Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'cloudkrebs/master'

Browse Source
This commit is contained in:
tv 2016-06-06 17:17:07 +02:00
commit dda2887e2c
84 changed files with 2221 additions and 710 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
krebs/3modules/fetchWallpaper.nix
View File

@ -40,11 +40,12 @@ let
};
};
fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
#! ${pkgs.bash}/bin/bash
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
set -euf
mkdir -p ${shell.escape cfg.stateDir}
curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url}
cd ${shell.escape cfg.stateDir}
curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';

3
krebs/3modules/iptables.nix
View File

@ -20,6 +20,7 @@ let
flatten
length
hasAttr
hasPrefix
mkEnableOption
mkOption
mkIf
@ -123,7 +124,7 @@ let
buildRule = tn: cn: rule:
#target validation test:
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
#predicate validation test:
#maybe use iptables-test

51
krebs/3modules/lass/default.nix
View File

@ -12,6 +12,7 @@ with config.krebs.lib;
aliases = [
"dishfire.internet"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
@ -40,10 +41,11 @@ with config.krebs.lib;
cores = 2;
nets = rec {
internet = {
ip4.addr = "162.252.241.33";
ip4.addr = "104.233.79.118";
aliases = [
"echelon.internet"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
@ -79,6 +81,7 @@ with config.krebs.lib;
aliases = [
"prism.internet"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
@ -143,6 +146,7 @@ with config.krebs.lib;
aliases = [
"cloudkrebs.internet"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
@ -174,6 +178,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.12";
aliases = ["uriel.gg23"];
ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.81.176";
@ -205,6 +210,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.11";
aliases = ["mors.gg23"];
ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.0.2";
@ -257,21 +263,56 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
};
shodan = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.0.4";
ip6.addr = "42:0:0:0:0:0:0:50d4";
aliases = [
"shodan.retiolum"
"shodan.r"
"cgit.shodan.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
};
};
users = {
lass = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
mail = "lass@mors.retiolum";
pgp.pubkeys.default = builtins.readFile ./default.pgp;
pubkey = builtins.readFile ./ssh/mors.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
};
lass-uriel = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
mail = "lass@uriel.retiolum";
pubkey = builtins.readFile ./ssh/uriel.rsa;
};
lass-helios = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
mail = "lass@helios.retiolum";
pubkey = builtins.readFile ./ssh/helios.rsa;
};
lass-shodan = {
mail = "lass@shodan.retiolum";
pubkey = builtins.readFile ./ssh/shodan.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
};
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
};
}

52
krebs/3modules/lass/default.pgp
View File

@ -1,52 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
It6jrzDh3+COSQ==
=0gFT
-----END PGP PUBLIC KEY BLOCK-----

51
krebs/3modules/lass/pgp/mors.pgp Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFcWQhEBEADwt+hHRZxZx05USejn4x5LVWqqg5I2nIzjwI8pVyBra2AmXaMA
SAImFk1W6oM35rwYmez6TG8QC7RPRUrMHX2aAdDwJ/VtU/b87q0ICwlMxYUnikg1
tsHV4kRB7ukm+Rs0ECMqZzjwdlbiEEfQ6VPUrIBzDHeD0idkC82DonZ6xe083klH
LpO36ckBOtyaoZZspzRu5yB76vsbeviVqsQ9WTQ8GoQk1i6FUbTbtOlvjhtx05Rk
ic66RrfFSM/ElLe5yA96kZd7m/Sn9WIRwRj3clxnT1vAVpMlpISsTutEQtuG3MDX
tT3EPVSSZEEcY1xxlJF+u1JZu4QqqtH+nczjshv+z3HZdmGd7OGqmgI8D3Ly/Ufi
Uyz+ewZbhbgy/XSHqwriUbnMuE9OKxx0LqlQLA59+/icT+upW4TexiHKd6PYeSeJ
kCxUEAmzqxsnilmwbehQrmmhI7uzxT8YxNGjF5mRJ1zOY55praTMKlp3MOxKvVPn
EZSyWm/22CuUZZEX0XR6TBgkL71VoGrlaezADzhHu9i5yBwbNCuiE2CYcS5IuDf+
GkoKGtWeLbXTXccWOaIItSzlVUcJx3D009kTXeLEo2T1RPpz41LMvqWkUlZg4CA1
zMAcudsXDtXGJEvS3dZAaiUUdASktzNL/ltuW/CXITJ0V7UjmA0pOyLDOQARAQAB
tBlsYXNzdWx1cyA8bGFzc0BsYXNzdWwudXM+iQI3BBMBCAAhBQJXFkIRAhsDBQsJ
CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEInoKVKXan5NFVsP/RfU4dychz5eadnN
/iCybL2eXCkpNbSJaPVqKKmBqY4oDEqK0NekwgOiWXFuFI6BpNyTW5z1a2PaBgF2
bG5K/k/aGnzUUqH+LhtMCYr90UjJPtsrgi+C5poL4e2EsPN1SASSOSYFtYY1EQCe
NcYut2foM/PjviJKuS9t/kJxmZn8Vi3+qQKSwys219IQuXqos44aihjnwEL+TR6D
MgcDCW2QSCqB5kfksjustSihDck8ZkT+nISTrSdZVPzROcyBeswN/UqjOUBZd1p1
sO7SqDaBnzovRD3G4kyscepPWChnOFCIq9tuE2Mai2QliQ4q1Bn0+8uhLPLG+nQI
leL/6pFXY9ecjmpqrSAXEysDUgfpiqJzDtv8WC3fY7wl88/ROiHrgF8x5P4PmUMl
oTfe+BGQar6BNV3rStPsW6Ogm6Mu6WNVXCRIJboM+ev3JdVSGF/ehnmb06EGCIrI
ahWbMViDSAjOvM92By/RJkP8ADCN2ezvdf86Ubyib5EyRoleu0WHvtO1mLQn0pIP
cYCGXrnQlkduC7ENS942hLUq976LPH1ZatM26gaN1MKxN03v+6e9E6jtxUH3wWk1
oDGddTl+zu4fqUxEAA391sPMhp+DTVxXmPKvpnJivKAsL2Hkg0vKQt6VQNEv2Lgm
G8vdqOcapWLBcddR9d0DpFgkZNQCuQINBFcWQhEBEADgv6HfZQyxuiFpHQbt59s4
7mA4AmzgjA1GiS73xo16qjwLieKPJWlrgPk4OOwqQpdygZ9LAhH+FIqcGo4wCNKL
1qiMQeQcFOACvLOfxpv8F1TkOc9IbQUoMPxXEYRK/c0ZtaWpe8dy4QL3tDwS/ovk
sCZBpvXdpJXDuccfTQ23UPozWKs21JAIKqbO7p5n86VGr0Co07xmBsxOK6ylK8YM
ftBjugfbxfmFApW2lAsjeDe7J5RY6W5NaeMg/IxTy6wkfoz1UjwtQaRvp1XbWqPz
Ib+mx8AeRQQXzuVKxS20ZVgazSZHg1PYu9PoKTIWK0NLd68CydcQ4q6F3PjNytFH
tDM13q5kWmTU0yFy2OWvy4JAq2z02C+Z+/+nffp0ZfsdEeVNm5ZvlDLmOYMWFzDj
OScYgBYIAvAs3pYV+xl6pxvdTyI3JXed7Q889e36TC3mwUIR4sL+oOfctA7Swzkr
aU8uMCwIE6ppGsxIcXQt15sUjgM5THXzAQXVkbM8i1x9F0JjP7bFMWcIP1pmqcaO
6znM2D/wocY+RO3xYj0GLFgRBW2O/pJUWrWHInpO3mrwZeRMGZix5nZH8U6cvfD5
9SwIVdyKj6sZklcS2JJclBDrAudYUbckAuV7KI1ZWcU4kVS3joYdWcFQO3vOxJW5
mGXML9roJXeXN664iNBgpQARAQABiQIfBBgBCAAJBQJXFkIRAhsMAAoJEInoKVKX
an5NGhcP/jkeR/fYPYuYEUWLGBxq2hFhwMssiJ+pwx5Nj+Kh9rLm90LBLCcwBVu0
ILbaePkPCmin8p9F+AOy11DsWb5lBrlyUqU6+ID9nY/WbNL5ZYl6zIBmuYQ5qFEA
n5NQD6hLllC6wyOqIeKXrnkvFJMW8+W0aYRQh7hhpAzyJz9gawXWvWY45NhWl3Tm
S3LfJbA5nM6uZvO0VU7LERgfwTgPSjMwYVQGtktndy9N4Avi1N02l5BEmuZoXwTC
oQuW6LiAPGE2ztXztyNGnUYUAGMWl22UTezqfU/aOG9Qum+QebwTgBUH4pTgLiV/
pWxXib517wGkect/0Yd+zcya8lA7x1EzFFMb3i4ToawIz76I2ncIlpC2q31x2nVI
6fBW4kfu8AR7XW9Yyv+plIuva1AeTf+sMc7FSb5CpOmjjLpUfQ96vZvQwarcEip7
UmOBoAoFdhtwJotskBOje52AUgDIBWZrIfH1bq7/NjAO73UdR1mJkOpY01qQXkED
TiLeIBGYqseCbnJNi1PVOVNEOT4Up3/RSjpAu8dBrXKqx7yS8bKlVk3RsIDlgyb4
rWMc88uBl57YsjSnQN36LN7j0hPpb0TAD1OsPI1pepsKUAPZKA2EAyLXKyQ3oLqN
DWU4ZWpIi8+RKm3UpWgQ9qN4tuRHvVX/AQjEW1LkhfmR2VIqnrkv
=fgFG
-----END PGP PUBLIC KEY BLOCK-----

