Merge remote-tracking branch 'prism/master'

krebs/3modules/syncthing.nix

@@ -10,7 +10,7 @@ let
     addresses = peer.addresses;
   }) cfg.peers;
 
-  folders = map (folder: {
+  folders = mapAttrsToList ( _: folder: {
     inherit (folder) path id type;
     devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
     rescanIntervalS = folder.rescanInterval;
@@ -81,17 +81,18 @@ in
     };
 
     folders = mkOption {
-      default = [];
-      type = types.listOf (types.submodule ({ config, ... }: {
+      default = {};
+      type = types.attrsOf (types.submodule ({ config, ... }: {
         options = {
 
           path = mkOption {
             type = types.absolute-pathname;
+            default = config._module.args.name;
           };
 
           id = mkOption {
             type = types.str;
-            default = config.path;
+            default = config._module.args.name;
           };
 
           peers = mkOption {

lass/1systems/mors/config.nix

@@ -49,12 +49,15 @@ with import <stockholm/lib>;
       ];
     }
     {
-      krebs.syncthing.folders = [
-        { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
-      ];
-      lass.ensure-permissions = [
-        { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
-      ];
+      krebs.syncthing.folders."the_playlist" = {
+        path = "/home/lass/tmp/the_playlist";
+        peers = [ "mors" "phone" "prism" ];
+      };
+      krebs.permown."/home/lass/tmp/the_playlist" = {
+        owner = "lass";
+        group = "syncthing";
+        umask = "0007";
+      };
     }
     {
       lass.umts = {

lass/2configs/green-host.nix

@@ -20,13 +20,12 @@ with import <stockholm/lib>;
     }
   ];
 
-  lass.ensure-permissions = [
-    { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; }
-  ];
-
-  krebs.syncthing.folders = [
-    { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; }
-  ];
+  krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ];
+  krebs.permown."/var/lib/sync-containers" = {
+    owner = "root";
+    group = "syncthing";
+    umask = "0007";
+  };
 
   system.activationScripts.containerPermissions = ''
     mkdir -p /var/lib/containers

lass/2configs/radio.nix

@@ -10,7 +10,7 @@ let
   source-password = import <secrets/icecast-source-pw>;
 
   add_random = pkgs.writeDashBin "add_random" ''
-    ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
+    ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)"
   '';
 
   skip_track = pkgs.writeDashBin "skip_track" ''
@@ -57,7 +57,7 @@ in {
   services.mpd = {
     enable = true;
     group = "radio";
-    musicDirectory = "/home/radio/the_playlist/music";
+    musicDirectory = "/home/radio/music";
     extraConfig = ''
       log_level "default"
       auto_update "yes"
@@ -248,10 +248,13 @@ in {
       alias ${html};
     '';
   };
-  krebs.syncthing.folders = [
-    { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
-  ];
-  lass.ensure-permissions = [
-    { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; }
-  ];
+  krebs.syncthing.folders."the_playlist" = {
+    path = "/home/radio/music/the_playlist";
+    peers = [ "mors" "phone" "prism" ];
+  };
+  krebs.permown."/home/radio/music/the_playlist" = {
+    owner = "radio";
+    group = "syncthing";
+    umask = "0002";
+  };
 }

lass/2configs/sync/decsync.nix

@@ -1,8 +1,11 @@
 {
-  krebs.syncthing.folders = [
-    { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; }
-  ];
-  lass.ensure-permissions = [
-    { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; }
-  ];
+  krebs.syncthing.folders.decsync = {
+    path = "/home/lass/decsync";
+    peers = [ "mors" "blue" "green" "phone" ];
+  };
+  krebs.permown."/home/lass/decsync" = {
+    owner = "lass";
+    group = "syncthing";
+    umask = "0007";
+  };
 }

lass/2configs/sync/weechat.nix

@@ -1,8 +1,8 @@
 {
-  krebs.syncthing.folders = [
-    { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
-  ];
-  lass.ensure-permissions = [
-    { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
-  ];
+  krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ];
+  krebs.permown."/home/lass/.weechat" = {
+    owner = "lass";
+    group = "syncthing";
+    umask = "0007";
+  };
 }

lass/2configs/syncthing.nix

@@ -1,6 +1,6 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
+{ config, pkgs, ... }: with import <stockholm/lib>; let
+  peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+in {
   services.syncthing = {
     enable = true;
     group = "syncthing";
@@ -14,17 +14,17 @@ with import <stockholm/lib>;
     enable = true;
     cert = toString <secrets/syncthing.cert>;
     key = toString <secrets/syncthing.key>;
-    peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
-    folders = [
-      { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; }
-    ];
+    peers = peers;
+    folders."/home/lass/sync".peers = attrNames peers;
   };
 
   system.activationScripts.syncthing-home = ''
     ${pkgs.coreutils}/bin/chmod a+x /home/lass
   '';
 
