Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
d81b068113
@ -1,4 +1,4 @@
|
||||
arg@{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs) writeText;
|
||||
|
@ -91,6 +91,7 @@ with config.krebs.lib;
|
||||
"prism.retiolum"
|
||||
"prism.r"
|
||||
"cgit.prism.retiolum"
|
||||
"cache.prism.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -107,36 +108,17 @@ with config.krebs.lib;
|
||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
||||
};
|
||||
fastpoke = {
|
||||
domsen-nas = {
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "193.22.164.36";
|
||||
aliases = [
|
||||
"fastpoke.internet"
|
||||
"domsen-nas.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.253.152";
|
||||
ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
|
||||
aliases = [
|
||||
"fastpoke.retiolum"
|
||||
"fastpoke.r"
|
||||
"cgit.fastpoke.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
|
||||
DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
|
||||
FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
|
||||
ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
|
||||
EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
|
||||
rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
ip4.addr = "87.138.180.167";
|
||||
ssh.port = 2223;
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
|
||||
ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
|
||||
};
|
||||
cloudkrebs = {
|
||||
cores = 1;
|
||||
@ -314,5 +296,13 @@ with config.krebs.lib;
|
||||
fritz = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||
};
|
||||
prism-repo-sync = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
|
||||
mail = "lass@prism.r";
|
||||
};
|
||||
mors-repo-sync = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
|
||||
mail = "lass@mors.r";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -48,6 +48,12 @@ with config.krebs.lib;
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.2";
|
||||
aliases = [
|
||||
"darth.siem"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
tsp = {
|
||||
@ -98,6 +104,12 @@ with config.krebs.lib;
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.4";
|
||||
aliases = [
|
||||
"arch.siem"
|
||||
];
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
|
||||
@ -184,6 +196,8 @@ with config.krebs.lib;
|
||||
internet = {
|
||||
ip4.addr = "104.233.87.86";
|
||||
aliases = [
|
||||
"wry.i"
|
||||
"paste.i"
|
||||
"wry.internet"
|
||||
"paste.internet"
|
||||
];
|
||||
@ -194,10 +208,10 @@ with config.krebs.lib;
|
||||
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
||||
aliases = [
|
||||
"graphs.wry.retiolum"
|
||||
"graphs.retiolum"
|
||||
"graphs.r" "graphs.retiolum"
|
||||
"paste.wry.retiolum"
|
||||
"paste.retiolum"
|
||||
"wry.retiolum"
|
||||
"paste.r" "paste.retiolum"
|
||||
"wry.r" "wry.retiolum"
|
||||
"wiki.makefu.retiolum"
|
||||
"wiki.wry.retiolum"
|
||||
"blog.makefu.retiolum"
|
||||
@ -232,15 +246,16 @@ with config.krebs.lib;
|
||||
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
|
||||
aliases = [
|
||||
"filepimp.retiolum"
|
||||
"filepimp.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
|
||||
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
|
||||
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
|
||||
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
|
||||
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
|
||||
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
shoney = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.1";
|
||||
aliases = [
|
||||
"sjump.siem"
|
||||
"graphs.siem"
|
||||
];
|
||||
};
|
||||
internet = {
|
||||
ip4.addr = "64.137.234.215";
|
||||
aliases = [
|
||||
"shoney.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.205.131";
|
||||
ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
|
||||
aliases = [
|
||||
"shoney.retiolum"
|
||||
"shoney.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
|
||||
ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
|
||||
okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
|
||||
M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
|
||||
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
|
||||
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# non-stockholm
|
||||
|
||||
@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
};
|
||||
|
||||
|
||||
lariat = rec {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.64.7";
|
||||
aliases = [
|
||||
"lariat.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
|
||||
eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
|
||||
269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
|
||||
unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
|
||||
d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
|
||||
yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
soundflower = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
@ -568,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
};
|
||||
};
|
||||
|
||||
} // { # hosts only maintained in stockholm, not owned by me
|
||||
muhbaasu = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
@ -596,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
};
|
||||
};
|
||||
};
|
||||
} // { # hosts only maintained in stockholm, not owned by me
|
||||
tpsw = {
|
||||
cores = 2;
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
|
@ -11,14 +11,14 @@ let
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "repo-sync";
|
||||
config = mkOption {
|
||||
type = with types;attrsOf (attrsOf (attrsOf str));
|
||||
repos = mkOption {
|
||||
type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
|
||||
example = literalExample ''
|
||||
# see `repo-sync --help`
|
||||
# `ref` provides sane defaults and can be omitted
|
||||
|
||||
# attrset will be converted to json and be used as config
|
||||
{
|
||||
{ repo = {
|
||||
makefu = {
|
||||
origin = {
|
||||
url = http://github.com/makefu/repo ;
|
||||
@ -44,6 +44,7 @@ let
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
'';
|
||||
};
|
||||
timerConfig = mkOption {
|
||||
@ -56,53 +57,75 @@ let
|
||||
type = types.str;
|
||||
default = "/var/lib/repo-sync";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = "repo-sync";
|
||||
home = cfg.stateDir;
|
||||
};
|
||||
};
|
||||
|
||||
privateKeyFile = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
used by repo-sync to identify with ssh service
|
||||
type = types.secret-file;
|
||||
default = {
|
||||
path = "${cfg.stateDir}/ssh.priv";
|
||||
owner = cfg.user;
|
||||
source-path = toString <secrets> + "/repo-sync.ssh.key";
|
||||
};
|
||||
};
|
||||
|
||||
unitConfig = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
|
||||
example = literalExample ''
|
||||
# do not start when running on umts
|
||||
{ ConditionPathExists = "!/var/run/ppp0.pid"; }
|
||||
'';
|
||||
default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
|
||||
default = {};
|
||||
};
|
||||
|
||||
};
|
||||
repo-sync-config = pkgs.writeText "repo-sync-config.json"
|
||||
(builtins.toJSON cfg.config);
|
||||
|
||||
imp = {
|
||||
users.users.repo-sync = {
|
||||
name = "repo-sync";
|
||||
uid = genid "repo-sync";
|
||||
description = "repo-sync user";
|
||||
home = cfg.stateDir;
|
||||
krebs.secret.files.repo-sync-key = cfg.privateKeyFile;
|
||||
users.users.${cfg.user.name} = {
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
description = "repo-sync user";
|
||||
};
|
||||
|
||||
systemd.timers.repo-sync = {
|
||||
systemd.timers = mapAttrs' (name: repo:
|
||||
nameValuePair "repo-sync-${name}" {
|
||||
description = "repo-sync timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
timerConfig = cfg.timerConfig;
|
||||
};
|
||||
systemd.services.repo-sync = {
|
||||
description = "repo-sync";
|
||||
after = [ "network.target" ];
|
||||
}
|
||||
) cfg.repos;
|
||||
|
||||
path = with pkgs; [ ];
|
||||
systemd.services = mapAttrs' (name: repo:
|
||||
let
|
||||
repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
|
||||
(builtins.toJSON repo);
|
||||
in nameValuePair "repo-sync-${name}" {
|
||||
description = "repo-sync";
|
||||
after = [ "network.target" "secret.service" ];
|
||||
|
||||
environment = {
|
||||
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
|
||||
REPONAME = "${name}.git";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
PermissionsStartOnly = true;
|
||||
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
|
||||
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
||||
chown repo-sync ${cfg.stateDir}/ssh.priv
|
||||
'';
|
||||
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
||||
WorkingDirectory = cfg.stateDir;
|
||||
User = "repo-sync";
|
||||
};
|
||||
};
|
||||
unitConfig = cfg.unitConfig;
|
||||
}
|
||||
) cfg.repos;
|
||||
};
|
||||
in out
|
||||
|
@ -20,6 +20,18 @@ let
|
||||
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
|
||||
};
|
||||
|
||||
hostsPath = mkOption {
|
||||
type = types.str;
|
||||
description = "Path to Hosts directory";
|
||||
default = "${config.krebs.retiolum.hostsPackage}";
|
||||
};
|
||||
|
||||
network = mkOption {
|
||||
type = types.str;
|
||||
description = "Tinc Network to use";
|
||||
default = "retiolum";
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
|
||||
|
||||
@ -85,7 +97,8 @@ let
|
||||
EXTERNAL_FOLDER = external_dir;
|
||||
INTERNAL_FOLDER = internal_dir;
|
||||
GEODB = cfg.geodbPath;
|
||||
TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
|
||||
TINC_HOSTPATH = cfg.hostsPath;
|
||||
TINC_NETWORK = cfg.network;
|
||||
};
|
||||
|
||||
restartIfChanged = true;
|
||||
@ -103,7 +116,7 @@ let
|
||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
|
||||
fi
|
||||
'';
|
||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
||||
ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
|
||||
|
||||
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
||||
# TODO: this may break if workingDir is set to something stupid
|
||||
@ -121,8 +134,9 @@ let
|
||||
uid = genid "tinc_graphs";
|
||||
home = "/var/spool/tinc_graphs";
|
||||
};
|
||||
|
||||
krebs.nginx.servers = mkIf cfg.nginx.enable {
|
||||
krebs.nginx = mkIf cfg.nginx.enable {
|
||||
enable = mkDefault true;
|
||||
servers = {
|
||||
tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
@ -141,6 +155,7 @@ let
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
out
|
||||
|
@ -3,6 +3,9 @@
|
||||
python3Packages.buildPythonPackage rec {
|
||||
name = "Reaktor-${version}";
|
||||
version = "0.5.1";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
propagatedBuildInputs = with pkgs;[
|
||||
python3Packages.docopt
|
||||
python3Packages.requests2
|
||||
|
@ -38,13 +38,13 @@ with config.krebs.lib;
|
||||
|
||||
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
||||
|
||||
#buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
|
||||
# inherit (pkgs.pythonPackages) twisted jinja2;
|
||||
# dateutil = pkgs.pythonPackages.dateutil_1_5;
|
||||
# sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
|
||||
# doCheck = false;
|
||||
# });
|
||||
#};
|
||||
buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
|
||||
inherit (pkgs.pythonPackages) twisted jinja2;
|
||||
dateutil = pkgs.pythonPackages.dateutil_1_5;
|
||||
sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
|
||||
doCheck = false;
|
||||
});
|
||||
};
|
||||
|
||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||
symlinkJoin = { name, paths, ... }@args: let
|
||||
|
@ -8,13 +8,14 @@ let
|
||||
};
|
||||
|
||||
# TODO irc-announce should return a derivation
|
||||
irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: ''
|
||||
irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
export PATH=${makeBinPath (with pkgs; [
|
||||
coreutils
|
||||
git
|
||||
gnugrep
|
||||
gnused
|
||||
])}
|
||||
|
||||
@ -54,6 +55,12 @@ let
|
||||
|
||||
h=$(echo $ref | sed 's:^refs/heads/::')
|
||||
|
||||
${optionalString (branches != []) ''
|
||||
if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then
|
||||
echo "we are not serving this branch: $h"
|
||||
exit 0
|
||||
fi
|
||||
''}
|
||||
# empty_tree=$(git hash-object -t tree /dev/null)
|
||||
empty_tree=4b825dc6
|
||||
|
||||
|
@ -13,7 +13,6 @@ in {
|
||||
../2configs/retiolum.nix
|
||||
../2configs/git.nix
|
||||
../2configs/realwallpaper.nix
|
||||
../2configs/realwallpaper-server.nix
|
||||
../2configs/privoxy-retiolum.nix
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
|
@ -5,7 +5,7 @@
|
||||
../.