30
krebs/3modules/lass/pgp/shodan.pgp Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQENBFc/U8EBCADaPobNwlm8oI3cVtDhsdHpW7gyNTloqM1JdUPoJ30kS8xIbKfF
U+UWEj+/G0hXg3jGpqsYKzCegLcZuvKrLuyWas3nFync/KeWjPpmQWh8h/AQ63gi
6FjikRS9iDHEnUBqXXymG6JOo9NrGX7viWcPx+rQzvXOFxVYt1JJY+Ki30tSL+0l
igJBJ+x2qndnlPZE9uyKjYC9+9NlZ04h5WOponTtgIddBlBPhIOAW+f5mBVeWuaK
8wPBY2z98ZIclwdTohCpBRjs/EAEhN+2djSjyJti2TARceMKV2ZLRoUh6bNqj3xV
Y4IkDe47dS8rRmH/xj+9odJjtlbFHDmtElcfABEBAAG0HWxhc3NAc2hvZGFuLnIg
PGxhc3NAc2hvZGFuLnI+iQE3BBMBCAAhBQJXP1PBAhsDBQsJCAcCBhUICQoLAgQW
AgMBAh4BAheAAAoJECOf1I8qjNLnWCsH/Rr70NVjCpqou5JRJqc9NMYJflH8qUSR
xxYsVXaLjf1sa5X0qbq1u5EaYQGsdP7qKuLggoom7CGBhG3WZnfhuLi9y2IXAFo8
RprBmrTmXgpXqm8IrcWMDJUEwhjUn+x1iCnGUfmbUpIdBIj8HsCfDUmg+WT0GflT
9tfYR0v1vRzK6WWYEobP9abhZdjOHIS8cXDgFVREllKjjOcLzsB23I9g1nlvX3+W
J7iliC4s1OGvcpw0MHl/1KRpSBXK3we0WTNZLIJXr8W+BvURYxhVfbvgjHuv6K0h
J0a/me8nkh05pdRLLGL+C8eFjAXALnTIxgiVNGjtXBAR+/HN2//iG665AQ0EVz9T
wQEIAMsxDQ3Y5SL2gI1EjEuCc6RyTSBmsna9g/wKjzUbcB9zpEN9i85NDRvvfGn6
ihxI9Z1rvn8zr8MKu9OcZB2XEQDriHUcS4IxnZzdbUIKOtR+1BjZvMKupbw+KHag
WoeUh+tfb50bEMy/Z6Mp5mLOyXMyyiGS3CHJ6sHUXTub6kuHQnAOqiMsqnegZMcS
sF+NpSNoSngC060jgh7fl4T8M3Vuv9NKGu9+0J48QR+LFsKe/7LwRQ9HFSH4sPeD
vQI1BEo4piXthwd6mUHCbish38H77PGO0kKHaJ0HkBu+3tKXP1JJdm9SiN+ypUIB
FyfLpaWf6pcc/0QX6qE4gL00MI0AEQEAAYkBHwQYAQgACQUCVz9TwQIbDAAKCRAj
n9SPKozS5w85B/4o2Zf7oLqjNmOu+YE0fNJmbGCETNotNnE/GToiejNAM9B/rYJe
qjM9/kq0GJKVfKKrBGA0YQy9O847TVW26gPeiEgS7DO1Dl9YiLJJVzUGlOPijTIJ
A3LmMCLU/M3+a/33HGjm7gYk+aRwqOwHeC+f1pder8InoC3ebWupfcQsWkwTVqZk
lrLzoywjqQcdjAYFJp1c0ZxXyrgOS4dIGMU+o+DDCyK/ry9UGd3ZacMqDsyWO51A
iXDMtvVsuxbIP5o3muF9kEX7hx4EF7+MzRI3FjYwlHLNw+v3OVhfOxuPSt71VOiC
G2aT2z4sz8+qbOIIG3JX99osG6v683lvDUCW
=s4OM
-----END PGP PUBLIC KEY BLOCK-----

1
krebs/3modules/lass/ssh/helios.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios

1
krebs/3modules/lass/ssh/mors.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors

1
krebs/3modules/lass/ssh/shodan.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan

1
krebs/3modules/lass/ssh/uriel.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel

44
krebs/3modules/makefu/default.nix
View File

@ -270,8 +270,8 @@ with config.krebs.lib;
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
#ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
#ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
};
wbob = rec {
cores = 1;
@ -409,6 +409,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e";
aliases = [
"heidi.r"
"heidi.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -424,6 +425,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
soundflower = rec {
cores = 1;
nets = {
@ -479,12 +481,12 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
@ -594,7 +596,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
} // { # hosts only maintained in stockholm, not owned by me
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
aliases = [ "tpsw.r" "tpsw.retiolum" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
users = rec {
makefu = {
@ -615,6 +638,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
};
ciko = {
mail = "wieczorek.stefan@googlemail.com";
};
exco = {
mail = "dickbutt@excogitation.de";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";

2
krebs/3modules/nginx.nix
View File

@ -119,7 +119,7 @@ let
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
server {
server_name ${toString server-names};
server_name ${toString (unique server-names)};
${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
${optionalString ssl.enable (indent ''
listen 443 ssl;

5
krebs/3modules/per-user.nix
View File

@ -26,7 +26,10 @@ let
environment = {
etc = flip mapAttrs' cfg (name: { packages, ... }: {
name = "per-user/${name}";
value.source = pkgs.symlinkJoin "per-user.${name}" packages;
value.source = pkgs.symlinkJoin {
name = "per-user.${name}";
paths = packages;
};
});
profiles = ["/etc/per-user/$LOGNAME"];
};

4
krebs/3modules/retiolum.nix
View File

@ -102,6 +102,10 @@ let
The list of hosts in the network which the client will try to connect
to. These hosts should have an 'Address' configured which points to a
routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring:
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 =
[ "${external-ip} ${external-port}" ]
'';
};