-  lass.ensure-permissions = [
-    { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
-  ];
+  krebs.permown."/home/lass/sync" = {
+    owner = "lass";
+    group = "syncthing";
+    umask = "0007";
+  };
 }

lass/3modules/default.nix

@@ -3,7 +3,6 @@ _:
   imports = [
     ./dnsmasq.nix
     ./ejabberd
-    ./ensure-permissions.nix
     ./folderPerms.nix
     ./hosts.nix
     ./mysql-backup.nix

lass/3modules/ensure-permissions.nix

@@ -1,66 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
-
-let
-
-  cfg = config.lass.ensure-permissions;
-
-in
-
-{
-  options.lass.ensure-permissions = mkOption {
-    default = [];
-    type = types.listOf (types.submodule ({
-      options = {
-
-        folder = mkOption {
-          type = types.absolute-pathname;
-        };
-
-        owner = mkOption {
-          # TODO user type
-          type = types.str;
-          default = "root";
-        };
-
-        group = mkOption {
-          # TODO group type
-          type = types.str;
-          default = "root";
-        };
-
-        permission = mkOption {
-          # TODO permission type
-          type = types.str;
-          default = "u+rw,g+rw";
-        };
-
-      };
-    }));
-  };
-
-  config = mkIf (cfg != []) {
-
-  system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
-    ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
-    ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
-    ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
-  '') cfg;
-    systemd.services =
-      listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig = {
-          Restart = "always";
-          RestartSec = 10;
-          ExecStart = pkgs.writeDash "ensure-perms" ''
-            ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
-              | while IFS= read -r FILE; do
-                ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
-                ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
-              done
-          '';
-        };
-      }) cfg)
-    ;
-
-  };
-}

makefu/1systems/sdev/config.nix

@@ -6,13 +6,13 @@
     [ # Include the results of the hardware scan.
       <stockholm/makefu>
 
-       <stockholm/makefu/2configs/hw/vbox-guest.nix>
-      #{ # until virtualbox-image is fixed
-      #  imports = [
-      #      <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
-      #    ];
-      #  boot.loader.grub.device = lib.mkForce "/dev/sda";
-      #}
+      # <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
+      { # until virtualbox-image is fixed
+        imports = [
+            <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+          ];
+        boot.loader.grub.device = lib.mkForce "/dev/sda";
+      }
       <stockholm/makefu/2configs/main-laptop.nix>
       # <secrets/extra-hosts.nix>
 

makefu/1systems/x/config.nix

@@ -11,9 +11,13 @@
       <stockholm/makefu/2configs/home-manager/desktop.nix>
       <stockholm/makefu/2configs/home-manager/cli.nix>
       <stockholm/makefu/2configs/home-manager/mail.nix>
+      <stockholm/makefu/2configs/home-manager/taskwarrior.nix>
+
       <stockholm/makefu/2configs/main-laptop.nix>
       <stockholm/makefu/2configs/extra-fonts.nix>
       <stockholm/makefu/2configs/tools/all.nix>
+      { programs.adb.enable = true; }
+
       <stockholm/makefu/2configs/dict.nix>
       #<stockholm/makefu/3modules/netboot_server.nix>
       #{
@@ -23,7 +27,14 @@
       #  };
       #}
 
+      # Restore:
+      # systemctl cat borgbackup-job-state
+      # export BORG_PASSCOMMAND BORG_REPO BORG_RSH
+      # borg list "$BORG_REPO"
+      # mount newroot somewhere && cd somewhere
+      # borg extract  "$BORG_REPO::x-state-2019-04-17T01:41:51"  --progress # < extract to cwd
       <stockholm/makefu/2configs/backup/state.nix>
+
       # <stockholm/makefu/2configs/dnscrypt/client.nix>
       <stockholm/makefu/2configs/avahi.nix>
       <stockholm/makefu/2configs/support-nixos.nix>
@@ -46,19 +57,18 @@
 
       # Krebs
       <stockholm/makefu/2configs/tinc/retiolum.nix>
-      <stockholm/makefu/2configs/share/gum-client.nix>
+      # <stockholm/makefu/2configs/share/gum-client.nix>
 
 
       # applications
       <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/mail-client.nix>
       <stockholm/makefu/2configs/printer.nix>
-      <stockholm/makefu/2configs/task-client.nix>
       # <stockholm/makefu/2configs/syncthing.nix>
 