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/default.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
#../2configs/exim-retiolum.nix
|
||||
../2configs/git.nix
|
||||
{
|
||||
boot.loader.grub = {
|
||||
@ -63,6 +63,35 @@
|
||||
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
#TODO: abstract & move to own file
|
||||
krebs.exim-smarthost = {
|
||||
enable = true;
|
||||
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
|
||||
config.krebs.hosts.mors
|
||||
config.krebs.hosts.uriel
|
||||
config.krebs.hosts.helios
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
{ from = "postmaster"; to = "root"; }
|
||||
{ from = "nobody"; to = "root"; }
|
||||
{ from = "hostmaster"; to = "root"; }
|
||||
{ from = "usenet"; to = "root"; }
|
||||
{ from = "news"; to = "root"; }
|
||||
{ from = "webmaster"; to = "root"; }
|
||||
{ from = "www"; to = "root"; }
|
||||
{ from = "ftp"; to = "root"; }
|
||||
{ from = "abuse"; to = "root"; }
|
||||
{ from = "noc"; to = "root"; }
|
||||
{ from = "security"; to = "root"; }
|
||||
{ from = "root"; to = "lass"; }
|
||||
];
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.dishfire;
|
||||
|
@ -11,7 +11,7 @@ in {
|
||||
../2configs/default.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/realwallpaper-server.nix
|
||||
../2configs/realwallpaper.nix
|
||||
../2configs/privoxy-retiolum.nix
|
||||
../2configs/git.nix
|
||||
#../2configs/redis.nix
|
||||
|
@ -3,6 +3,7 @@
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
../2configs/hw/tp-x220.nix
|
||||
../2configs/baseX.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/programs.nix
|
||||
@ -14,22 +15,18 @@
|
||||
../2configs/elster.nix
|
||||
../2configs/steam.nix
|
||||
../2configs/wine.nix
|
||||
#../2configs/texlive.nix
|
||||
../2configs/binary-caches.nix
|
||||
#../2configs/ircd.nix
|
||||
../2configs/chromium-patched.nix
|
||||
../2configs/git.nix
|
||||
#../2configs/wordpress.nix
|
||||
../2configs/bitlbee.nix
|
||||
#../2configs/firefoxPatched.nix
|
||||
../2configs/skype.nix
|
||||
../2configs/teamviewer.nix
|
||||
../2configs/libvirt.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
../2configs/cbase.nix
|
||||
../2configs/c-base.nix
|
||||
../2configs/mail.nix
|
||||
../2configs/krebs-pass.nix
|
||||
#../2configs/buildbot-standalone.nix
|
||||
../2configs/umts.nix
|
||||
../2configs/repo-sync.nix
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
@ -57,17 +54,10 @@
|
||||
# package = pkgs.postgresql;
|
||||
# };
|
||||
#}
|
||||
{
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mors;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
@ -77,7 +67,6 @@
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
kernelModules = [ "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
@ -131,8 +120,8 @@
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
|
||||
'';
|
||||
|
||||
#TODO activationScripts seem broken, fix them!
|
||||
@ -146,7 +135,7 @@
|
||||
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
|
||||
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
|
||||
#Autosuspend for USB device Biometric Coprocessor
|
||||
echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
|
||||
#echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
|
||||
|
||||
#Runtime PMs
|
||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
|
||||
@ -168,22 +157,6 @@
|
||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
|
||||
'';
|
||||
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||
deviceSection = ''
|
||||
Option "AccelMethod" "sna"
|
||||
BusID "PCI:0:2:0"
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
acronym
|
||||
cac-api
|
||||
@ -214,15 +187,11 @@
|
||||
};
|
||||
};
|
||||
|
||||
krebs.repo-sync.timerConfig = {
|
||||
OnCalendar = "00:37";
|
||||
};
|
||||
|
||||
services.mongodb = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -19,6 +19,8 @@ in {
|
||||
../2configs/privoxy-retiolum.nix
|
||||
../2configs/radio.nix
|
||||
../2configs/buildbot-standalone.nix
|
||||
../2configs/repo-sync.nix
|
||||
../2configs/binary-cache/server.nix
|
||||
{
|
||||
imports = [
|
||||
../2configs/git.nix
|
||||
@ -66,8 +68,6 @@ in {
|
||||
|
||||
}
|
||||
{
|
||||
#boot.loader.gummiboot.enable = true;
|
||||
#boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
devices = [
|
||||
"/dev/sda"
|
||||
@ -110,10 +110,6 @@ in {
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
#{
|
||||
# #workaround for server dying after 6-7h
|
||||
# boot.kernelPackages = pkgs.linuxPackages_4_2;
|
||||
#}
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
}
|
||||
@ -202,7 +198,7 @@ in {
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
../2configs/realwallpaper-server.nix
|
||||
../2configs/realwallpaper.nix
|
||||
];
|
||||
krebs.nginx.servers."lassul.us".locations = [
|
||||
(lib.nameValuePair "/wallpaper.png" ''
|
||||
|
@ -4,7 +4,9 @@ with builtins;
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
../2configs/hw/tp-x220.nix
|
||||
../2configs/baseX.nix
|
||||
../2configs/git.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/browsers.nix
|
||||
../2configs/programs.nix
|
||||
@ -19,34 +21,10 @@ with builtins;
|
||||
# };
|
||||
# };
|
||||
#}
|
||||
{
|
||||
#x220 config from mors
|
||||
#TODO: make x220 config file (or look in other user dir)
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||
deviceSection = ''
|
||||
Option "AccelMethod" "sna"
|
||||
BusID "PCI:0:2:0"
|
||||
'';
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
@ -56,7 +34,6 @@ with builtins;
|
||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
#kernelModules = [ "kvm-intel" "msr" ];
|
||||
kernelModules = [ "msr" ];
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
@ -67,10 +44,15 @@ with builtins;
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
|
||||
"/home/lass" = {
|
||||
device = "/dev/pool/home-lass";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
#services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
||||
#'';
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
||||
'';
|
||||
}
|
||||
|
@ -8,7 +8,13 @@ in {
|
||||
#./urxvt.nix
|
||||
./xserver
|
||||
./mpv.nix
|
||||
#./pulse.nix
|
||||
./power-action.nix
|
||||
];
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
|
||||
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
||||
|
||||
@ -16,11 +22,6 @@ in {
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
security.setuidPrograms = [ "slock" ];
|
||||
@ -32,6 +33,7 @@ in {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
acpi
|
||||
dmenu
|
||||
gitAndTools.qgit
|
||||
lm_sensors
|
||||
@ -44,6 +46,7 @@ in {
|
||||
sxiv
|
||||
xclip
|
||||
xorg.xbacklight
|
||||
xorg.xhost
|
||||
xsel
|
||||
zathura
|
||||
|
||||
|
9
lass/2configs/binary-cache/client.nix
Normal file
9
lass/2configs/binary-cache/client.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = ["http://cache.prism.r"];
|
||||
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
|
||||
};
|
||||
}
|
||||
|
30
lass/2configs/binary-cache/server.nix
Normal file
30
lass/2configs/binary-cache/server.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ config, lib, pkgs, ...}:
|
||||
|
||||
{
|
||||
# generate private key with:
|
||||
# nix-store --generate-binary-cache-key my-secret-key my-public-key
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
|
||||
};
|
||||
|
||||
systemd.services.nix-serve = {
|
||||
requires = ["secret.service"];
|
||||
after = ["secret.service"];
|
||||
};
|
||||
krebs.secret.files.nix-serve-key = {
|
||||
path = "/run/secret/nix-serve.key";
|
||||
owner.name = "nix-serve";
|
||||
source-path = toString <secrets> + "/nix-serve.key";
|
||||
};
|
||||
krebs.nginx = {
|
||||
enable = true;
|
||||
servers.nix-serve = {
|
||||
server-names = [ "cache.prism.r" ];
|
||||
locations = lib.singleton (lib.nameValuePair "/" ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
'');
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,13 +0,0 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix.sshServe.enable = true;
|
||||
nix.sshServe.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
|
||||
];
|
||||
nix.binaryCaches = [
|
||||
#"scp://nix-ssh@mors"
|
||||
#"scp://nix-ssh@uriel"
|
||||
];
|
||||
}
|
@ -1,6 +1,14 @@
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
krebs.buildbot.master = let
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
sshWrapper = pkgs.writeDash "ssh-wrapper" ''
|
||||
${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
config.krebs.buildbot.master = let
|
||||
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
||||
in {
|
||||
slaves = {
|
||||
@ -25,20 +33,38 @@
|
||||
sched.append(schedulers.SingleBranchScheduler(
|
||||
## all branches
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
# treeStableTimer=10,
|
||||
treeStableTimer=10,
|
||||
name="fast-all-branches",
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
build-scheduler = ''
|
||||
# build all hosts
|
||||
sched.append(schedulers.SingleBranchScheduler(
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
treeStableTimer=10,
|
||||
name="prism-all-branches",
|
||||
builderNames=["build-all"]))
|
||||
'';
|
||||
};
|
||||
builder_pre = ''
|
||||
# prepare grab_repo step for stockholm
|
||||
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
||||
|
||||
env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
|
||||
# TODO: get nixpkgs/stockholm paths from krebs
|
||||
env_lass = {
|
||||
"LOGNAME": "lass",
|
||||
"NIX_REMOTE": "daemon",
|
||||
"dummy_secrets": "true",
|
||||
}
|
||||
env_makefu = {
|
||||
"LOGNAME": "makefu",
|
||||
"NIX_REMOTE": "daemon",
|
||||
"dummy_secrets": "true",
|
||||
}
|
||||
|
||||
# prepare nix-shell
|
||||
# the dependencies which are used by the test script
|
||||
deps = [ "gnumake", "jq","nix","rsync" ]
|
||||
deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
|
||||
# TODO: --pure , prepare ENV in nix-shell command:
|
||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||
nixshell = ["nix-shell",
|
||||
@ -51,16 +77,45 @@
|
||||
factory.addStep(steps.ShellCommand(**kwargs))
|
||||
'';
|
||||
builder = {
|
||||
build-all = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["make \
|
||||
test \
|
||||
ssh=${sshWrapper} \
|
||||
target=build@localhost:${config.users.users.build.home}/testbuild \
|
||||
method=build \
|
||||
system={}".format(i)])
|
||||
|
||||
for i in [ "pornocauster", "wry" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_makefu,
|
||||
command=nixshell + \
|
||||
["make \
|
||||
test \
|
||||
ssh=${sshWrapper} \
|
||||
target=build@localhost:${config.users.users.build.home}/testbuild \
|
||||
method=build \
|
||||
system={}".format(i)])
|
||||
|
||||
bu.append(util.BuilderConfig(name="build-all",
|
||||
slavenames=slavenames,
|
||||
factory=f))
|
||||
|
||||
'';
|
||||
|
||||
fast-tests = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
for i in [ "prism", "mors", "echelon" ]:
|
||||
addShell(f,name="populate-{}".format(i),env=env,
|
||||
addShell(f,name="populate-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["{}( make system={} eval.config.krebs.build.populate \
|
||||
| jq -er .)".format("!" if "failing" in i else "",i)])
|
||||
|
||||
addShell(f,name="build-test-minimal",env=env,
|
||||
addShell(f,name="build-test-minimal",env=env_lass,
|
||||
command=nixshell + \
|
||||
["nix-instantiate \
