackage ./bintray-upload {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
1
makefu/6tests/data/secrets/bepasty-secret.nix
Normal file
1
makefu/6tests/data/secrets/bepasty-secret.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
"derp"
|
1
makefu/6tests/data/secrets/hashedPasswords.nix
Normal file
1
makefu/6tests/data/secrets/hashedPasswords.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
{}
|
1
makefu/6tests/data/secrets/iodinepw.nix
Normal file
1
makefu/6tests/data/secrets/iodinepw.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
"derp"
|
0
makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.pub
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.pub
Normal file
0
makefu/6tests/data/secrets/sambacred
Normal file
0
makefu/6tests/data/secrets/sambacred
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
Normal file
0
makefu/6tests/data/secrets/ssh_host_ed25519_key
Normal file
0
makefu/6tests/data/secrets/ssh_host_ed25519_key
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.key
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.key
Normal file
0
makefu/6tests/data/secrets/tw-pass.ini
Normal file
0
makefu/6tests/data/secrets/tw-pass.ini
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.key
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.key
Normal file
@ -22,7 +22,7 @@ in
|
|||||||
|
|
||||||
# local discovery in shackspace
|
# local discovery in shackspace
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||||
|
krebs.retiolum.extraConfig = "TCPOnly = yes";
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
@ -37,7 +37,7 @@ in
|
|||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
interfaces.eth0.ip4 = [{
|
interfaces.enp0s3.ip4 = [{
|
||||||
address = shack-ip;
|
address = shack-ip;
|
||||||
prefixLength = 20;
|
prefixLength = 20;
|
||||||
}];
|
}];
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
stockholm_repo,
|
stockholm_repo,
|
||||||
workdir='stockholm-poller', branches=True,
|
workdir='stockholm-poller', branches=True,
|
||||||
project='stockholm',
|
project='stockholm',
|
||||||
pollinterval=120))
|
pollinterval=60))
|
||||||
'';
|
'';
|
||||||
scheduler = {
|
scheduler = {
|
||||||
force-scheduler = ''
|
force-scheduler = ''
|
||||||
@ -43,7 +43,7 @@
|
|||||||
sched.append(schedulers.SingleBranchScheduler(
|
sched.append(schedulers.SingleBranchScheduler(
|
||||||
## all branches
|
## all branches
|
||||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||||
# treeStableTimer=10,
|
treeStableTimer=10,
|
||||||
name="fast-all-branches",
|
name="fast-all-branches",
|
||||||
builderNames=["fast-tests"]))
|
builderNames=["fast-tests"]))
|
||||||
'';
|
'';
|
||||||
|
Loading…
Reference in New Issue
Block a user