13
krebs/5pkgs/default.nix
View File

@ -36,6 +36,19 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
#buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
# inherit (pkgs.pythonPackages) twisted jinja2;
# dateutil = pkgs.pythonPackages.dateutil_1_5;
# sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
# doCheck = false;
# });
#};
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = pkgs.symlinkJoin args;
in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
test = {
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
};

4
krebs/5pkgs/fortclientsslvpn/default.nix
View File

@ -5,6 +5,10 @@ stdenv.mkDerivation rec {
# forticlient will be copied into /tmp before execution. this is necessary as
# the software demands $base to be writeable
# mkdir /etc/ppp ; touch /etc/ppp/options
## i still have not found which tool uses tail ... i tried redirecting it in forticlientsslvpn and subproc
# ln -s /run/current-system/sw/bin/tail /usr/bin/tail
src = fetchurl {
# archive.org mirror:
# https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz

4
krebs/5pkgs/repo-sync/default.nix
View File

@ -2,7 +2,7 @@
with python3Packages; buildPythonPackage rec {
name = "repo-sync-${version}";
version = "0.2.5";
version = "0.2.6";
disabled = isPy26 || isPy27;
propagatedBuildInputs = [
docopt
@ -11,7 +11,7 @@ with python3Packages; buildPythonPackage rec {
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz";
sha256 = "1a59bj0vc5ajq8indkvkdk022yzvvv5mjb57hk3xf1j3wpr85p84";
sha256 = "1hqa9qw9qg7mxgniqzys9szycs05llg4yik8a9wz94a437zzarsk";
};
meta = {
homepage = http://github.com/makefu/repo-sync;

6
lass/1systems/cloudkrebs.nix
View File

@ -8,11 +8,13 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/fastpoke-pages.nix
../2configs/git.nix
../2configs/realwallpaper.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
{

27
lass/1systems/dishfire.nix
View File

@ -4,9 +4,9 @@
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/websites/fritz.nix
{
boot.loader.grub = {
device = "/dev/vda";
@ -26,10 +26,19 @@
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "/dev/pool/srv_http";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
}
{
networking.dhcpcd.allowInterfaces = [
@ -40,6 +49,20 @@
{
sound.enable = false;
}
{
environment.systemPackages = with pkgs; [
mk_sql_pair
];
}
{
imports = [
../2configs/websites/fritz.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
];
krebs.build.host = config.krebs.hosts.dishfire;

3
lass/1systems/echelon.nix
View File

@ -8,7 +8,8 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix

13
lass/1systems/helios.nix
View File

@ -5,10 +5,13 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
../2configs/pass.nix
../2configs/fetchWallpaper.nix
../2configs/backups.nix
#{
# users.extraUsers = {
# root = {
@ -52,6 +55,16 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
"/home" = {
device = "/dev/pool/home";
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
};
#services.udev.extraRules = ''

165
lass/1systems/mors.nix
View File

@ -4,6 +4,7 @@
imports = [
../.
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/programs.nix
../2configs/bitcoin.nix
../2configs/browsers.nix
@ -13,7 +14,7 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
../2configs/texlive.nix
#../2configs/texlive.nix
../2configs/binary-caches.nix
#../2configs/ircd.nix
../2configs/chromium-patched.nix
@ -26,6 +27,8 @@
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
../2configs/cbase.nix
../2configs/mail.nix
../2configs/krebs-pass.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@ -33,124 +36,28 @@
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
{
#static-nginx-test
imports = [
../3modules/static_nginx.nix
];
lass.staticPage."testserver.de" = {
#sslEnable = true;
#certificate = "${toString <secrets>}/testserver.de/server.cert";
#certificate_key = "${toString <secrets>}/testserver.de/server.pem";
ssl = {
enable = true;
certificate = "${toString <secrets>}/testserver.de/server.cert";
certificate_key = "${toString <secrets>}/testserver.de/server.pem";
};
};
networking.extraHosts = ''
10.243.0.2 testserver.de
'';
}
#{
# #wordpress-test
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
# imports = [
# ../3modules/wordpress_nginx.nix
# ];
# lass.wordpress."testserver.de" = {
# multiSite = {
# "1" = "testserver.de";
# "2" = "bla.testserver.de";
# };
# };
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
# networking.extraHosts = ''
# 10.243.0.2 testserver.de
# '';
# krebs.iptables.tables.filter.INPUT.rules = [
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
# ];
#}
#{
# #owncloud-test
# #imports = singleton (sitesGenerators.createWordpress "testserver.de");
# imports = [
# ../3modules/owncloud_nginx.nix
# ];
# lass.owncloud."owncloud-test.de" = {
# services.elasticsearch = {
# enable = true;
# plugins = [
# # pkgs.elasticsearchPlugins.elasticsearch_kopf
# ];
# };
#}
#{
# services.postgresql = {
# enable = true;
# package = pkgs.postgresql;
# };
# #services.mysql = {
# # enable = true;
# # package = pkgs.mariadb;
# # rootPassword = "<secrets>/mysql_rootPassword";
# #};
# networking.extraHosts = ''
# 10.243.0.2 owncloud-test.de
# '';
# krebs.iptables.tables.filter.INPUT.rules = [
# { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
# ];
#}
{
containers.pythonenv = {
config = {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
environment = {
systemPackages = with pkgs; [
git
libxml2
libxslt
libzip
python27Full
python27Packages.buildout
stdenv
zlib
];
pathsToLink = [ "/include" ];
shellInit = ''
# help pip to find libz.so when building lxml
export LIBRARY_PATH=/var/run/current-system/sw/lib
# ditto for header files, e.g. sqlite
export C_INCLUDE_PATH=/var/run/current-system/sw/include
'';
};
};
};
}
{
services.mysql = {
enable = true;
package = pkgs.mariadb;
rootPassword = "<secrets>/mysql_rootPassword";
};
}
{
services.elasticsearch = {
enable = true;
plugins = [
# pkgs.elasticsearchPlugins.elasticsearch_kopf
];
};
}
{
services.postgresql = {
enable = true;
package = pkgs.postgresql;
};
}
];
@ -158,15 +65,6 @@
networking.wireless.enable = true;
networking.extraHosts = ''
213.239.205.240 wohnprojekt-rhh.de
213.239.205.240 karlaskop.de
213.239.205.240 makeup.apanowicz.de
213.239.205.240 pixelpocket.de
213.239.205.240 reich-gebaeudereinigung.de
213.239.205.240 o.ubikmedia.de
'';
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
@ -206,7 +104,7 @@
fsType = "ext4";
};
"/mnt/backups" = {
"/bku" = {
device = "/dev/big/backups";
fsType = "ext4";
};
@ -277,14 +175,14 @@
emulateWheel = true;
};
#services.xserver = {
# videoDriver = "intel";
# vaapiDrivers = [ pkgs.vaapiIntel ];
# deviceSection = ''
# Option "AccelMethod" "sna"
# BusID "PCI:0:2:0"
# '';
#};
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''
Option "AccelMethod" "sna"
BusID "PCI:0:2:0"
'';
};
environment.systemPackages = with pkgs; [
acronym
@ -293,6 +191,9 @@
get
teamspeak_client
hashPassword
urban
mk_sql_pair
remmina
];
#TODO: fix this shit
@ -324,16 +225,4 @@
];
};
};
#touchpad config
services.xserver.synaptics = {
enable = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
tapButtons = false;
twoFingerScroll = true;
};
}