|
||||
--show-trace --eval --strict --json \
|
||||
@ -86,17 +141,17 @@
|
||||
};
|
||||
};
|
||||
|
||||
krebs.buildbot.slave = {
|
||||
config.krebs.buildbot.slave = {
|
||||
enable = true;
|
||||
masterhost = "localhost";
|
||||
username = "testslave";
|
||||
password = "lasspass";
|
||||
packages = with pkgs;[ git nix gnumake jq rsync ];
|
||||
extraEnviron = {
|
||||
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
|
||||
NIX_PATH="nixpkgs=/var/src/nixpkgs";
|
||||
};
|
||||
};
|
||||
krebs.iptables = {
|
||||
config.krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
|
||||
@ -104,4 +159,29 @@
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#ssh workaround for make test
|
||||
options.lass.build-ssh-privkey = mkOption {
|
||||
type = types.secret-file;
|
||||
default = {
|
||||
path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
|
||||
owner = { inherit (config.users.users.buildbotSlave ) name uid;};
|
||||
source-path = toString <secrets> + "/build.ssh.key";
|
||||
};
|
||||
};
|
||||
config.krebs.secret.files = {
|
||||
build-ssh-privkey = config.lass.build-ssh-privkey;
|
||||
};
|
||||
config.users.users = {
|
||||
build = {
|
||||
name = "build";
|
||||
uid = genid "build";
|
||||
home = "/home/build";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -7,6 +7,9 @@ with config.krebs.lib;
|
||||
../2configs/zsh.nix
|
||||
../2configs/mc.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/nixpkgs.nix
|
||||
../2configs/binary-cache/client.nix
|
||||
../2configs/gc.nix
|
||||
./backups.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
@ -52,21 +55,18 @@ with config.krebs.lib;
|
||||
user = config.krebs.users.lass;
|
||||
source = mapAttrs (_: mkDefault) ({
|
||||
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
|
||||
secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
|
||||
secrets = if getEnv "dummy_secrets" == "true"
|
||||
then toString <stockholm/lass/2configs/tests/dummy-secrets>
|
||||
else "/home/lass/secrets/${config.krebs.build.host.name}";
|
||||
#secrets-common = "/home/lass/secrets/common";
|
||||
stockholm = "/home/lass/stockholm";
|
||||
nixpkgs = {
|
||||
url = https://github.com/lassulus/nixpkgs;
|
||||
rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894";
|
||||
dev = "/home/lass/src/nixpkgs";
|
||||
};
|
||||
stockholm = getEnv "PWD";
|
||||
} // optionalAttrs config.krebs.build.host.secure {
|
||||
#secrets-master = "/home/lass/secrets/master";
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
nix.useChroot = true;
|
||||
nix.useSandbox = true;
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
@ -114,8 +114,13 @@ with config.krebs.lib;
|
||||
|
||||
#neat utils
|
||||
krebspaste
|
||||
pciutils
|
||||
psmisc
|
||||
q
|
||||
rs
|
||||
tmux
|
||||
untilport
|
||||
usbutils
|
||||
|
||||
#unpack stuff
|
||||
p7zip
|
||||
|
@ -21,6 +21,7 @@ in {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-uriel.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -28,6 +28,8 @@ with config.krebs.lib;
|
||||
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
|
||||
{ from = "finanzamt@lassul.us"; to = lass.mail; }
|
||||
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
|
||||
{ from = "netzclub@lassul.us"; to = lass.mail; }
|
||||
{ from = "nebenan@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
@ -5,7 +5,8 @@ let
|
||||
in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
url = "cloudkrebs/wallpaper.png";
|
||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||
url = "prism/wallpaper.png";
|
||||
};
|
||||
}
|
||||
|
||||
|
8
lass/2configs/gc.nix
Normal file
8
lass/2configs/gc.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ config, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ];
|
||||
};
|
||||
}
|
@ -29,18 +29,10 @@ let
|
||||
rules = concatMap make-rules (attrValues repos);
|
||||
|
||||
public-repos = mapAttrs make-public-repo {
|
||||
painload = {};
|
||||
stockholm = {
|
||||
cgit.desc = "take all the computers hostage, they'll love you!";
|
||||
};
|
||||
wai-middleware-time = {};
|
||||
web-routes-wai-custom = {};
|
||||
go = {};
|
||||
newsbot-js = {};
|
||||
kimsufi-check = {};
|
||||
realwallpaper = {};
|
||||
xmonad-stockholm = {};
|
||||
the_playlist = {};
|
||||
} // mapAttrs make-public-repo-silent {
|
||||
the_playlist = {};
|
||||
};
|
||||
@ -50,8 +42,6 @@ let
|
||||
brain = {
|
||||
collaborators = with config.krebs.users; [ tv makefu ];
|
||||
};
|
||||
extraction_webinterface = {};
|
||||
politics-fetching = {};
|
||||
} //
|
||||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||
);
|
||||
@ -66,6 +56,7 @@ let
|
||||
channel = "#retiolum";
|
||||
server = "cd.retiolum";
|
||||
verbose = config.krebs.build.host.name == "prism";
|
||||
branches = [ "master" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -84,7 +75,7 @@ let
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = [ lass lass-helios lass-uriel ];
|
||||
user = [ lass lass-uriel ];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
|
54
lass/2configs/hw/tp-x220.nix
Normal file
54
lass/2configs/hw/tp-x220.nix
Normal file
@ -0,0 +1,54 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
{
|
||||
networking.wireless.enable = lib.mkDefault true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
zramSwap.numDevices = 2;
|
||||
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
sensitivity = 220;
|
||||
speed = 0;
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.tlp.extraConfig = ''
|
||||
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
||||
#START_CHARGE_THRESH_BAT0=80
|
||||
STOP_CHARGE_THRESH_BAT0=95
|
||||
|
||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||
CPU_MIN_PERF_ON_AC=0
|
||||
CPU_MAX_PERF_ON_AC=100
|
||||
CPU_MIN_PERF_ON_BAT=0
|
||||
CPU_MAX_PERF_ON_BAT=30
|
||||
'';
|
||||
|
||||
boot = {
|
||||
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
|
||||
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
||||
};
|
||||
|
||||
hardware.opengl.extraPackages = [
|
||||
pkgs.vaapiIntel
|
||||
pkgs.vaapiVdpau
|
||||
];
|
||||
|
||||
services.xserver = {
|
||||
videoDriver = "intel";
|
||||
deviceSection = ''
|
||||
Option "AccelMethod" "sna"
|
||||
'';
|
||||
};
|
||||
|
||||
security.rngd.enable = true;
|
||||
}
|
@ -10,8 +10,9 @@ let
|
||||
account default: prism
|
||||
'';
|
||||
|
||||
msmtp = pkgs.writeDashBin "msmtp" ''
|
||||
exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
|
||||
msmtp = pkgs.writeBashBin "msmtp" ''
|
||||
${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
|
||||
${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
|
||||
'';
|
||||
|
||||
muttrc = pkgs.writeText "muttrc" ''
|
||||
@ -42,7 +43,7 @@ let
|
||||
set nm_record = yes
|
||||
set nm_record_tags = "-inbox me archive"
|
||||
set virtual_spoolfile=yes # enable virtual folders
|
||||
set sendmail="msmtp" # enables parsing of outgoing mail
|
||||
set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
|
||||
set use_from=yes
|
||||
set envelope_from=yes
|
||||
|
||||
|
@ -41,7 +41,6 @@ let
|
||||
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
|
||||
csm|http://rss.csmonitor.com/feeds/csm|#news
|
||||
csm_world|http://rss.csmonitor.com/feeds/world|#news
|
||||
cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news
|
||||
danisch|http://www.danisch.de/blog/feed/|#news
|
||||
dod|http://www.defense.gov/news/afps2.xml|#news
|
||||
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
|
||||
@ -102,7 +101,7 @@ let
|
||||
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
|
||||
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
|
||||
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
|
||||
nsa|http://www.nsa.gov/rss.shtml|#news #bullerei
|
||||
nsa|https://www.nsa.gov/rss.xml|#news #bullerei
|
||||
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
|
||||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
||||
phys|http://phys.org/rss-feed/|#news
|
||||
|
8
lass/2configs/nixpkgs.nix
Normal file
8
lass/2configs/nixpkgs.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
krebs.build.source.nixpkgs = {
|
||||
url = https://github.com/lassulus/nixpkgs;
|
||||
rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290";
|
||||
};
|
||||
}
|
41
lass/2configs/power-action.nix
Normal file
41
lass/2configs/power-action.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
suspend = pkgs.writeDash "suspend" ''
|
||||
${pkgs.systemd}/bin/systemctl suspend
|
||||
'';
|
||||
|
||||
speak = text:
|
||||
pkgs.writeDash "speak" ''
|
||||
${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
|
||||
'';
|
||||
|
||||
in {
|
||||
lass.power-action = {
|
||||
enable = true;
|
||||
plans.low-battery = {
|
||||
upperLimit = 30;
|
||||
lowerLimit = 25;
|
||||
charging = false;
|
||||
action = pkgs.writeDash "warn-low-battery" ''
|
||||
${speak "power level low"}
|
||||
'';
|
||||
};
|
||||
plans.suspend = {
|
||||
upperLimit = 10;
|
||||
lowerLimit = 0;
|
||||
charging = false;
|
||||
action = pkgs.writeDash "suspend-wrapper" ''
|
||||
/var/setuid-wrappers/sudo ${suspend}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.users.power-action.extraGroups = [
|
||||
"audio"
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend}
|
||||
'';
|
||||
}
|
96
lass/2configs/pulse.nix
Normal file
96
lass/2configs/pulse.nix
Normal file
@ -0,0 +1,96 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
let
|
||||
pkg = pkgs.pulseaudioLight;
|
||||
runDir = "/run/pulse";
|
||||
|
||||
alsaConf = pkgs.writeText "asound.conf" ''
|
||||
ctl_type.pulse {
|
||||
libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so;
|
||||
}
|
||||
pcm_type.pulse {
|
||||
libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so;
|
||||
}
|
||||
ctl.!default {
|
||||
type pulse
|
||||
}
|
||||
pcm.!default {
|
||||
type pulse
|
||||
}
|
||||
'';
|
||||
|
||||
clientConf = pkgs.writeText "client.conf" ''
|
||||
autospawn=no
|
||||
default-server = unix:${runDir}/socket
|
||||
'';
|
||||
|
||||
daemonConf = pkgs.writeText "daemon.conf" ''
|
||||
exit-idle-time=0
|
||||
flat-volumes = no
|
||||
default-fragments = 4
|
||||
default-fragment-size-msec = 25
|
||||
'';
|
||||
|
||||
configFile = pkgs.writeText "default.pa" ''
|
||||
.include ${pkg}/etc/pulse/default.pa
|
||||
load-module ${toString [
|
||||
"module-native-protocol-unix"
|
||||
"auth-anonymous=1"
|
||||
"socket=${runDir}/socket"
|
||||
]}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
environment = {
|
||||
etc = {
|
||||
"asound.conf".source = alsaConf;
|
||||
# XXX mkForce is not strong enough (and neither is mkOverride) to create
|
||||
# /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
|
||||
#"pulse/client.conf" = mkForce { source = clientConf; };
|
||||
#"pulse/client.conf".source = mkForce clientConf;
|
||||
"pulse/default.pa".source = configFile;
|
||||
"pulse/daemon.pa".source = daemonConf;
|
||||
};
|
||||
systemPackages = [
|
||||
pkg
|
||||
] ++ optionals config.services.xserver.enable [
|
||||
pkgs.pavucontrol
|
||||
];
|
||||
};
|
||||
|
||||
# Allow PulseAudio to get realtime priority using rtkit.
|
||||
security.rtkit.enable = true;
|
||||
|
||||
system.activationScripts.pulseaudio-hack = ''
|
||||
ln -fns ${clientConf} /etc/pulse/client.conf
|
||||
'';
|
||||
|
||||
systemd.services.pulse = {
|
||||
wantedBy = [ "sound.target" ];
|
||||
before = [ "sound.target" ];