       # Virtualization
-      <stockholm/makefu/2configs/virtualisation/libvirt.nix>
-      <stockholm/makefu/2configs/virtualisation/docker.nix>
+      # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
+      # <stockholm/makefu/2configs/virtualisation/docker.nix>
       <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
       #{
       #  networking.firewall.allowedTCPPorts = [ 8080 ];
@@ -71,35 +81,43 @@
       # Services
       <stockholm/makefu/2configs/git/brain-retiolum.nix>
       <stockholm/makefu/2configs/tor.nix>
-      <stockholm/makefu/2configs/vpn/vpngate.nix>
+      # <stockholm/makefu/2configs/vpn/vpngate.nix>
       # <stockholm/makefu/2configs/buildbot-standalone.nix>
       <stockholm/makefu/2configs/remote-build/aarch64-community.nix>
-      <stockholm/makefu/2configs/remote-build/gum.nix>
-      { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
+      # <stockholm/makefu/2configs/remote-build/gum.nix>
+      # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
+
+      <stockholm/makefu/2configs/binary-cache/gum.nix>
+      <stockholm/makefu/2configs/binary-cache/lass.nix>
 
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>
-      <stockholm/makefu/2configs/hw/mceusb.nix>
-      <stockholm/makefu/2configs/hw/malduino_elite.nix>
+      # <stockholm/makefu/2configs/hw/mceusb.nix>
       # <stockholm/makefu/2configs/hw/tpm.nix>
       # <stockholm/makefu/2configs/hw/rtl8812au.nix>
       <stockholm/makefu/2configs/hw/network-manager.nix>
-      <stockholm/makefu/2configs/hw/stk1160.nix>
-      <stockholm/makefu/2configs/hw/irtoy.nix>
+      # <stockholm/makefu/2configs/hw/stk1160.nix>
+      # <stockholm/makefu/2configs/hw/irtoy.nix>
+      # <stockholm/makefu/2configs/hw/malduino_elite.nix>
       <stockholm/makefu/2configs/hw/switch.nix>
       <stockholm/makefu/2configs/hw/bluetooth.nix>
       # <stockholm/makefu/2configs/hw/rad1o.nix>
       <stockholm/makefu/2configs/hw/smartcard.nix>
 
+      {
+        services.upower.enable = true;
+        users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
+      }
+
       # Filesystem
       <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
 
       # Security
       <stockholm/makefu/2configs/sshd-totp.nix>
-      { programs.adb.enable = true; }
+
       # temporary
-      { services.redis.enable = true; }
-      <stockholm/makefu/2configs/pyload.nix>
+      # { services.redis.enable = true; }
+      # <stockholm/makefu/2configs/pyload.nix>
       # <stockholm/makefu/2configs/dcpp/airdcpp.nix>
       # <stockholm/makefu/2configs/nginx/rompr.nix>
       # <stockholm/makefu/2configs/lanparty/lancache.nix>
@@ -136,6 +154,9 @@
   makefu.server.primary-itf = "wlp3s0";
 
   nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.oraclejdk.accept_license = true;
+
+
 
   # configure pulseAudio to provide a HDMI sink as well
   networking.firewall.enable = true;
@@ -163,7 +184,6 @@
     "/home/makefu/.ssh/"
     "/home/makefu/.zsh_history"
     "/home/makefu/.bash_history"
-    "/home/makefu/.zshrc"
     "/home/makefu/bin"
     "/home/makefu/.gnupg"
     "/home/makefu/.imapfilter"
@@ -171,6 +191,7 @@
     "/home/makefu/docs"
     "/home/makefu/.password-store"
     "/home/makefu/.secrets-pass"
+    "/home/makefu/.config/syncthing"
   ];
 
   services.syncthing.user = lib.mkForce "makefu";

makefu/2configs/binary-cache/gum.nix

@@ -0,0 +1,13 @@
+
+{ config, ... }:
+
+{
+  nix = {
+    binaryCaches = [
+      "https://cache.euer.krebsco.de/"
+    ];
+    binaryCachePublicKeys = [
+      "gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg="
+    ];
+  };
+}

makefu/2configs/binary-cache/server.nix

@@ -19,9 +19,10 @@
   };
   services.nginx = {
     enable = true;
-    virtualHosts.nix-serve = {
-      serverAliases = [ "cache.gum.r"
-                        "cache.euer.krebsco.de"
+    virtualHosts."cache.euer.krebsco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      serverAliases = [ # "cache.gum.r"
                         "cache.gum.krebsco.de"
                       ];
       locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";