81
lass/1systems/prism.nix
View File

@ -2,15 +2,32 @@
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
manageCerts
;
in {
imports = [
../.
../2configs/base.nix
../2configs/default.nix
../2configs/exim-smarthost.nix
../2configs/downloading.nix
../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/privoxy-retiolum.nix
../2configs/radio.nix
../2configs/buildbot-standalone.nix
{
imports = [
../2configs/git.nix
( manageCerts [ "cgit.lassul.us" ])
];
krebs.nginx.servers.cgit.server-names = [
"cgit.lassul.us"
];
}
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@ -77,6 +94,18 @@ in {
device = "/dev/pool/download";
};
fileSystems."/srv/http" = {
device = "/dev/pool/http";
};
fileSystems."/srv/o.ubikmedia.de-data" = {
device = "/dev/pool/owncloud-ubik-data";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
};
}
{
sound.enable = false;
@ -117,7 +146,7 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
];
}
@ -130,15 +159,57 @@ in {
../2configs/websites/domsen.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
client.enable = true;
};
}
{
security.acme = {
certs."lassul.us" = {
email = "lass@lassul.us";
webroot = "/var/lib/acme/challenges/lassul.us";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
"full.pem"
];
user = "ejabberd";
};
};
krebs.nginx.servers."lassul.us" = {
server-names = [ "lassul.us" ];
locations = [
(lib.nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/lassul.us/;
'')
];
};
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
certfile = "/var/lib/acme/lassul.us/full.pem";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
];
}
{
imports = [
../2configs/realwallpaper-server.nix
];
krebs.nginx.servers."lassul.us".locations = [
(lib.nameValuePair "/wallpaper.png" ''
alias /tmp/wallpaper.png;
'')
];
}
];
krebs.build.host = config.krebs.hosts.prism;

76
lass/1systems/shodan.nix Normal file
View File

@ -0,0 +1,76 @@
{ config, pkgs, ... }:
with builtins;
{
imports = [
../.
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/fetchWallpaper.nix
../2configs/backups.nix
#{
# users.extraUsers = {
# root = {
# openssh.authorizedKeys.keys = map readFile [
# ../../krebs/Zpubkeys/uriel.ssh.pub
# ];
# };
# };
#}
{
#x220 config from mors
#TODO: make x220 config file (or look in other user dir)
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 0;
emulateWheel = true;
};
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''
Option "AccelMethod" "sna"
BusID "PCI:0:2:0"
'';
};
}
];
krebs.build.host = config.krebs.hosts.shodan;
networking.wireless.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
#'';
}

6
lass/1systems/uriel.nix
View File

@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/games.nix
../2configs/pass.nix
@ -47,6 +48,11 @@ with builtins;
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};

135
lass/2configs/backups.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, lib, ... }:
with config.krebs.lib;
{
krebs.backup.plans = {
} // mapAttrs (_: recursiveUpdate {
snapshots = {
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
}) {
dishfire-http-prism = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
startAt = "03:00";
};
dishfire-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
startAt = "03:05";
};
dishfire-http-uriel = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
startAt = "03:10";
};
dishfire-sql-prism = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
startAt = "03:15";
};
dishfire-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
startAt = "03:20";
};
dishfire-sql-uriel = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
startAt = "03:25";
};
prism-bitlbee-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-uriel = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-chat-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
startAt = "03:30";
};
prism-chat-uriel = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
startAt = "03:35";
};
prism-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
startAt = "03:40";
};
prism-sql-uriel = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
startAt = "03:45";
};
prism-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
startAt = "03:50";
};
prism-http-uriel = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
startAt = "03:55";
};
uriel-home-mors = {
method = "pull";
src = { host = config.krebs.hosts.uriel; path = "/home"; };
dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
startAt = "04:00";
};
mors-home-uriel = {
method = "push";
src = { host = config.krebs.hosts.mors; path = "/home"; };
dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
startAt = "05:00";
};
dishfire-http-helios = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
startAt = "12:00";
};
dishfire-sql-helios = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
startAt = "12:15";
};
prism-sql-helios = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
startAt = "12:30";
};
prism-http-helios = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
startAt = "12:45";
};
};
}

7
lass/2configs/baseX.nix
View File

@ -4,9 +4,10 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
./base.nix
./default.nix
#./urxvt.nix
./xserver
./mpv.nix
];
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@ -33,17 +34,19 @@ in {
dmenu
gitAndTools.qgit
lm_sensors
much
nmap
pavucontrol
powertop
push
slock
sxiv
xclip
xorg.xbacklight
xsel
zathura
mpv
mpv-poll
yt-next
#window manager stuff

24
lass/2configs/browsers.nix
View File

@ -14,7 +14,7 @@ let
useDefaultShell = true;
createHome = true;
};
lass.per-user.${name}.packages = packages;
krebs.per-user.${name}.packages = packages;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -35,7 +35,7 @@ let
useDefaultShell = true;
createHome = true;
};
lass.per-user.${name}.packages = packages;
krebs.per-user.${name}.packages = packages;
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
@ -59,20 +59,10 @@ in {
imports = [
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] )
( createChromiumUser "com" [ "video" "audio" ] [ pkgs.chromium ] )
];
nixpkgs.config.packageOverrides = pkgs : {
flash = pkgs.chromium.override {
# pulseSupport = true;
enablePepperFlash = true;
};
#chromium = pkgs.chromium.override {
# pulseSupport = true;
#};
};
}

55
lass/2configs/buildbot-standalone.nix
View File

@ -1,15 +1,16 @@
{ lib, config, pkgs, ... }:
{
#networking.firewall.allowedTCPPorts = [ 8010 9989 ];
krebs.buildbot.master = {
krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ;
in {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
stockholm_repo = 'http://cgit.mors/stockholm'
stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branch='master',
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
'';
@ -20,10 +21,12 @@
builderNames=["fast-tests"]))
'';
fast-tests-scheduler = ''
# test the master real quick
# test everything real quick
sched.append(schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch="master"),
name="fast-master-test",
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
# treeStableTimer=10,
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
};
@ -38,7 +41,10 @@
deps = [ "gnumake", "jq","nix","rsync" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
nixshell = ["nix-shell",
"-I", "stockholm=.",
"-I", "nixpkgs=/var/src/nixpkgs",
"-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
@ -48,13 +54,26 @@
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
addShell(f,name="mors-eval",env=env,
command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
for i in [ "prism", "mors", "echelon" ]:
addShell(f,name="populate-{}".format(i),env=env,
command=nixshell + \
["{}( make system={} eval.config.krebs.build.populate \
| jq -er .)".format("!" if "failing" in i else "",i)])
addShell(f,name="build-test-minimal",env=env,
command=nixshell + \
["nix-instantiate \
--show-trace --eval --strict --json \
-I nixos-config=./shared/1systems/test-minimal-deploy.nix \
-I secrets=. \
-A config.system.build.toplevel"]
)
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
'';
'';
};
enable = true;
web.enable = true;
@ -72,7 +91,17 @@
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs;[ git nix ];
extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
packages = with pkgs;[ git nix gnumake jq rsync ];
extraEnviron = {
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
};
};
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
];
};
};
}

34
lass/2configs/base.nix → lass/2configs/default.nix
View File

@ -7,10 +7,11 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import /root/secrets/hashedPasswords.nix);
(import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
@ -18,7 +19,7 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
config.krebs.users.lass-helios.pubkey
config.krebs.users.lass-shodan.pubkey
];
};
mainUser = {
@ -29,10 +30,12 @@ with config.krebs.lib;
createHome = true;
useDefaultShell = true;
extraGroups = [
"fuse"
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
config.krebs.users.lass-shodan.pubkey
];
};
};
@ -45,7 +48,6 @@ with config.krebs.lib;
krebs = {
enable = true;
search-domain = "retiolum";
exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
@ -54,8 +56,8 @@ with config.krebs.lib;
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "40c586b7ce2c559374df435f46d673baf711c543";
url = https://github.com/lassulus/nixpkgs;
rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@ -85,9 +87,12 @@ with config.krebs.lib;
MANPAGER=most
'';
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
@ -102,12 +107,20 @@ with config.krebs.lib;
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
krebspaste
psmisc
untilport
#unpack stuff
p7zip
unzip
unrar
];
programs.bash = {
@ -145,10 +158,6 @@ with config.krebs.lib;
'';
};
security.setuidPrograms = [
"sendmail"
];
services.openssh = {
enable = true;
hostKeys = [
@ -165,6 +174,13 @@ with config.krebs.lib;
krebs.iptables = {
enable = true;
tables = {
nat.PREROUTING.rules = [
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [

3
lass/2configs/downloading.nix
View File

@ -3,7 +3,7 @@
with config.krebs.lib;
let
rpc-password = import <secrets/transmission-pw.nix>;
rpc-password = import <secrets/transmission-pw>;
in {
imports = [
../3modules/folderPerms.nix
@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
];
};

10
lass/2configs/exim-retiolum.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
{
krebs.exim-retiolum.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
];
}

51
lass/2configs/exim-smarthost.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
{
krebs.exim-smarthost = {
enable = true;
dkim = [
{ domain = "lassul.us"; }
];
sender_domains = [
"lassul.us"
"aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
{ from = "lass@lassul.us"; to = lass.mail; }
{ from = "lassulus@lassul.us"; to = lass.mail; }
{ from = "test@lassul.us"; to = lass.mail; }
{ from = "outlook@lassul.us"; to = lass.mail; }
{ from = "steuer@aidsballs.de"; to = lass.mail; }
{ from = "lass@aidsballs.de"; to = lass.mail; }
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
{ from = "postmaster"; to = "root"; }
{ from = "nobody"; to = "root"; }
{ from = "hostmaster"; to = "root"; }
{ from = "usenet"; to = "root"; }
{ from = "news"; to = "root"; }
{ from = "webmaster"; to = "root"; }
{ from = "www"; to = "root"; }
{ from = "ftp"; to = "root"; }
{ from = "abuse"; to = "root"; }
{ from = "noc"; to = "root"; }
{ from = "security"; to = "root"; }
{ from = "root"; to = "lass"; }
];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
];
}

101
lass/2configs/fastpoke-pages.nix
View File

@ -1,101 +0,0 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
createStaticPage = domain:
{
krebs.nginx.servers."${domain}" = {
server-names = [
"${domain}"
"www.${domain}"
];
locations = [
(nameValuePair "/" ''
root /var/lib/http/${domain};
'')
];
};
#networking.extraHosts = ''
# 10.243.206.102 ${domain}
#'';
users.extraUsers = {
${domain} = {
name = domain;
home = "/var/lib/http/${domain}";
createHome = true;
};
};
};
in {
imports = map createStaticPage [
"habsys.de"
"pixelpocket.de"
"karlaskop.de"
"ubikmedia.de"
"apanowicz.de"
];
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
];
};
};
krebs.nginx = {
enable = true;
servers = {
#"habsys.de" = {
# server-names = [
# "habsys.de"
# "www.habsys.de"
# ];
# locations = [
# (nameValuePair "/" ''
# root /var/lib/http/habsys.de;
# '')
# ];
#};
#"karlaskop.de" = {
# server-names = [
# "karlaskop.de"
# "www.karlaskop.de"
# ];
# locations = [
# (nameValuePair "/" ''
# root /var/lib/http/karlaskop.de;
# '')
# ];
#};
#"pixelpocket.de" = {
# server-names = [
# "pixelpocket.de"
# "www.karlaskop.de"
# ];
# locations = [
# (nameValuePair "/" ''
# root /var/lib/http/karlaskop.de;
# '')
# ];
#};
};
};
#services.postgresql = {
# enable = true;
#};
#config.services.vsftpd = {
# enable = true;
# userlistEnable = true;
# userlistFile = pkgs.writeFile "vsftpd-userlist" ''
# '';
#};
}

2
lass/2configs/fetchWallpaper.nix
View File

@ -5,7 +5,7 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
url = "echelon/wallpaper.png";
url = "cloudkrebs/wallpaper.png";
};
}

2
lass/2configs/games.nix
View File

@ -13,7 +13,7 @@ in {
name = "games";
description = "user playing games";
home = "/home/games";
extraGroups = [ "audio" "video" "input" ];
extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
};

9
lass/2configs/git.nix
View File

@ -35,6 +35,10 @@ let
newsbot-js = {};
kimsufi-check = {};
realwallpaper = {};
xmonad-stockholm = {};
the_playlist = {};
} // mapAttrs make-public-repo-silent {
the_playlist = {};
};
restricted-repos = mapAttrs make-restricted-repo (
@ -62,6 +66,11 @@ let
};
};
make-public-repo-silent = name: { desc ? null, ... }: {
inherit name desc;
public = true;
};
make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
inherit name collaborators desc;
public = false;

21
lass/2configs/krebs-pass.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
let
#TODO: tab-completion
krebs-pass = pkgs.writeDashBin "krebs-pass" ''
PASSWORD_STORE_DIR=$HOME/.krebs-pass \
exec ${pkgs.pass}/bin/pass $@
'';
krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" ''
PASSWORD_STORE_DIR=$HOME/.krebs-pass \
exec ${pkgs.pass}/bin/passmenu $@
'';
in {
krebs.per-user.lass.packages = [
krebs-pass
krebs-passmenu
];
}

110
lass/2configs/mail.nix Normal file
View File

@ -0,0 +1,110 @@
{ pkgs, ... }:
let
msmtprc = pkgs.writeText "msmtprc" ''
defaults
logfile ~/.msmtp.log
account prism
host prism.r
account default: prism
'';
msmtp = pkgs.writeDashBin "msmtp" ''
exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
'';
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0x976A7E4D
set crypt_autosign = yes
set crypt_replyencrypt = yes
set crypt_verify_sig = yes
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
macro index \Cv \
"<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
<enter-command> set crypt_verify_sig=yes<enter> \
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
'Verify PGP signature and open the message'
macro pager \Cv \
"<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
<enter-command> set crypt_verify_sig=yes<enter> \
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
'Verify PGP signature'
# notmuch
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
set nm_record = yes
set nm_record_tags = "-inbox me archive"
set virtual_spoolfile=yes # enable virtual folders
set sendmail="msmtp" # enables parsing of outgoing mail
set use_from=yes
set envelope_from=yes
set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?"
virtual-mailboxes \
"INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
"Unread" "notmuch://?query=tag:unread"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
"Sent" "notmuch://?query=tag:sent"\
"Junk" "notmuch://?query=tag:junk"
tag-transforms "junk" "k" \
"unread" "u" \
"replied" "" \
"TODO" "T" \
# notmuch bindings
macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
#killed
bind index d noop
bind pager d noop
bind pager S noop
macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
bind index t noop
bind pager t noop
macro index t "<modify-labels>+TODO\n" # tag as Archived
# sidebar
set sidebar_width = 20
set sidebar_visible = yes # set to "no" to disable sidebar view at startup
color sidebar_new yellow default
# sidebar bindings
bind index <left> sidebar-prev # got to previous folder in sidebar
bind index <right> sidebar-next # got to next folder in sidebar
bind index <space> sidebar-open # open selected folder from sidebar
# sidebar toggle
macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>"
macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>"
macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
'';
mutt = pkgs.writeDashBin "mutt" ''
exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
'';
in {
environment.systemPackages = [
msmtp
mutt
pkgs.much
pkgs.notmuch
];
}