|
||||
environment = {
|
||||
PULSE_RUNTIME_PATH = "${runDir}/home";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkg}/bin/pulseaudio";
|
||||
ExecStartPre = pkgs.writeDash "pulse-start" ''
|
||||
install -o pulse -g audio -m 0750 -d ${runDir}
|
||||
install -o pulse -g audio -m 0700 -d ${runDir}/home
|
||||
'';
|
||||
PermissionsStartOnly = "true";
|
||||
User = "pulse";
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
groups.pulse.gid = config.users.users.pulse.uid;
|
||||
users.pulse = {
|
||||
uid = genid "pulse";
|
||||
group = "pulse";
|
||||
extraGroups = [ "audio" ];
|
||||
home = "${runDir}/home";
|
||||
};
|
||||
};
|
||||
}
|
@ -11,7 +11,7 @@ let
|
||||
source-password = import <secrets/icecast-source-pw>;
|
||||
|
||||
add_random = pkgs.writeDashBin "add_random" ''
|
||||
mpc add "$(mpc ls | shuf -n1)"
|
||||
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
|
||||
'';
|
||||
|
||||
skip_track = pkgs.writeDashBin "skip_track" ''
|
||||
@ -52,13 +52,8 @@ in {
|
||||
print_current
|
||||
ncmpcpp
|
||||
mpc_cli
|
||||
tmux
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||
'';
|
||||
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
group = "radio";
|
||||
@ -67,7 +62,7 @@ in {
|
||||
audio_output {
|
||||
type "shout"
|
||||
encoding "ogg"
|
||||
name "my cool stream"
|
||||
name "the_playlist"
|
||||
host "localhost"
|
||||
port "8000"
|
||||
mount "/radio.ogg"
|
||||
@ -84,7 +79,7 @@ in {
|
||||
# Optional Parameters
|
||||
user "source"
|
||||
# description "here is my long description"
|
||||
# genre "jazz"
|
||||
genre "good music"
|
||||
} # end of audio_output
|
||||
|
||||
'';
|
||||
@ -114,7 +109,7 @@ in {
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
timerConfig = {
|
||||
OnCalendar = "*:*";
|
||||
OnCalendar = "*:0/1";
|
||||
};
|
||||
};
|
||||
|
||||
@ -123,8 +118,8 @@ in {
|
||||
LIMIT=$1 #in secconds
|
||||
|
||||
timeLeft () {
|
||||
playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
|
||||
currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
|
||||
playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
|
||||
currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
|
||||
expr ''${playlistDuration:-0} - ''${currentTime:-0}
|
||||
}
|
||||
|
||||
@ -136,16 +131,10 @@ in {
|
||||
description = "radio playlist autoadder";
|
||||
after = [ "network.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
gawk
|
||||
mpc_cli
|
||||
];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = "${autoAdd} 100";
|
||||
ExecStart = "${autoAdd} 150";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1,32 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
inherit (lib)
|
||||
nameValuePair
|
||||
;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./realwallpaper.nix
|
||||
];
|
||||
|
||||
krebs.nginx.servers.wallpaper = {
|
||||
server-names = [
|
||||
hostname
|
||||
];
|
||||
locations = [
|
||||
(nameValuePair "/wallpaper.png" ''
|
||||
root /tmp/;
|
||||
'')
|
||||
];
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,5 +1,30 @@
|
||||
{ config, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
inherit (lib)
|
||||
nameValuePair
|
||||
;
|
||||
|
||||
in {
|
||||
krebs.realwallpaper.enable = true;
|
||||
|
||||
krebs.nginx.servers.wallpaper = {
|
||||
server-names = [
|
||||
hostname
|
||||
];
|
||||
locations = [
|
||||
(nameValuePair "/wallpaper.png" ''
|
||||
root /tmp/;
|
||||
'')
|
||||
];
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
106
lass/2configs/repo-sync.nix
Normal file
106
lass/2configs/repo-sync.nix
Normal file
@ -0,0 +1,106 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
mirror = "git@${config.networking.hostName}:";
|
||||
|
||||
defineRepo = name: announce: let
|
||||
repo = {
|
||||
public = true;
|
||||
name = mkDefault "${name}";
|
||||
cgit.desc = mkDefault "mirror for ${name}";
|
||||
hooks = mkIf announce (mkDefault {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
nick = config.networking.hostName;
|
||||
verbose = false;
|
||||
channel = "#retiolum";
|
||||
server = "cd.retiolum";
|
||||
branches = [ "newest" ];
|
||||
};
|
||||
});
|
||||
};
|
||||
in {
|
||||
rules = with git; singleton {
|
||||
user = with config.krebs.users; [
|
||||
config.krebs.users."${config.networking.hostName}-repo-sync"
|
||||
lass
|
||||
lass-shodan
|
||||
];
|
||||
repo = [ repo ];
|
||||
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
|
||||
};
|
||||
repos."${name}" = repo;
|
||||
};
|
||||
|
||||
sync-retiolum = name:
|
||||
{
|
||||
krebs.repo-sync.repos.${name} = {
|
||||
makefu = {
|
||||
origin.url = "http://cgit.gum/${name}";
|
||||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
tv = {
|
||||
origin.url = "http://cgit.cd/${name}";
|
||||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
lassulus = {
|
||||
origin.url = "http://cgit.prism/${name}";
|
||||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
"@latest" = {
|
||||
mirror.url = "${mirror}${name}";
|
||||
mirror.ref = "heads/newest";
|
||||
};
|
||||
};
|
||||
krebs.git = defineRepo name (config.networking.hostName == "prism");
|
||||
};
|
||||
|
||||
sync-remote = name: url:
|
||||
{
|
||||
krebs.repo-sync.repos.${name} = {
|
||||
remote = {
|
||||
origin.url = url;
|
||||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
};
|
||||
krebs.git = defineRepo name (config.networking.hostName == "prism");
|
||||
};
|
||||
|
||||
sync-remote-silent = name: url:
|
||||
{
|
||||
krebs.repo-sync.repos.${name} = {
|
||||
remote = {
|
||||
origin.url = url;
|
||||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
};
|
||||
krebs.git = defineRepo name false;
|
||||
};
|
||||
|
||||
in {
|
||||
krebs.repo-sync = {
|
||||
enable = true;
|
||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||
};
|
||||
imports = [
|
||||
(sync-remote "array" "https://github.com/makefu/array")
|
||||
(sync-remote "email-header" "https://github.com/4z3/email-header")
|
||||
(sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask")
|
||||
(sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot")
|
||||
(sync-remote "repo-sync" "https://github.com/makefu/repo-sync")
|
||||
(sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
|
||||
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
|
||||
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
|
||||
(sync-retiolum "go")
|
||||
(sync-retiolum "much")
|
||||
(sync-retiolum "newsbot-js")
|
||||
(sync-retiolum "painload")
|
||||
(sync-retiolum "realwallpaper")
|
||||
(sync-retiolum "stockholm")
|
||||
(sync-retiolum "wai-middleware-time")
|
||||
(sync-retiolum "web-routes-wai-custom")
|
||||
(sync-retiolum "xmonad-stockholm")
|
||||
];
|
||||
}
|
||||
|
0
lass/2configs/tests/dummy-secrets/cbase.txt
Normal file
0
lass/2configs/tests/dummy-secrets/cbase.txt
Normal file
1
lass/2configs/tests/dummy-secrets/hashedPasswords.nix
Normal file
1
lass/2configs/tests/dummy-secrets/hashedPasswords.nix
Normal file
@ -0,0 +1 @@
|
||||
{}
|
1
lass/2configs/tests/dummy-secrets/icecast-admin-pw
Normal file
1
lass/2configs/tests/dummy-secrets/icecast-admin-pw
Normal file
@ -0,0 +1 @@
|
||||
"blabla"
|
1
lass/2configs/tests/dummy-secrets/icecast-source-pw
Normal file
1
lass/2configs/tests/dummy-secrets/icecast-source-pw
Normal file
@ -0,0 +1 @@
|
||||
"blabla"
|
3
lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
Normal file
3
lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
Normal file
@ -0,0 +1,3 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
this is a private key
|
||||
-----END RSA PRIVATE KEY-----
|
1
lass/2configs/tests/dummy-secrets/mysql_rootPassword
Normal file
1
lass/2configs/tests/dummy-secrets/mysql_rootPassword
Normal file
@ -0,0 +1 @@
|
||||
blabla123
|
1
lass/2configs/tests/dummy-secrets/nix-serve.key
Normal file
1
lass/2configs/tests/dummy-secrets/nix-serve.key
Normal file
@ -0,0 +1 @@
|
||||
key-name:blabla123
|
1
lass/2configs/tests/dummy-secrets/repos.nix
Normal file
1
lass/2configs/tests/dummy-secrets/repos.nix
Normal file
@ -0,0 +1 @@
|
||||
_: {}
|
4
lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
Normal file
4
lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
Normal file
@ -0,0 +1,4 @@
|
||||
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
this is a private key
|
||||
-----END RSA PRIVATE KEY-----
|
3
lass/2configs/tests/dummy-secrets/ssh.id_ed25519
Normal file
3
lass/2configs/tests/dummy-secrets/ssh.id_ed25519
Normal file
@ -0,0 +1,3 @@
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
private key bla
|
||||
-----END OPENSSH PRIVATE KEY-----
|
3
lass/2configs/tests/dummy-secrets/ssh.id_rsa
Normal file
3
lass/2configs/tests/dummy-secrets/ssh.id_rsa
Normal file
@ -0,0 +1,3 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
private key bla
|
||||
-----END RSA PRIVATE KEY-----
|
1
lass/2configs/tests/dummy-secrets/transmission-pw
Normal file
1
lass/2configs/tests/dummy-secrets/transmission-pw
Normal file
@ -0,0 +1 @@
|
||||
"krebskrebs123"
|
62
lass/2configs/umts.nix
Normal file
62
lass/2configs/umts.nix
Normal file
@ -0,0 +1,62 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOS"; repo = "nixpkgs-channels";
|
||||
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
|
||||
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
|
||||
}) {};
|
||||
|
||||
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
|
||||
|
||||
modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
|
||||
|
||||
# TODO: currently it is only netzclub
|
||||
umts-bin = pkgs.writeScriptBin "umts" ''
|
||||
#!/bin/sh
|
||||
set -euf
|
||||
systemctl stop wpa_supplicant
|
||||
systemctl start umts
|
||||
trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT
|
||||
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
|
||||
journalctl -xfu umts
|
||||
'';
|
||||
|
||||
wvdial-defaults = ''
|
||||
Modem = ${modem-device}
|
||||
Init1 = AT+CFUN=1
|
||||
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
||||
Baud = 460800
|
||||
phone= *99#
|
||||
Username = netzclub
|
||||
Password = netzclub
|
||||
Stupid Mode = 1
|
||||
Idle Seconds = 0
|
||||
'';
|
||||
|
||||
|
||||
out = {
|
||||
environment.shellAliases = {
|
||||
umts = "sudo ${umts-bin}/bin/umts";
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
|
||||
'';
|
||||
|
||||
environment.wvdial.dialerDefaults = wvdial-defaults;
|
||||
|
||||
systemd.services.umts = {
|
||||
description = "UMTS wvdial Service";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
RestartSec = "10s";
|
||||
ExecStart = "${wvdial}/bin/wvdial -n";
|
||||
};
|
||||
};
|
||||
};
|
||||
in out
|
||||
|
@ -1,158 +1,351 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
let
|
||||
customPlugins = {
|
||||
mustang2 = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "Mustang2";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "croaker";
|
||||
repo = "mustang-vim";
|
||||
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
|
||||
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
|
||||
};
|
||||
};
|
||||
unimpaired = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "unimpaired-vim";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "tpope";
|
||||
repo = "vim-unimpaired";
|
||||
rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
|
||||
sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
|
||||
};
|
||||
};
|
||||
brogrammer = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "brogrammer";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "marciomazza";
|
||||
repo = "vim-brogrammer-theme";
|
||||
rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
|
||||
sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
|
||||
};
|
||||
};
|
||||
file-line = pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "bogado";
|
||||
repo = "file-line";
|
||||
rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
|
||||
sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
out = {
|
||||
environment.systemPackages = [
|
||||
(pkgs.vim_configurable.customize {
|
||||
name = "vim";
|
||||
vim
|
||||
];
|
||||
|
||||
vimrcConfig.customRC = ''
|
||||
set nocompatible
|
||||
set t_Co=16
|
||||
syntax on
|
||||
" TODO autoload colorscheme file
|
||||
environment.etc.vimrc.source = vimrc;
|
||||
|
||||
environment.variables.EDITOR = mkForce "vim";
|
||||
environment.variables.VIMINIT = ":so /etc/vimrc";
|
||||
};
|
||||
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.Gundo
|
||||
pkgs.vimPlugins.Syntastic
|
||||
pkgs.vimPlugins.undotree
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line-1.0";
|
||||
src = pkgs.fetchgit {
|
||||
url = git://github.com/bogado/file-line;
|
||||
rev = "refs/tags/1.0";
|
||||
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
|
||||
};
|
||||
})
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "hack";
|
||||
in {
|
||||
name = "vim-color-${name}-1.0.2";
|
||||
destination = "/colors/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
set background=dark
|
||||
colorscheme brogrammer
|
||||
filetype off
|
||||
filetype plugin indent on
|
||||
hi clear
|
||||
if exists("syntax_on")
|
||||
syntax clear
|
||||
endif
|
||||
|
||||
imap <F1> <nop>
|
||||
let colors_name = ${toJSON name}
|
||||
|
||||
set mouse=a
|
||||
set ruler
|
||||
set showmatch
|
||||
set backspace=2
|
||||
set visualbell
|
||||
set encoding=utf8
|
||||
set showcmd
|
||||
set wildmenu
|
||||
hi Normal ctermbg=235
|
||||
hi Comment ctermfg=242
|
||||
hi Constant ctermfg=062
|
||||
hi Identifier ctermfg=068
|
||||
hi Function ctermfg=041
|
||||
hi Statement ctermfg=167
|
||||
hi PreProc ctermfg=167
|
||||
hi Type ctermfg=041
|
||||
hi Delimiter ctermfg=251
|
||||
hi Special ctermfg=062
|
||||
|
||||
set title
|
||||
set titleold=
|
||||
set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
|
||||
hi Garbage ctermbg=088
|
||||
hi TabStop ctermbg=016
|
||||
hi Todo ctermfg=174 ctermbg=NONE
|
||||
|
||||
hi NixCode ctermfg=148
|
||||
hi NixData ctermfg=149
|
||||
hi NixQuote ctermfg=150
|
||||
|
||||
hi diffNewFile ctermfg=207
|
||||
hi diffFile ctermfg=207
|
||||
hi diffLine ctermfg=207
|
||||
hi diffSubname ctermfg=207
|
||||
hi diffAdded ctermfg=010
|
||||
hi diffRemoved ctermfg=009
|
||||
'';
|
||||
})))
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "vim";
|
||||
in {
|
||||
name = "vim-syntax-${name}-1.0.0";
|
||||
destination = "/syntax/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
${concatMapStringsSep "\n" (s: /* vim */ ''
|
||||
syn keyword vimColor${s} ${s}
|
||||
\ containedin=ALLBUT,vimComment,vimLineComment
|
||||
hi vimColor${s} ctermfg=${s}
|
||||
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
|
||||
'';
|
||||
})))
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "showsyntax";
|
||||
in {
|
||||
name = "vim-plugin-${name}-1.0.0";
|
||||
destination = "/plugin/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
if exists('g:loaded_showsyntax')
|
||||
finish
|
||||
endif
|
||||
let g:loaded_showsyntax = 0
|
||||
|
||||
fu! ShowSyntax()
|
||||
let id = synID(line("."), col("."), 1)
|
||||
let name = synIDattr(id, "name")
|
||||
let transName = synIDattr(synIDtrans(id),"name")
|
||||
if name != transName
|
||||
let name .= " (" . transName . ")"
|
||||
endif
|
||||
echo "Syntax: " . name
|
||||
endfu
|
||||
|
||||
command! -n=0 -bar ShowSyntax :call ShowSyntax()
|
||||
'';
|
||||
})))
|
||||
];
|
||||
|
||||
dirs = {
|
||||
backupdir = "$HOME/.cache/vim/backup";
|
||||
swapdir = "$HOME/.cache/vim/swap";
|
||||
undodir = "$HOME/.cache/vim/undo";
|
||||
};
|
||||
files = {
|
||||
viminfo = "$HOME/.cache/vim/info";
|
||||
};
|
||||
|
||||
mkdirs = let
|
||||
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
|
||||
in assert out != ""; out;
|
||||
alldirs = attrValues dirs ++ map dirOf (attrValues files);
|
||||
in unique (sort lessThan alldirs);
|
||||
|
||||
vim = pkgs.writeDashBin "vim" ''
|
||||
set -efu
|
||||
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
|
||||
exec ${pkgs.neovim}/bin/nvim "$@"
|
||||
'';
|
||||
|
||||
vimrc = pkgs.writeText "vimrc" ''
|
||||
set nocompatible
|
||||
|
||||
set autoindent
|
||||
|
||||
set ttyfast
|
||||
|
||||
set backspace=indent,eol,start
|
||||
set backup
|
||||
set backupdir=${dirs.backupdir}/
|
||||
set directory=${dirs.swapdir}//
|
||||
set hlsearch
|
||||
set incsearch
|
||||
set mouse=a
|
||||
set noruler
|
||||
set pastetoggle=<INS>
|
||||
set runtimepath=${extra-runtimepath},$VIMRUNTIME
|
||||
set shortmess+=I
|
||||
set showcmd
|
||||
set showmatch
|
||||
set ttimeoutlen=0
|
||||
set undodir=${dirs.undodir}
|
||||
set undofile
|
||||
set undolevels=1000000
|
||||
set undoreload=1000000
|
||||
set viminfo='20,<1000,s100,h,n${files.viminfo}
|
||||
set visualbell
|
||||
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
|
||||
set wildmenu
|
||||
set wildmode=longest,full
|
||||
|
||||
set et ts=2 sts=2 sw=2
|
||||
|
||||
" Force Saving Files that Require Root Permission
|
||||
command! W silent w !sudo tee "%" >/dev/null
|
||||
filetype plugin indent on
|
||||
|
||||
nnoremap <C-c> :q<Return>
|
||||
set t_Co=256
|
||||
colorscheme hack
|
||||
syntax on
|
||||
|
||||
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
||||
\ | syn match TabStop containedin=ALL /\t\+/
|
||||
\ | syn keyword Todo containedin=ALL TODO
|
||||
|
||||
au BufRead,BufNewFile *.hs so ${hs.vim}
|
||||
|
||||
au BufRead,BufNewFile *.nix so ${nix.vim}
|
||||
|
||||
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
|
||||
|
||||
"Syntastic config
|
||||
let g:syntastic_python_checkers=['flake8']
|
||||
|
||||
nmap <esc>q :buffer
|
||||
nmap <M-q> :buffer
|
||||
|
||||
cnoremap <C-A> <Home>
|
||||
|
||||
noremap <C-c> :q<cr>
|
||||
vnoremap < <gv
|
||||
vnoremap > >gv
|
||||
|
||||
nmap <esc>q :buffer
|
||||
nnoremap <esc>[5^ :tabp<cr>
|
||||
nnoremap <esc>[6^ :tabn<cr>
|
||||
nnoremap <esc>[5@ :tabm -1<cr>
|
||||
nnoremap <esc>[6@ :tabm +1<cr>
|
||||
|
||||
nnoremap <f1> :tabp<cr>
|
||||
nnoremap <f2> :tabn<cr>
|
||||
inoremap <f1> <esc>:tabp<cr>
|
||||
inoremap <f2> <esc>:tabn<cr>
|
||||
|
||||
"Tabwidth
|
||||
set ts=2 sts=2 sw=2 et
|
||||
|
||||
" create Backup/tmp/undo dirs
|
||||
function! InitBackupDir()
|
||||
let l:parent = $HOME . '/.vim/'
|
||||
let l:backup = l:parent . 'backups/'
|
||||
let l:tmpdir = l:parent . 'tmp/'
|
||||
let l:undodi = l:parent . 'undo/'
|
||||
|
||||
if !isdirectory(l:parent)
|
||||
call mkdir(l:parent)
|
||||
endif
|
||||
if !isdirectory(l:backup)
|
||||
call mkdir(l:backup)
|
||||
endif
|
||||
if !isdirectory(l:tmpdir)
|
||||
call mkdir(l:tmpdir)
|
||||
endif
|
||||
if !isdirectory(l:undodi)
|
||||
call mkdir(l:undodi)
|
||||
endif
|
||||
endfunction
|
||||
call InitBackupDir()
|
||||
|
||||
" Backups & Files
|
||||
set backup
|
||||
set backupdir=~/.vim/backups
|
||||
set directory=~/.vim/tmp//
|
||||
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
|
||||
set undodir=$HOME/.vim/undo
|
||||
set undofile
|
||||
|
||||
" highlight whitespaces
|
||||
highlight ExtraWhitespace ctermbg=red guibg=red
|
||||
match ExtraWhitespace /\s\+$/
|
||||
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
|
||||
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
|
||||
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
|
||||
autocmd BufWinLeave * call clearmatches()
|
||||
|
||||
"ft specific stuff
|
||||
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
|
||||
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
|
||||
|
||||
"esc timeout
|
||||
set timeoutlen=1000 ttimeoutlen=0
|
||||
|
||||
"foldfunctions
|
||||
inoremap <F9> <C-O>za
|
||||
nnoremap <F9> za
|
||||
onoremap <F9> <C-C>za
|
||||
vnoremap <F9> zf
|
||||
" <C-{Up,Down,Right,Left>
|
||||
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
|
||||
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
|
||||
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
|
||||
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
|
||||
" <[C]S-{Up,Down,Right,Left>
|
||||
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
|
||||
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
|
||||
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
|
||||
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
|
||||
vnoremap u <nop>
|
||||
'';
|
||||
|
||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
{ names = [
|
||||
"brogrammer"
|
||||
"file-line"
|
||||
"Gundo"
|
||||
]; }
|
||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||
];
|
||||
hs.vim = pkgs.writeText "hs.vim" ''
|
||||
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
|
||||
|
||||
})
|
||||
hi link ConId Identifier
|
||||
hi link VarId Identifier
|
||||
hi link hsDelimiter Delimiter
|
||||
'';
|
||||
|
||||
nix.vim = pkgs.writeText "nix.vim" ''
|
||||
setf nix
|
||||
|
||||
" Ref <nix/src/libexpr/lexer.l>
|
||||
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
|
||||
syn match NixINT /\<[0-9]\+\>/
|
||||
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
|
||||
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
|
||||
syn region NixSTRING
|
||||
\ matchgroup=NixSTRING
|
||||
\ start='"'
|
||||
\ skip='\\"'
|
||||
\ end='"'
|
||||
syn region NixIND_STRING
|
||||
\ matchgroup=NixIND_STRING
|
||||
\ start="'''"
|
||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||
\ end="'''"
|
||||
|
||||
syn match NixOther /[():/;=.,?\[\]]/
|
||||
|
||||
syn match NixCommentMatch /\(^\|\s\)#.*/
|
||||
syn region NixCommentRegion start="/\*" end="\*/"
|
||||
|
||||
hi link NixCode Statement
|
||||
hi link NixData Constant
|
||||
hi link NixComment Comment
|
||||
|
||||
hi link NixCommentMatch NixComment
|
||||
hi link NixCommentRegion NixComment
|
||||
hi link NixID NixCode
|
||||
hi link NixINT NixData
|
||||
hi link NixPATH NixData
|
||||
hi link NixHPATH NixData
|
||||
hi link NixSPATH NixData
|
||||
hi link NixURI NixData
|
||||
hi link NixSTRING NixData
|
||||
hi link NixIND_STRING NixData
|
||||
|
||||
hi link NixEnter NixCode
|
||||
hi link NixOther NixCode
|
||||
hi link NixQuote NixData
|
||||
|
||||
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
|
||||
syn cluster nix_ind_strings contains=NixIND_STRING
|
||||
syn cluster nix_strings contains=NixSTRING
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
|
||||
startAlts = filter isString [
|
||||
''/\* ${lang} \*/''
|
||||
extraStart
|
||||
];
|
||||
}
|
||||
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
|
||||
in /* vim */ ''
|
||||
syn include @nix_${lang}_syntax syntax/${lang}.vim
|
||||
unlet b:current_syntax
|
||||
|
||||
syn match nix_${lang}_sigil
|
||||
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
|
||||
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
|
||||
\ transparent
|
||||
|
||||
syn region nix_${lang}_region_STRING
|
||||
\ matchgroup=NixSTRING