49
lass/2configs/mpv.nix Normal file
View File

@ -0,0 +1,49 @@
{ pkgs, lib, ... }:
let
mpv-config = pkgs.writeText "mpv-config" ''
script=${lib.concatStringsSep "," [
good
delete
]}
'';
mpv = pkgs.writeDashBin "mpv" ''
exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@"
'';
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
good = moveToDir "G" "./.good";
delete = moveToDir "D" "./.graveyard";
deleteCurrentTrack = pkgs.writeText "delete.lua" ''
deleted_tmp = "./.graveyard"
-- Delete the current track by moving it to the `deleted_tmp` location.
function delete_current_track()
track = mp.get_property("path")
os.execute("mkdir -p '" .. deleted_tmp .. "'")
os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'")
print("'" .. track .. "' deleted.")
end
mp.add_key_binding("D", "delete_current_track", delete_current_track)
'';
in {
krebs.per-user.lass.packages = [
mpv
];
}

1
lass/2configs/newsbot-js.nix
View File

@ -154,7 +154,6 @@ let
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
tigsource|http://www.tigsource.com/feed/|#news
times|http://www.thetimes.co.uk/tto/news/rss|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news

3
lass/2configs/pass.nix
View File

@ -1,10 +1,9 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
krebs.per-user.lass.packages = with pkgs; [
pass
gnupg1
];
services.xserver.startGnuPGAgent = true;
}

1
lass/2configs/programs.nix
View File

@ -8,7 +8,6 @@
htop
i3lock
mosh
mpv
pass
pavucontrol
pv

195
lass/2configs/radio.nix Normal file
View File

@ -0,0 +1,195 @@
{ config, pkgs, ... }:
with config.krebs.lib;
let
name = "radio";
mainUser = config.users.extraUsers.mainUser;
inherit (config.krebs.lib) genid;
admin-password = import <secrets/icecast-admin-pw>;
source-password = import <secrets/icecast-source-pw>;
add_random = pkgs.writeDashBin "add_random" ''
mpc add "$(mpc ls | shuf -n1)"
'';
skip_track = pkgs.writeDashBin "skip_track" ''
${add_random}/bin/add_random
echo skipping: "$(${print_current}/bin/print_current)"
${pkgs.mpc_cli}/bin/mpc -q next
'';
print_current = pkgs.writeDashBin "print_current" ''
echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \
$(${pkgs.mpc_cli}/bin/mpc current -f %file% \
| ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@http://www.youtube.com/watch?v=\1@')"
'';
in {
users.users = {
"${name}" = rec {
inherit name;
group = name;
uid = genid name;
description = "radio manager";
home = "/home/${name}";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
};
users.groups = {
"radio" = {};
};
krebs.per-user.${name}.packages = with pkgs; [
add_random
skip_track
print_current
ncmpcpp
mpc_cli
tmux
];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
services.mpd = {
enable = true;
group = "radio";
musicDirectory = "/home/radio/the_playlist/music";
extraConfig = ''
audio_output {
type "shout"
encoding "ogg"
name "my cool stream"
host "localhost"
port "8000"
mount "/radio.ogg"
# This is the source password in icecast.xml
password "${source-password}"
# Set either quality or bit rate
# quality "5.0"
bitrate "128"
format "44100:16:1"
# Optional Parameters
user "source"
# description "here is my long description"
# genre "jazz"
} # end of audio_output
'';
};
services.icecast = {
enable = true;
hostname = "config.krebs.build.host.name";
admin.password = admin-password;
extraConf = ''
<authentication>
<source-password>${source-password}</source-password>
</authentication>
'';
};
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
];
};
};
systemd.timers.radio = {
description = "radio autoadder timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:*";
};
};
systemd.services.radio = let
autoAdd = pkgs.writeDash "autoAdd" ''
LIMIT=$1 #in secconds
timeLeft () {
playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
expr ''${playlistDuration:-0} - ''${currentTime:-0}
}
if test $(timeLeft) -le $LIMIT; then
${add_random}/bin/add_random
fi
'';
in {
description = "radio playlist autoadder";
after = [ "network.target" ];
path = with pkgs; [
gawk
mpc_cli
];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${autoAdd} 100";
};
};
krebs.Reaktor = {
enable = true;
nickname = "the_playlist|r";
channels = [ "#the_playlist" ];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
};
plugins = with pkgs.ReaktorPlugins; [
(buildSimpleReaktorPlugin "skip" {
script = "${skip_track}/bin/skip_track";
pattern = "^skip$";
})
(buildSimpleReaktorPlugin "current" {
script = "${print_current}/bin/print_current";
pattern = "^current$";
})
];
};
krebs.nginx.servers."lassul.us".locations = let
html = pkgs.writeText "index.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>lassulus playlist</title>
</head>
<body>
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
<iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
</div>
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
</div>
<!-- page content -->
</body>
</html>
'';
in [
(nameValuePair "/the_playlist" ''
default_type "text/html";
alias ${html};
'')
];
}

5
lass/2configs/vim.nix
View File

@ -147,13 +147,8 @@ in {
vimrcConfig.vam.pluginDictionaries = [
{ names = [
"brogrammer"
"commentary"
"extradite"
"file-line"
"fugitive"
"Gundo"
"mustang2"
"unimpaired"
]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];

92
lass/2configs/websites/domsen.nix
View File

@ -1,35 +1,73 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
let
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
serveOwncloud
serveWordpress;
msmtprc = pkgs.writeText "msmtprc" ''
account prism
host localhost
account default: prism
'';
sendmail = pkgs.writeDash "msmtp" ''
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
in {
imports = [
../../3modules/static_nginx.nix
../../3modules/owncloud_nginx.nix
../../3modules/wordpress_nginx.nix
./sqlBackup.nix
(ssl [ "reich-gebaeudereinigung.de" ])
(servePage [ "reich-gebaeudereinigung.de" ])
(ssl [ "karlaskop.de" ])
(servePage [ "karlaskop.de" ])
(ssl [ "makeup.apanowicz.de" ])
(servePage [ "makeup.apanowicz.de" ])
(ssl [ "pixelpocket.de" ])
(servePage [ "pixelpocket.de" ])
(ssl [ "o.ubikmedia.de" ])
(serveOwncloud [ "o.ubikmedia.de" ])
(ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
(serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
];
lass.staticPage = {
"karlaskop.de" = {};
"makeup.apanowicz.de" = {};
"pixelpocket.de" = {};
"reich-gebaeudereinigung.de" = {};
lass.mysqlBackup.config.all.databases = [
"ubikmedia_de"
"o_ubikmedia_de"
];
users.users.domsen = {
uid = genid "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
extraGroups = [ "nginx" ];
createHome = true;
};
lass.owncloud = {
"o.ubikmedia.de" = {
instanceid = "oc8n8ddbftgh";
};
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
rootPassword = toString (<secrets/mysql_rootPassword>);
};
#lass.wordpress = {
# "ubikmedia.de" = {
# };
#};
#services.phpfpm.phpOptions = ''
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
# sendmail_path = ${sendmail} -t
#'';
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
sendmail_path = ${sendmail} -t -i"
'';
} ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
echo "$options" >> $out
'';
}

73
lass/2configs/websites/fritz.nix
View File

@ -1,33 +1,54 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
let
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
genid
head
nameValuePair
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
serveWordpress
;
in {
imports = [
../../3modules/static_nginx.nix
../../3modules/owncloud_nginx.nix
../../3modules/wordpress_nginx.nix
./sqlBackup.nix
(ssl [ "biostase.de" "www.biostase.de" ])
(serveWordpress [ "biostase.de" "www.biostase.de" ])
(ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
(ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
(ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
];
lass.staticPage = {
"biostase.de" = {};
"gs-maubach.de" = {};
"spielwaren-kern.de" = {};
"societyofsimtech.de" = {};
"ttf-kleinaspach.de" = {};
"edsn.de" = {};
"eab.berkeley.edu" = {};
"habsys.de" = {};
};
lass.mysqlBackup.config.all.databases = [
"biostase_de"
"eastuttgart_de"
"radical_dreamers_de"
"spielwaren_kern_de"
"ttf_kleinaspach_de"
];
#lass.owncloud = {
# "o.ubikmedia.de" = {
# instanceid = "oc8n8ddbftgh";
# };
#};
#services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = toString (<secrets/mysql_rootPassword>);
#};
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey
];
}