|
||||
\ start='"'
|
||||
\ skip='\\"'
|
||||
\ end='"'
|
||||
\ contained
|
||||
\ contains=@nix_${lang}_syntax
|
||||
\ transparent
|
||||
|
||||
syn region nix_${lang}_region_IND_STRING
|
||||
\ matchgroup=NixIND_STRING
|
||||
\ start="'''"
|
||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||
\ end="'''"
|
||||
\ contained
|
||||
\ contains=@nix_${lang}_syntax
|
||||
\ transparent
|
||||
|
||||
syn cluster nix_ind_strings
|
||||
\ add=nix_${lang}_region_IND_STRING
|
||||
|
||||
syn cluster nix_strings
|
||||
\ add=nix_${lang}_region_STRING
|
||||
|
||||
syn cluster nix_has_dollar_curly
|
||||
\ add=@nix_${lang}_syntax
|
||||
'') {
|
||||
c = {};
|
||||
cabal = {};
|
||||
haskell = {};
|
||||
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
|
||||
vim.extraStart =
|
||||
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
|
||||
})}
|
||||
|
||||
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
|
||||
syn clear shVarAssign
|
||||
|
||||
syn region nixINSIDE_DOLLAR_CURLY
|
||||
\ matchgroup=NixEnter
|
||||
\ start="[$]{"
|
||||
\ end="}"
|
||||
\ contains=TOP
|
||||
\ containedin=@nix_has_dollar_curly
|
||||
\ transparent
|
||||
|
||||
syn region nix_inside_curly
|
||||
\ matchgroup=NixEnter
|
||||
\ start="{"
|
||||
\ end="}"
|
||||
\ contains=TOP
|
||||
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
|
||||
\ transparent
|
||||
|
||||
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
|
||||
\ containedin=@nix_ind_strings
|
||||
\ contained
|
||||
|
||||
syn match NixQuote /\\./he=s+1
|
||||
\ containedin=@nix_strings
|
||||
\ contained
|
||||
|
||||
syn sync fromstart
|
||||
|
||||
let b:current_syntax = "nix"
|
||||
|
||||
set isk=@,48-57,_,192-255,-,'
|
||||
'';
|
||||
in
|
||||
out
|
||||
|
@ -11,9 +11,9 @@ let
|
||||
serveWordpress;
|
||||
|
||||
msmtprc = pkgs.writeText "msmtprc" ''
|
||||
account prism
|
||||
account localhost
|
||||
host localhost
|
||||
account default: prism
|
||||
account default: localhost
|
||||
'';
|
||||
|
||||
sendmail = pkgs.writeDash "msmtp" ''
|
||||
@ -23,23 +23,55 @@ let
|
||||
in {
|
||||
imports = [
|
||||
./sqlBackup.nix
|
||||
(ssl [ "reich-gebaeudereinigung.de" ])
|
||||
(servePage [ "reich-gebaeudereinigung.de" ])
|
||||
(ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||
|
||||
(ssl [ "karlaskop.de" ])
|
||||
(servePage [ "karlaskop.de" ])
|
||||
(ssl [ "karlaskop.de" "www.karlaskop.de" ])
|
||||
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
|
||||
|
||||
(ssl [ "makeup.apanowicz.de" ])
|
||||
(servePage [ "makeup.apanowicz.de" ])
|
||||
(ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
|
||||
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
|
||||
|
||||
(ssl [ "pixelpocket.de" ])
|
||||
(servePage [ "pixelpocket.de" ])
|
||||
(ssl [ "pixelpocket.de" "www.pixelpocket.de" ])
|
||||
(servePage [ "pixelpocket.de" "www.pixelpocket.de" ])
|
||||
|
||||
(ssl [ "o.ubikmedia.de" ])
|
||||
(serveOwncloud [ "o.ubikmedia.de" ])
|
||||
(ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
|
||||
(serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
|
||||
|
||||
(ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
|
||||
(serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
|
||||
(ssl [
|
||||
"ubikmedia.de"
|
||||
"aldona.ubikmedia.de"
|
||||
"apanowicz.de"
|
||||
"nirwanabluete.de"
|
||||
"aldonasiech.com"
|
||||
"360gradvideo.tv"
|
||||
"ubikmedia.eu"
|
||||
"facts.cloud"
|
||||
"www.ubikmedia.de"
|
||||
"www.aldona.ubikmedia.de"
|
||||
"www.apanowicz.de"
|
||||
"www.nirwanabluete.de"
|
||||
"www.aldonasiech.com"
|
||||
"www.360gradvideo.tv"
|
||||
"www.ubikmedia.eu"
|
||||
"www.facts.cloud"
|
||||
])
|
||||
(serveWordpress [
|
||||
"ubikmedia.de"
|
||||
"apanowicz.de"
|
||||
"nirwanabluete.de"
|
||||
"aldonasiech.com"
|
||||
"360gradvideo.tv"
|
||||
"ubikmedia.eu"
|
||||
"facts.cloud"
|
||||
"*.ubikmedia.de"
|
||||
"www.apanowicz.de"
|
||||
"www.nirwanabluete.de"
|
||||
"www.aldonasiech.com"
|
||||
"www.360gradvideo.tv"
|
||||
"www.ubikmedia.eu"
|
||||
"www.facts.cloud"
|
||||
])
|
||||
];
|
||||
|
||||
lass.mysqlBackup.config.all.databases = [
|
||||
@ -47,6 +79,27 @@ in {
|
||||
"o_ubikmedia_de"
|
||||
];
|
||||
|
||||
krebs.backup.plans = {
|
||||
prism-sql-domsen = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; };
|
||||
startAt = "00:01";
|
||||
};
|
||||
prism-http-domsen = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; };
|
||||
startAt = "00:10";
|
||||
};
|
||||
prism-o-ubikmedia-domsen = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; };
|
||||
dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; };
|
||||
startAt = "00:30";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.domsen = {
|
||||
uid = genid "domsen";
|
||||
description = "maintenance acc for domsen";
|
||||
@ -56,18 +109,18 @@ in {
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
#services.phpfpm.phpOptions = ''
|
||||
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||
# sendmail_path = ${sendmail} -t
|
||||
#'';
|
||||
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
|
||||
options = ''
|
||||
services.phpfpm.phpOptions = ''
|
||||
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||
sendmail_path = ${sendmail} -t -i"
|
||||
'';
|
||||
} ''
|
||||
cat ${pkgs.php}/etc/php-recommended.ini > $out
|
||||
echo "$options" >> $out
|
||||
sendmail_path = ${sendmail} -t
|
||||
'';
|
||||
#services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
|
||||
# options = ''
|
||||
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||
# sendmail_path = "${sendmail} -t -i"
|
||||
# '';
|
||||
#} ''
|
||||
# cat ${pkgs.php}/etc/php-recommended.ini > $out
|
||||
# echo "$options" >> $out
|
||||
#'';
|
||||
}
|
||||
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
|
||||
genid
|
||||
head
|
||||
nameValuePair
|
||||
;
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
ssl
|
||||
@ -12,6 +12,16 @@ let
|
||||
serveWordpress
|
||||
;
|
||||
|
||||
msmtprc = pkgs.writeText "msmtprc" ''
|
||||
account localhost
|
||||
host localhost
|
||||
account default: localhost
|
||||
'';
|
||||
|
||||
sendmail = pkgs.writeDash "msmtp" ''
|
||||
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./sqlBackup.nix
|
||||
@ -48,7 +58,34 @@ in {
|
||||
"ttf_kleinaspach_de"
|
||||
];
|
||||
|
||||
#password protect some dirs
|
||||
krebs.nginx.servers."biostase.de".locations = [
|
||||
(nameValuePair "/old_biostase.de" ''
|
||||
auth_basic "Administrator Login";
|
||||
auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd;
|
||||
'')
|
||||
(nameValuePair "/mysqldumper" ''
|
||||
auth_basic "Administrator Login";
|
||||
auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd;
|
||||
'')
|
||||
];
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.fritz.pubkey
|
||||
];
|
||||
|
||||
services.phpfpm.phpOptions = ''
|
||||
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||
sendmail_path = ${sendmail} -t
|
||||
'';
|
||||
|
||||
#services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
|
||||
# options = ''
|
||||
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
|
||||
# sendmail_path = "${sendmail} -t -i"
|
||||
# '';
|
||||
#} ''
|
||||
# cat ${pkgs.php}/etc/php-recommended.ini > $out
|
||||
# echo "$options" >> $out
|
||||
#'';
|
||||
}
|
||||
|
@ -5,7 +5,6 @@ let
|
||||
in {
|
||||
krebs.per-user.chat.packages = with pkgs; [
|
||||
mosh
|
||||
tmux
|
||||
weechat
|
||||
];
|
||||
|
||||
|
@ -1,59 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
containers.wordpress = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.101.1";
|
||||
localAddress = "192.168.101.2";
|
||||
|
||||
config = {
|
||||
imports = [
|
||||
../../krebs/3modules/iptables.nix
|
||||
];
|
||||
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
iptables
|
||||
];
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql;
|
||||
};
|
||||
|
||||
services.httpd = {
|
||||
enable = true;
|
||||
adminAddr = "root@apanowicz.de";
|
||||
extraModules = [
|
||||
{ name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
|
||||
];
|
||||
virtualHosts = [
|
||||
{
|
||||
hostName = "wordpress";
|
||||
serverAliases = [ "wordpress" "www.wordpress" ];
|
||||
|
||||
extraSubservices = [
|
||||
{
|
||||
serviceName = "wordpress";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -19,9 +19,48 @@ pkgs.writeText "Xresources" ''
|
||||
|
||||
URxvt.intensityStyles: false
|
||||
|
||||
URxvt*background: #000000
|
||||
URxvt*foreground: #ffffff
|
||||
URxvt*background: #050505
|
||||
! URxvt*background: #041204
|
||||
|
||||
!URxvt.depth: 32
|
||||
!URxvt*background: rgba:0500/0500/0500/cccc
|
||||
|
||||
! URxvt*background: #080810
|
||||
URxvt*foreground: #d0d7d0
|
||||
! URxvt*background: black
|
||||
! URxvt*foreground: white
|
||||
! URxvt*background: rgb:00/00/40
|
||||
! URxvt*foreground: rgb:a0/a0/d0
|
||||
! XTerm*cursorColor: rgb:00/00/60
|
||||
URxvt*cursorColor: #f042b0
|
||||
URxvt*cursorColor2: #f0b000
|
||||
URxvt*cursorBlink: off
|
||||
! URxvt*cursorUnderline: true
|
||||
! URxvt*highlightColor: #232323
|
||||
! URxvt*highlightTextColor: #b0ffb0
|
||||
|
||||
URxvt*.pointerBlank: true
|
||||
URxvt*.pointerBlankDelay: 987654321
|
||||
URxvt*.pointerColor: #f042b0
|
||||
URxvt*.pointerColor2: #050505
|
||||
|
||||
! URxvt*color0: #000000
|
||||
! URxvt*color1: #c00000
|
||||
! URxvt*color2: #80c070
|
||||
URxvt*color3: #c07000
|
||||
! URxvt*color4: #0000c0
|
||||
URxvt*color4: #4040c0
|
||||
! URxvt*color5: #c000c0
|
||||
! URxvt*color6: #008080
|
||||
URxvt*color7: #c0c0c0
|
||||
|
||||
URxvt*color8: #707070
|
||||
URxvt*color9: #ff6060
|
||||
URxvt*color10: #70ff70
|
||||
URxvt*color11: #ffff70
|
||||
URxvt*color12: #7070ff
|
||||
URxvt*color13: #ff50ff
|
||||
URxvt*color14: #70ffff
|
||||
URxvt*color15: #ffffff
|
||||
|
||||
!change unreadable blue
|
||||
URxvt*color4: #268bd2
|
||||
''
|
||||
|
@ -7,9 +7,6 @@
|
||||
zsh-newuser-install() { :; }
|
||||
'';
|
||||
interactiveShellInit = ''
|
||||
HISTFILE=~/.histfile
|
||||
HISTSIZE=1000000
|
||||
SAVEHIST=100000
|
||||
#unsetopt nomatch
|
||||
setopt autocd extendedglob
|
||||
bindkey -e
|
||||
@ -92,6 +89,11 @@
|
||||
esac
|
||||
'';
|
||||
promptInit = ''
|
||||
# TODO: figure out why we need to set this here
|
||||
HISTSIZE=900001
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
SAVEHIST=$HISTSIZE
|
||||
|
||||
autoload -U promptinit
|
||||
promptinit
|
||||
|
||||
|
@ -4,6 +4,7 @@ _:
|
||||
./ejabberd
|
||||
./folderPerms.nix
|
||||
./mysql-backup.nix
|
||||
./power-action.nix
|
||||
./urxvtd.nix
|
||||
./wordpress_nginx.nix
|
||||
./xresources.nix
|
||||
|
93
lass/3modules/power-action.nix
Normal file
93
lass/3modules/power-action.nix
Normal file
@ -0,0 +1,93 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
cfg = config.lass.power-action;
|
||||
|
||||
out = {
|
||||
options.lass.power-action = api;
|
||||
config = lib.mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "power-action";
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = "power-action";
|
||||
};
|
||||
};
|
||||
startAt = mkOption {
|
||||
type = types.str;
|
||||
default = "*:0/1";
|
||||
};
|
||||
plans = mkOption {
|
||||
type = with types; attrsOf (submodule {
|
||||
options = {
|
||||
charging = mkOption {
|
||||
type = nullOr bool;
|
||||
default = null;
|
||||
description = ''
|
||||
check for charging status.
|
||||
null = don't care
|
||||
true = only if system is charging
|
||||
false = only if system is discharging
|
||||
'';
|
||||
};
|
||||
upperLimit = mkOption {
|
||||
type = int;
|
||||
};
|
||||
lowerLimit = mkOption {
|
||||
type = int;
|
||||
};
|
||||
action = mkOption {
|
||||
type = path;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
systemd.services.power-action = {
|
||||
serviceConfig = rec {
|
||||
ExecStart = startScript;
|
||||
User = cfg.user.name;
|
||||
};
|
||||
startAt = cfg.startAt;
|
||||
};
|
||||
users.users.${cfg.user.name} = {
|
||||
inherit (cfg.user) name uid;
|
||||
};
|
||||
};
|
||||
|
||||
startScript = pkgs.writeDash "power-action" ''
|
||||
set -euf
|
||||
|
||||
power="$(${powerlvl})"
|
||||
state="$(${state})"
|
||||
${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
|
||||
'';
|
||||
charging_check = plan:
|
||||
if (plan.charging == null) then "" else
|
||||
if plan.charging
|
||||
then ''&& [ "$state" = "true" ]''
|
||||
else ''&& ! [ "$state" = "true" ]''
|
||||
;
|
||||
|
||||
writeRule = _: plan:
|
||||
"if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
|
||||
|
||||
powerlvl = pkgs.writeDash "powerlvl" ''
|
||||
cat /sys/class/power_supply/BAT0/capacity
|
||||
'';
|
||||
|
||||
state = pkgs.writeDash "state" ''
|
||||
if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Discharging" ]
|
||||
then echo "false"
|
||||
else echo "true"
|
||||
fi
|
||||
'';
|
||||
|
||||
in out
|
@ -3,6 +3,9 @@
|
||||
{
|
||||
nixpkgs.config.packageOverrides = rec {
|
||||
acronym = pkgs.callPackage ./acronym/default.nix {};
|
||||
ejabberd = pkgs.callPackage ./ejabberd {
|
||||
erlang = pkgs.erlangR16;
|
||||
};
|
||||
firefoxPlugins = {
|
||||
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
|
||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||
@ -10,11 +13,11 @@
|
||||
};
|
||||
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
|
||||
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
||||
q = pkgs.callPackage ./q {};
|
||||
rs = pkgs.callPackage ./rs/default.nix {};
|
||||
untilport = pkgs.callPackage ./untilport/default.nix {};
|
||||
urban = pkgs.callPackage ./urban/default.nix {};
|
||||
xmonad-lass =
|
||||
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
||||
pkgs.haskellPackages.callPackage src {};
|
||||
xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; };
|
||||
yt-next = pkgs.callPackage ./yt-next/default.nix {};
|
||||
};
|
||||
}
|
||||
|
185
lass/5pkgs/q/default.nix
Normal file
185
lass/5pkgs/q/default.nix
Normal file
@ -0,0 +1,185 @@
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
q-cal = let
|
||||
# XXX 23 is the longest line of cal's output
|
||||
pad = ''{
|
||||
${pkgs.gnused}/bin/sed '
|
||||
# rtrim
|
||||
s/ *$//
|
||||
|
||||
# delete last empty line
|
||||
''${/^$/d}
|
||||
' \
|
||||
| ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
|
||||
| ${pkgs.gnused}/bin/sed '
|
||||
# colorize header
|
||||
1,2s/.*/[38;5;238;1m&[39;22m/
|
||||
|
||||
# colorize week number
|
||||
s/^[ 1-9][0-9]/[38;5;238;1m&[39;22m/
|
||||
'
|
||||
}'';
|
||||
in ''
|
||||
${pkgs.coreutils}/bin/paste \
|
||||
<(${pkgs.utillinux}/bin/cal -mw \
|
||||
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
|
||||
| ${pad}
|
||||
) \
|
||||
<(${pkgs.utillinux}/bin/cal -mw \
|
||||
| ${pkgs.gnused}/bin/sed '
|
||||
# colorize day of month
|
||||
s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/[31;1m&[39;22m/
|
||||
' \
|
||||
| ${pad}
|
||||
) \
|
||||
<(${pkgs.utillinux}/bin/cal -mw \
|
||||
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
|
||||
| ${pad}
|
||||
) \
|
||||
| ${pkgs.gnused}/bin/sed 's/\t/ /g'
|
||||
'';
|
||||
|
||||
q-isodate = ''
|
||||
${pkgs.coreutils}/bin/date \
|
||||
'+[1m%Y-%m-%d[;30mT[;38;5;085m%H:%M[m:%S%:z'
|
||||
'';
|
||||
|
||||
q-gitdir = ''
|
||||
if test -d .git; then
|
||||
#git status --porcelain
|
||||
branch=$(
|
||||
${pkgs.git}/bin/git branch \
|
||||
| ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p'
|
||||
)
|
||||
echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch"
|
||||
fi
|
||||
'';
|
||||
|
||||
q-power_supply = ''
|
||||
for uevent in /sys/class/power_supply/*/uevent; do
|
||||
if test -f $uevent; then
|
||||
eval "$(${pkgs.gnused}/bin/sed -n '
|
||||
s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p
|
||||
' $uevent)"
|
||||
|
||||
if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then
|
||||
continue
|
||||
fi
|
||||
|
||||
charge_percentage=$(echo "
|
||||
scale=2
|
||||
$POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL
|
||||
" | ${pkgs.bc}/bin/bc)
|
||||
|
||||
lfc=$POWER_SUPPLY_CHARGE_FULL
|
||||
rc=$POWER_SUPPLY_CHARGE_NOW
|
||||
#rc=2800
|
||||
N=78; N=76
|
||||
N=10
|
||||
n=$(echo $N-1 | ${pkgs.bc}/bin/bc)
|
||||
centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc)
|
||||
deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc)
|
||||
energy_evel=$(
|
||||
echo -n '☳ ' # TRIGRAM FOR THUNDER
|
||||
if test $centi -ge 42; then echo -n '[1;32m'
|
||||
elif test $centi -ge 23; then echo -n '[1;33m'
|
||||
elif test $centi -ge 11; then echo -n '[1;31m'
|
||||
else echo -n '[5;1;31m'; fi
|
||||
for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do
|
||||
echo -n ■
|
||||
done
|
||||
echo -n '[;30m'
|
||||
for i in $(${pkgs.coreutils}/bin/seq $deci $n); do
|
||||
echo -n ■
|
||||
done
|
||||
echo '[m' $rc #/ $lfc
|
||||
)
|
||||
echo "$energy_evel $charge_percentage"
|
||||
fi
|
||||
done
|
||||
'';
|
||||
|
||||
q-virtualization = ''
|
||||
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
|
||||
'';
|
||||
|
||||
q-wireless = ''
|
||||
for dev in $(
|
||||
${pkgs.iw}/bin/iw dev \
|
||||
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
|
||||
); do
|
||||
inet=$(${pkgs.iproute}/bin/ip addr show $dev \
|
||||
| ${pkgs.gnused}/bin/sed -n '
|
||||
s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p
|
||||
') \
|
||||
|| unset inet
|
||||
ssid=$(${pkgs.iw}/bin/iw dev $dev link \
|
||||
| ${pkgs.gnused}/bin/sed -n '
|
||||
s/.*\tSSID: \(.*\)/\1/p
|
||||
') \
|
||||
|| unset ssid
|
||||
echo "$dev''${inet+ $inet}''${ssid+ $ssid}"
|
||||
done
|
||||
'';
|
||||
|
||||
q-online = ''
|
||||
if ${pkgs.curl.bin}/bin/curl -s google.com >/dev/null; then
|
||||
echo '[32;1monline[m'
|
||||
else
|
||||
echo offline
|
||||
fi
|
||||
'';
|
||||
|
||||
q-thermal_zone = ''
|
||||
for i in /sys/class/thermal/thermal_zone*; do
|
||||
type=$(${pkgs.coreutils}/bin/cat $i/type)
|
||||
temp=$(${pkgs.coreutils}/bin/cat $i/temp)
|
||||
printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc)
|
||||
done
|
||||
'';
|
||||
|
||||
q-todo = ''
|
||||
TODO_file=$HOME/TODO
|
||||
if test -e "$TODO_file"; then
|
||||
${pkgs.coreutils}/bin/cat "$TODO_file" \
|
||||
| ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
|
||||
BEGIN { print "remind=0" }
|
||||
/^[0-9]/{
|
||||
x = $1
|
||||
gsub(".", "\\\\&", x)
|
||||
rest = substr($0, index($0, " "))
|
||||
rest = $0
|
||||
sub(" *", "", rest)
|
||||
gsub(".", "\\\\&", rest)
|
||||
print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
|
||||
echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
|
||||
(( remind++ ))"
|
||||
}
|
||||
END { print "test $remind = 0 && echo \"nothing to remind\"" }
|
||||
' \
|
||||
| {
|
||||
# bash needed for (( ... ))
|
||||
${pkgs.bash}/bin/bash
|
||||
}
|
||||
else
|
||||
echo "$TODO_file: no such file or directory"
|
||||
fi
|
||||
'';
|
||||
|
||||
in
|
||||
# bash needed for <(...)
|
||||
pkgs.writeBashBin "q" ''
|
||||
set -eu
|
||||
export PATH=/var/empty
|
||||
${q-cal}
|
||||
echo
|
||||
${q-isodate}
|
||||
(${q-gitdir}) &
|
||||
(${q-power_supply}) &
|
||||
(${q-virtualization}) &
|
||||
(${q-wireless}) &
|
||||
(${q-online}) &
|
||||
(${q-thermal_zone}) &
|
||||
wait
|
||||
${q-todo}
|
||||
''
|
6
lass/5pkgs/rs/default.nix
Normal file
6
lass/5pkgs/rs/default.nix
Normal file
@ -0,0 +1,6 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
#TODO: get tab-completion working again
|
||||
pkgs.writeBashBin "rs" ''
|
||||
rsync -vaP --append-verify "$@"
|
||||
''
|
@ -1,3 +1,15 @@
|
||||
{ pkgs, ... }:
|
||||
pkgs.writeHaskell "xmonad-lass" {
|
||||
executables.xmonad = {
|
||||
extra-depends = [
|
||||
"containers"
|
||||
"unix"
|
||||
"X11"
|
||||
"xmonad"
|
||||
"xmonad-contrib"
|
||||
"xmonad-stockholm"
|
||||
];
|
||||
text = ''
|
||||
{-# LANGUAGE DeriveDataTypeable #-} -- for XS
|
||||
{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
|
||||
{-# LANGUAGE LambdaCase #-}
|
||||
@ -147,3 +159,8 @@ gridConfig = def
|
||||
, gs_navigate = navNSearch
|
||||
, gs_font = myFont
|
||||
}
|
||||
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
1
lass/5pkgs/xmonad-lass/.gitignore
vendored
1
lass/5pkgs/xmonad-lass/.gitignore
vendored
@ -1 +0,0 @@
|
||||
/shell.nix
|
@ -1,6 +0,0 @@
|
||||
.PHONY: ghci
|
||||
ghci: shell.nix
|
||||
nix-shell --command 'exec ghci -Wall'
|
||||
|
||||
shell.nix: xmonad.cabal
|
||||
cabal2nix --shell . > $@
|
@ -1,17 +0,0 @@
|
||||
Author: lass
|
||||
Build-Type: Simple
|
||||
Cabal-Version: >= 1.2
|
||||
License: MIT
|
||||
Name: xmonad-lass
|
||||
Version: 0
|
||||
|
||||
Executable xmonad
|
||||
Build-Depends:
|
||||
base,
|
||||
containers,
|
||||
unix,
|
||||
xmonad,
|
||||
xmonad-contrib,
|
||||
xmonad-stockholm
|
||||
GHC-Options: -Wall -O3 -threaded -rtsopts
|
||||
Main-Is: Main.hs
|
@ -17,19 +17,31 @@ in {
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/virtualization.nix
|
||||
];
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 ];
|
||||
networking.firewall.checkReversePath = false;
|
||||
services.tinc.networks.siem = {
|
||||
name = "sdarth";
|
||||
extraConfig = "ConnectTo = sjump";
|
||||
};
|
||||
#networking.firewall.enable = false;
|
||||
# virtualisation.nova.enableSingleNode = true;
|
||||
krebs.retiolum.enable = true;
|
||||
|
||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking.wireless.enable = true;
|
||||
networking = {
|
||||
wireless.enable = true;
|
||||
firewall = {
|
||||
allowPing = true;
|
||||
logRefusedConnections = false;
|
||||
allowedUDPPorts = [ 80 655 1655 67 ];
|
||||
allowedTCPPorts = [ 80 655 1655 ];
|
||||
};
|
||||
# fallback connection to the internal virtual network
|
||||
interfaces.virbr3.ip4 = [{
|
||||
address = "10.8.8.2";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
|
||||
# TODO smartd omo darth gum all-in-one
|
||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||
|
@ -5,9 +5,10 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
byid = dev: "/dev/disk/by-id/" + dev;
|
||||
keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
||||
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
||||
homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3";
|
||||
keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
||||
rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
|
||||
rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
|
||||
primaryInterface = "enp1s0";
|
||||
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
||||
# cryptsetup luksAddKey $dev tmpkey
|
||||
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
||||
@ -15,14 +16,14 @@ let
|
||||
|
||||
# omo Chassis:
|
||||
# __FRONT_
|
||||
# |* d2 |
|
||||
# |* d0 |
|
||||
# | |
|
||||
# |* d3 |
|
||||
# | |
|
||||
# |* d0 |
|
||||
# |* d3 |
|
||||
# | |
|
||||
# |* d1 |
|
||||
# |* |
|
||||
# |* d2 |
|
||||
# | * r0 |
|
||||
# |_______|
|
||||
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
|
||||
@ -38,27 +39,31 @@ in {
|
||||
[
|
||||
../.