28
lass/2configs/websites/sqlBackup.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
{
krebs.secret.files.mysql_rootPassword = {
path = "${config.services.mysql.dataDir}/mysql_rootPassword";
owner.name = "root";
source-path = toString <secrets> + "/mysql_rootPassword";
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
systemd.services.mysql = {
requires = [ "secret.service" ];
after = [ "secret.service" ];
};
lass.mysqlBackup = {
enable = true;
config.all = {
password = toString (<secrets/mysql_rootPassword>);
};
};
}

229
lass/2configs/websites/util.nix Normal file
View File

@ -0,0 +1,229 @@
{ lib, pkgs, ... }:
with lib;
rec {
manageCerts = domains:
let
domain = head domains;
in {
security.acme = {
certs."${domain}" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/challenges/${domain}";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
];
group = "nginx";
allowKeysForGroup = true;
extraDomains = genAttrs domains (_: null);
};
};
krebs.nginx.servers."${domain}" = {
server-names = domains;
locations = [
(nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/${domain}/;
'')
];
};
};
ssl = domains:
{
imports = [
( manageCerts domains )
( activateACME (head domains) )
];
};
activateACME = domain:
{
krebs.nginx.servers.${domain} = {
ssl = {
enable = true;
certificate = "/var/lib/acme/${domain}/fullchain.pem";
certificate_key = "/var/lib/acme/${domain}/key.pem";
};
};
};
servePage = domains:
let
domain = head domains;
in {
krebs.nginx.servers.${domain} = {
server-names = domains;
locations = [
(nameValuePair "/" ''
root /srv/http/${domain};
'')
];
};
};
serveOwncloud = domains:
let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = {
server-names = domains;
extraConfig = ''
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Path to the root of your installation
root /srv/http/${domain}/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
'';
locations = [
(nameValuePair "/robots.txt" ''
allow all;
log_not_found off;
access_log off;
'')
(nameValuePair "~ ^/(build|tests|config|lib|3rdparty|templates|data)/" ''
deny all;
'')
(nameValuePair "~ ^/(?:autotest|occ|issue|indie|db_|console)" ''
deny all;
'')
(nameValuePair "/" ''
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
'')
(nameValuePair "~ \.php(?:$|/)" ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
fastcgi_intercept_errors on;
'')
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
(nameValuePair "~* \.(?:css|js)$" ''
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
'')
# Optional: Don't log access to other assets
(nameValuePair "~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$" ''
access_log off;
'')
];
};
services.phpfpm.poolConfigs."${domain}" = ''
listen = /srv/http/${domain}/phpfpm.pool
user = nginx
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
listen.owner = nginx
listen.group = nginx
# errors to journal
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'';
};
serveWordpress = domains:
let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = {
server-names = domains;
extraConfig = ''
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
'';
locations = [
(nameValuePair "/" ''
try_files $uri $uri/ /index.php?$args;
'')
(nameValuePair "~ \.php$" ''
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
#(nameValuePair "~ /\\." ''
# deny all;
#'')
#Directives to send expires headers and turn off 404 error logging.
(nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
access_log off;
log_not_found off;
expires max;
'')
];
};
services.phpfpm.poolConfigs."${domain}" = ''
listen = /srv/http/${domain}/phpfpm.pool
user = nginx
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
listen.owner = nginx
listen.group = nginx
# errors to journal
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'';
};
}

19
lass/2configs/websites/wohnprojekt-rhh.de.nix
View File

@ -1,14 +1,19 @@
{ config, ... }:
{ config, pkgs, lib, ... }:
{
let
inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
ssl
servePage
;
in {
imports = [
../../3modules/static_nginx.nix
( ssl [ "wohnprojekt-rhh.de" ])
( servePage [ "wohnprojekt-rhh.de" ])
];
lass.staticPage = {
"wohnprojekt-rhh.de" = {};
};
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;

1
lass/2configs/weechat.nix
View File

@ -16,6 +16,7 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
];
};

21
lass/2configs/xserver/default.nix
View File

@ -40,8 +40,8 @@ let
};
};
security.setuidPrograms = [
"slock"
krebs.per-user.lass.packages = [
pkgs.rxvt_unicode_with-plugins
];
systemd.services.display-manager.enable = false;
@ -52,7 +52,7 @@ let
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = xmonad-environment;
restartIfChanged = false;
restartIfChanged = true;
serviceConfig = {
ExecStart = "${xmonad-start}/bin/xmonad";
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
@ -82,12 +82,7 @@ let
# XXX JSON is close enough :)
XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
"cr"
"gm"
"ff"
"IM"
"mail"
"stockholm"
"dashboard"
]);
};
@ -96,6 +91,9 @@ let
set -efu
export PATH; PATH=${makeSearchPath "bin" ([
pkgs.rxvt_unicode
pkgs.i3lock
pkgs.pulseaudioLight
pkgs.xorg.xbacklight
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
@ -114,7 +112,8 @@ let
xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
#! /bin/sh
exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
${pkgs.xmonad-lass}/bin/xmonad --shutdown
${pkgs.coreutils}/bin/sleep 2s
'';
xserver-environment = {
@ -128,7 +127,7 @@ let
xserver = pkgs.writeScriptBin "xserver" ''
#! /bin/sh
set -efu
exec ${pkgs.xorg.xorgserver}/bin/X \
exec ${pkgs.xorg.xorgserver.out}/bin/X \
:${toString config.services.xserver.display} \
vt${toString config.services.xserver.tty} \
-config ${import ./xserver.conf.nix args} \

6
lass/3modules/default.nix
View File

@ -1,11 +1,11 @@
_:
{
imports = [
./xresources.nix
./ejabberd
./folderPerms.nix
./per-user.nix
./mysql-backup.nix
./urxvtd.nix
./xresources.nix
./wordpress_nginx.nix
./xresources.nix
];
}

93
lass/3modules/ejabberd/config.nix Normal file
View File

@ -0,0 +1,93 @@
{ config, ... }: with config.krebs.lib; let
cfg = config.lass.ejabberd;
# XXX this is a placeholder that happens to work the default strings.
toErlang = builtins.toJSON;
in toFile "ejabberd.conf" ''
{loglevel, 3}.
{hosts, ${toErlang cfg.hosts}}.
{listen,
[
{5222, ejabberd_c2s, [
starttls,
{certfile, ${toErlang cfg.certfile}},
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5280, ejabberd_http, [
captcha,
http_bind,
http_poll,
web_admin
]}
]}.
{s2s_use_starttls, required}.
{s2s_certfile, ${toErlang cfg.s2s_certfile}}.
{auth_method, internal}.
{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.
{max_fsm_queue, 1000}.
{acl, local, {user_regexp, ""}}.
{access, max_user_sessions, [{10, all}]}.
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
{access, local, [{allow, local}]}.
{access, c2s, [{deny, blocked},
{allow, all}]}.
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{access, s2s_shaper, [{fast, all}]}.
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.
{access, muc_create, [{allow, local}]}.
{access, muc, [{allow, all}]}.
{access, pubsub_createnode, [{allow, local}]}.
{access, register, [{allow, local}]}.
{language, "en"}.
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]},
{mod_blocking,[]},
{mod_caps, []},
{mod_configure,[]},
{mod_disco, []},
{mod_irc, []},
{mod_http_bind, []},
{mod_last, []},
{mod_muc, [
{access, muc},
{access_create, muc_create},
{access_persistent, muc_create},
{access_admin, muc_admin}
]},
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
{mod_ping, []},
{mod_privacy, []},
{mod_private, []},
{mod_pubsub, [
{access_createnode, pubsub_createnode},
{ignore_pep_from_offline, true},
{last_item_cache, false},
{plugins, ["flat", "hometree", "pep"]}
]},
{mod_register, [
{welcome_message, {"Welcome!",
"Hi.\nWelcome to this XMPP server."}},
{ip_access, [{allow, "127.0.0.0/8"},
{allow, "0.0.0.0/0"}]},
{access, register}
]},
{mod_roster, []},
{mod_shared_roster,[]},
{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_version, []}
]}.
''