|
||||
# TODO: unlock home partition via ssh
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
../2configs/fs/sda-crypto-root.nix
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/share-user-sftp.nix
|
||||
../2configs/graphite-standalone.nix
|
||||
#../2configs/graphite-standalone.nix
|
||||
#../2configs/share-user-sftp.nix
|
||||
../2configs/omo-share.nix
|
||||
|
||||
## as long as pyload is not in nixpkgs:
|
||||
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
|
||||
];
|
||||
|
||||
krebs.retiolum.enable = true;
|
||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||
# tcp:80 - nginx for sharing files
|
||||
# tcp:655 udp:655 - tinc
|
||||
# tcp:8111 - graphite
|
||||
# tcp:8112 - pyload
|
||||
# tcp:9090 - sabnzbd
|
||||
# tcp:9200 - elasticsearch
|
||||
# tcp:5601 - kibana
|
||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
|
||||
|
||||
# services.openssh.allowSFTP = false;
|
||||
|
||||
@ -66,6 +71,9 @@ in {
|
||||
services.sabnzbd.enable = true;
|
||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
|
||||
# HDD Array stuff
|
||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||
|
||||
@ -76,15 +84,11 @@ in {
|
||||
disks = map toMapper [ 0 1 ];
|
||||
parity = toMapper 2;
|
||||
};
|
||||
|
||||
fileSystems = let
|
||||
cryptMount = name:
|
||||
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
||||
in {
|
||||
"/home" = {
|
||||
device = "/dev/mapper/home";
|
||||
fsType = "ext4";
|
||||
};
|
||||
} // cryptMount "crypt0"
|
||||
in cryptMount "crypt0"
|
||||
// cryptMount "crypt1"
|
||||
// cryptMount "crypt2";
|
||||
|
||||
@ -101,15 +105,16 @@ in {
|
||||
usbkey = name: device: {
|
||||
inherit name device keyFile;
|
||||
keyFileSize = 4096;
|
||||
allowDiscards = true;
|
||||
};
|
||||
in [
|
||||
(usbkey "home" homePartition)
|
||||
(usbkey "luksroot" rootPartition)
|
||||
(usbkey "crypt0" cryptDisk0)
|
||||
(usbkey "crypt1" cryptDisk1)
|
||||
(usbkey "crypt2" cryptDisk2)
|
||||
];
|
||||
};
|
||||
loader.grub.device = rootDisk;
|
||||
loader.grub.device = lib.mkForce rootDisk;
|
||||
|
||||
initrd.availableKernelModules = [
|
||||
"ahci"
|
||||
@ -121,12 +126,12 @@ in {
|
||||
"usbhid"
|
||||
];
|
||||
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
|
||||
|
@ -31,6 +31,7 @@
|
||||
|
||||
# hardware specifics are in here
|
||||
../2configs/hw/tp-x220.nix
|
||||
../2configs/hw/rtl8812au.nix
|
||||
# mount points
|
||||
../2configs/fs/sda-crypto-root-home.nix
|
||||
# ../2configs/mediawiki.nix
|
||||
@ -43,6 +44,14 @@
|
||||
# ../2configs/temp/sabnzbd.nix
|
||||
];
|
||||
|
||||
services.tinc.networks.siem = {
|
||||
name = "makefu";
|
||||
extraConfig = ''
|
||||
ConnectTo = sdarth
|
||||
ConnectTo = sjump
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.nginx = {
|
||||
default404 = false;
|
||||
servers.default.listen = [ "80 default_server" ];
|
||||
@ -59,7 +68,6 @@
|
||||
networking.firewall.allowedUDPPorts = [ 665 ];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.pornocauster;
|
||||
|
||||
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
@ -68,4 +76,6 @@
|
||||
networking.extraHosts = ''
|
||||
192.168.1.11 omo.local
|
||||
'';
|
||||
# hard dependency because otherwise the device will not be unlocked
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
}
|
||||
|
54
makefu/1systems/shoney.nix
Normal file
54
makefu/1systems/shoney.nix
Normal file
@ -0,0 +1,54 @@
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
tinc-siem-ip = "10.8.10.1";
|
||||
|
||||
ip = "64.137.234.215";
|
||||
alt-ip = "64.137.234.210";
|
||||
extra-ip = "64.137.234.114"; #currently unused
|
||||
gw = "64.137.234.1";
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/save-diskspace.nix
|
||||
../2configs/hw/CAC.nix
|
||||
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
];
|
||||
|
||||
|
||||
|
||||
services.tinc.networks.siem.name = "sjump";
|
||||
|
||||
krebs = {
|
||||
enable = true;
|
||||
retiolum.enable = true;
|
||||
build.host = config.krebs.hosts.shoney;
|
||||
nginx.enable = true;
|
||||
tinc_graphs = {
|
||||
enable = true;
|
||||
network = "siem";
|
||||
hostsPath = "/etc/tinc/siem/hosts";
|
||||
nginx = {
|
||||
enable = true;
|
||||
# TODO: remove hard-coded hostname
|
||||
complete = {
|
||||
listen = [ "${tinc-siem-ip}:80" ];
|
||||
server-names = [ "graphs.siem" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
interfaces.enp2s1.ip4 = [
|
||||
{ address = ip; prefixLength = 24; }
|
||||
{ address = alt-ip; prefixLength = 24; }
|
||||
];
|
||||
|
||||
defaultGateway = gw;
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
firewall = {
|
||||
trustedInterfaces = [ "tinc.siem" ];
|
||||
allowedUDPPorts = [ 655 1655 ];
|
||||
allowedTCPPorts = [ 655 1655 ];
|
||||
};
|
||||
};
|
||||
}
|
@ -9,9 +9,9 @@ in {
|
||||
imports = [
|
||||
../.
|
||||
# TODO: copy this config or move to krebs
|
||||
../../tv/2configs/hw/CAC.nix
|
||||
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/headless.nix
|
||||
../2configs/hw/CAC.nix
|
||||
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/save-diskspace.nix
|
||||
|
||||
../2configs/bepasty-dual.nix
|
||||
|
||||
@ -27,8 +27,7 @@ in {
|
||||
../2configs/collectd/collectd-base.nix
|
||||
];
|
||||
krebs.retiolum.enable = true;
|
||||
services.nixosManual.enable = false;
|
||||
programs.man.enable = false;
|
||||
|
||||
krebs.build.host = config.krebs.hosts.wry;
|
||||
|
||||
krebs.Reaktor = {
|
||||
@ -83,9 +82,5 @@ in {
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
};
|
||||
|
||||
# small machine - do not forget to gc every day
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "03:10";
|
||||
|
||||
environment.systemPackages = [ ];
|
||||
}
|
||||
|
@ -16,6 +16,8 @@ with config.krebs.lib;
|
||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||
krebs = {
|
||||
enable = true;
|
||||
|
||||
dns.providers.siem = "hosts";
|
||||
search-domain = "retiolum";
|
||||
build = {
|
||||
user = config.krebs.users.makefu;
|
||||
@ -24,7 +26,9 @@ with config.krebs.lib;
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
rev = "63b9785"; # stable @ 2016-06-01
|
||||
};
|
||||
secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
||||
secrets = if getEnv "dummy_secrets" == "true"
|
||||
then toString <stockholm/makefu/6tests/data/secrets>
|
||||
else "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||
stockholm = "/home/makefu/stockholm";
|
||||
|
||||
# Defaults for all stockholm users?
|
||||
@ -154,6 +158,15 @@ with config.krebs.lib;
|
||||
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||
};
|
||||
|
||||
system.activationScripts.nix-defexpr = ''
|
||||
(set -euf
|
||||
for i in /home/makefu /root/;do
|
||||
f="$i/.nix-defexpr"
|
||||
rm -fr "$f"
|
||||
ln -s /var/src/nixpkgs "$f"
|
||||
done)
|
||||
'';
|
||||
|
||||
i18n = {
|
||||
consoleKeyMap = "us";
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
|
20
makefu/2configs/fs/CAC-CentOS-7-64bit.nix
Normal file
20
makefu/2configs/fs/CAC-CentOS-7-64bit.nix
Normal file
@ -0,0 +1,20 @@
|
||||
_:
|
||||
|
||||
{
|
||||
boot.loader.grub = {
|
||||
device = "/dev/sda";
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/centos/root";
|
||||
fsType = "xfs";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "xfs";
|
||||
};
|
||||
};
|
||||
swapDevices = [
|
||||
{ device = "/dev/centos/swap"; }
|
||||
];
|
||||
}
|
@ -1,16 +1,16 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# sda: bootloader grub2
|
||||
# sda1: boot ext4 (label nixboot)
|
||||
# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required:
|
||||
# boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
# sda2: cryptoluks -> ext4
|
||||
with config.krebs.lib;
|
||||
{
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
loader.grub.device = lib.mkDefault "/dev/sda";
|
||||
|
||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
|
||||
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||
};
|
||||
|
13
makefu/2configs/hw/CAC.nix
Normal file
13
makefu/2configs/hw/CAC.nix
Normal file
@ -0,0 +1,13 @@
|
||||
_:
|
||||
{
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"vmw_pvscsi"
|
||||
];
|
||||
boot.loader.grub.splashImage = null;
|
||||
nix = {
|
||||
daemonIONiceLevel = 1;
|
||||
daemonNiceLevel = 1;
|
||||
};
|
||||
sound.enable = false;
|
||||
}
|
6
makefu/2configs/hw/fingerprint-reader.nix
Normal file
6
makefu/2configs/hw/fingerprint-reader.nix
Normal file
@ -0,0 +1,6 @@
|
||||
_: {
|
||||
# add fingerprint with fprintd-enroll
|
||||
services.fprintd.enable = true;
|
||||
security.pam.services.login.fprintAuth = true;
|
||||
security.pam.services.xscreensaver.fprintAuth = true;
|
||||
}
|
@ -5,7 +5,7 @@ with config.krebs.lib;
|
||||
|
||||
imports = [ ./tp-x2x0.nix ];
|
||||
boot = {
|
||||
kernelModules = [ "kvm-intel" "acpi_call" ];
|
||||
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
|
||||
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
|
||||
};
|
||||
|
||||
@ -28,7 +28,7 @@ with config.krebs.lib;
|
||||
|
||||
# enable HDMI output switching with pulseaudio
|
||||
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
|
||||
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
|
||||
${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"}
|
||||
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"
|
||||
'';
|
||||
|
||||
|
@ -22,7 +22,8 @@ with config.krebs.lib;
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.tlp.extraConfig = ''
|
||||
START_CHARGE_THRESH_BAT0=80
|
||||
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
||||
#START_CHARGE_THRESH_BAT0=80
|
||||
STOP_CHARGE_THRESH_BAT0=95
|
||||
|
||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||
|
9
makefu/2configs/save-diskspace.nix
Normal file
9
makefu/2configs/save-diskspace.nix
Normal file
@ -0,0 +1,9 @@
|
||||
_:
|
||||
# TODO: do not check out nixpkgs master but fetch revision from github
|
||||
{
|
||||
services.nixosManual.enable = false;
|
||||
programs.man.enable = false;
|
||||
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "03:10";
|
||||
}
|
@ -3,6 +3,14 @@
|
||||
with config.krebs.lib;
|
||||
|
||||
let
|
||||
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOS"; repo = "nixpkgs-channels";
|
||||
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
|
||||
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
|
||||
}) {};
|
||||
|
||||
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
|
||||
|
||||
# TODO: currently it is only netzclub
|
||||
umts-bin = pkgs.writeScriptBin "umts" ''
|
||||
#!/bin/sh
|
||||
@ -62,7 +70,7 @@ let
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
RestartSec = "10s";
|
||||
ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
|
||||
ExecStart = "${wvdial}/bin/wvdial -n";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
19
makefu/5pkgs/bintray-upload/default.nix
Normal file
19
makefu/5pkgs/bintray-upload/default.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.python3Packages.buildPythonPackage rec {
|
||||
name = "bintray-upload-${version}";
|
||||
version = "0.1.2";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "bintray-upload";
|
||||
rev = "4e76724";
|
||||
sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ];
|
||||
|
||||
meta = {
|
||||
description = "Simple BinTray utility for uploading packages";
|
||||
license = pkgs.stdenv.lib.licenses.asl20;
|
||||
};
|
||||
}
|
@ -13,7 +13,8 @@ in
|
||||
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||
inherit (callPackage ./devpi {}) devpi-web devpi-server;
|
||||
skytraq-logger = callPackage ./skytraq-logger/ {};
|
||||
skytraq-logger = callPackage ./skytraq-logger {};
|
||||
taskserver = callPackage ./taskserver {};
|
||||
bintray-upload = callPackage ./bintray-upload {};
|
||||
};
|
||||
}
|
||||
|
1
makefu/6tests/data/secrets/bepasty-secret.nix
Normal file
1
makefu/6tests/data/secrets/bepasty-secret.nix
Normal file
@ -0,0 +1 @@
|
||||
"derp"
|
1
makefu/6tests/data/secrets/hashedPasswords.nix
Normal file
1
makefu/6tests/data/secrets/hashedPasswords.nix
Normal file
@ -0,0 +1 @@
|
||||
{}
|
1
makefu/6tests/data/secrets/iodinepw.nix
Normal file
1
makefu/6tests/data/secrets/iodinepw.nix
Normal file
@ -0,0 +1 @@
|
||||
"derp"
|
0
makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.priv
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.pub
Normal file
0
makefu/6tests/data/secrets/retiolum.rsa_key.pub
Normal file
0
makefu/6tests/data/secrets/sambacred
Normal file
0
makefu/6tests/data/secrets/sambacred
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
Normal file
0
makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
Normal file
0
makefu/6tests/data/secrets/ssh_host_ed25519_key
Normal file
0
makefu/6tests/data/secrets/ssh_host_ed25519_key
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.key
Normal file
0
makefu/6tests/data/secrets/tinc.krebsco.de.key
Normal file
0
makefu/6tests/data/secrets/tw-pass.ini
Normal file
0
makefu/6tests/data/secrets/tw-pass.ini
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.crt
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.key
Normal file
0
makefu/6tests/data/secrets/wildcard.krebsco.de.key
Normal file
@ -22,7 +22,7 @@ in
|
||||
|
||||
# local discovery in shackspace
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
|
||||
krebs.retiolum.extraConfig = "TCPOnly = yes";
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
@ -37,7 +37,7 @@ in
|
||||
|
||||
networking = {
|
||||
firewall.enable = false;
|
||||
interfaces.eth0.ip4 = [{
|
||||
interfaces.enp0s3.ip4 = [{
|
||||
address = shack-ip;
|
||||
prefixLength = 20;
|
||||
}];
|
||||
|
@ -26,7 +26,7 @@
|
||||
stockholm_repo,
|
||||
workdir='stockholm-poller', branches=True,
|
||||
project='stockholm',
|
||||
pollinterval=120))
|
||||
pollinterval=60))
|
||||
'';
|
||||
scheduler = {
|
||||
force-scheduler = ''
|
||||
@ -43,7 +43,7 @@
|
||||
sched.append(schedulers.SingleBranchScheduler(
|
||||
## all branches
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
# treeStableTimer=10,
|
||||
treeStableTimer=10,
|
||||
name="fast-all-branches",
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
|
Loading…
Reference in New Issue
Block a user