57
lass/3modules/ejabberd/default.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
cfg = config.lass.ejabberd;
in {
options.lass.ejabberd = {
enable = mkEnableOption "lass.ejabberd";
certfile = mkOption {
type = types.str;
};
hosts = mkOption {
type = with types; listOf str;
};
pkgs.ejabberdctl = mkOption {
type = types.package;
default = pkgs.writeDashBin "ejabberdctl" ''
set -efu
export SPOOLDIR=${shell.escape cfg.user.home}
export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
exec ${pkgs.ejabberd}/bin/ejabberdctl \
--logs ${shell.escape cfg.user.home} \
--spool ${shell.escape cfg.user.home} \
"$@"
'';
};
s2s_certfile = mkOption {
type = types.str;
default = cfg.certfile;
};
user = mkOption {
type = types.user;
default = {
name = "ejabberd";
home = "/var/ejabberd";
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
systemd.services.ejabberd = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
PermissionsStartOnly = "true";
SyslogIdentifier = "ejabberd";
User = cfg.user.name;
ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
};
};
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
};
};
}

86
lass/3modules/mysql-backup.nix Normal file
View File

@ -0,0 +1,86 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.lass.mysqlBackup;
out = {
options.lass.mysqlBackup = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "mysqlBackup";
config = mkOption {
type = with types; attrsOf (submodule ({ config, ... }: {
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
};
startAt = mkOption {
type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
default = "*-*-* 01:15:00";
};
user = mkOption {
type = str;
default = "root";
};
password = mkOption {
type = nullOr str;
default = null;
description = ''
path to a file containing the mysqlPassword for the specified user.
'';
};
databases = mkOption {
type = listOf str;
default = [];
};
location = mkOption {
type = str;
default = "/bku/sql_dumps";
};
};
}));
description = "configuration for mysqlBackup";
};
};
imp = {
#systemd.timers =
# mapAttrs (_: plan: {
# wantedBy = [ "timers.target" ];
# timerConfig = plan.timerConfig;
#}) cfg.config;
systemd.services =
mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
path = with pkgs; [
mysql
gzip
];
serviceConfig = rec {
ExecStart = start plan;
SyslogIdentifier = ExecStart.name;
Type = "oneshot";
User = plan.user;
};
startAt = plan.startAt;
}) cfg.config;
};
start = plan: let
backupScript = plan: db:
"mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
${concatMapStringsSep "\n" (backupScript plan) plan.databases}
'';
in out

53
lass/3modules/per-user.nix
View File

@ -1,53 +0,0 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.lass.per-user;
out = {
options.lass.per-user = api;
config = imp;
};
api = mkOption {
type = with types; attrsOf (submodule {
options = {
packages = mkOption {
type = listOf path;
default = [];
};
};
});
default = {};
};
imp = {
#
# TODO only shellInit and use well-known paths
#
environment.shellInit = ''
if test -e ${user-profiles}/"$LOGNAME"; then
. ${user-profiles}/"$LOGNAME"
fi
'';
environment.interactiveShellInit = ''
if test -e ${user-profiles}/"$LOGNAME"; then
. ${user-profiles}/"$LOGNAME"
fi
'';
environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
};
user-profiles = pkgs.runCommand "user-profiles" {} ''
mkdir $out
${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
cat > $out/${logname} <<\EOF
${optionalString (length packages > 0) (
let path = makeSearchPath "bin" packages; in
''export PATH="$PATH":${escapeShellArg path}''
)}
EOF
'') cfg)}
'';
in out

2
lass/4lib/default.nix
View File

@ -2,7 +2,7 @@
with lib;
{
rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);

11
lass/5pkgs/acronym/default.nix
View File

@ -1,13 +1,16 @@
{ pkgs, ... }:
pkgs.writeScriptBin "acronym" ''
#! ${pkgs.bash}/bin/bash
acro=$1
curl -s http://www.acronymfinder.com/$acro.html \
| grep 'class="result-list__body__rank"' \
| sed 's/.*title="\([^"]*\)".*/\1/' \
| sed 's/^.* - //' \
| sed "s/&#39;/'/g"
| grep 'class="result-list__body__rank"' \
| sed '
s/.*title="\([^"]*\)".*/\1/
s/^.* - //
s/&#39;/'\'''/g
'
''

3
lass/5pkgs/default.nix
View File

@ -8,7 +8,10 @@
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
untilport = pkgs.callPackage ./untilport/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};

19
lass/5pkgs/mk_sql_pair/default.nix Normal file
View File

@ -0,0 +1,19 @@
{ pkgs, ... }:
pkgs.writeScriptBin "mk_sql_pair" ''
#!/bin/sh
name=$1
password=$2
if [ $# -ne 2 ]; then
echo '$1=name, $2=password'
exit 23;
fi
cat <<EOF
create database $name;
create user $name;
grant all on $name.* to $name@'localhost' identified by '$password';
EOF
''

18
lass/5pkgs/untilport/default.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, ... }:
pkgs.writeDashBin "untilport" ''
set -euf
usage() {
echo 'untiport $target $port'
echo 'Sleeps until the destinated port is reachable.'
echo 'ex: untilport google.de 80 && echo "google is now reachable"'
}
if [ $# -ne 2 ]; then
usage
else
until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
fi
''

21
lass/5pkgs/urban/default.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
pkgs.writeScriptBin "urban" ''
#!/bin/sh
set -euf
term=$1
curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \
| sed 's/<\/\?a\>[^>]*>//g' \
| sed 's/<\([^>]*\)>/\n<\1\n/g' \
| grep . \
| sed -n '/<div class=.meaning./,/<\/div/p' \
| sed 's/<div class=.meaning./-----/' \
| grep -v '^</div\>' \
| grep -v '^<br\>' \
| sed '
s/&quot;/"/g
s/&#39;/'\'''/g
s/&gt;/>/g
s/&lt;/>/g
'
''

163
lass/5pkgs/xmonad-lass/Main.hs
View File

@ -5,56 +5,37 @@
module Main where
import Control.Exception
import Text.Read (readEither)
import XMonad
import System.IO (hPutStrLn, stderr)
import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
import System.Posix.Process (executeFile)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
, removeEmptyWorkspace)
import XMonad.Actions.GridSelect
import XMonad.Actions.CycleWS (toggleWS)
--import XMonad.Actions.CopyWindow ( copy )
import XMonad.Layout.NoBorders ( smartBorders )
import qualified XMonad.StackSet as W
import Data.Map (Map)
import qualified Data.Map as Map
-- TODO import XMonad.Layout.WorkspaceDir
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
-- import XMonad.Layout.Tabbed
--import XMonad.Layout.MouseResizableTile
import XMonad.Layout.Reflect (reflectVert)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
import XMonad.Layout.PerWorkspace (onWorkspace)
--import XMonad.Layout.BinarySpacePartition
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
import XMonad.Prompt.Workspace
import Control.Exception
import Data.List (isInfixOf)
import System.Environment (getArgs, withArgs, getEnv)
import System.IO (hPutStrLn, stderr)
import Text.Read (readEither)
import XMonad.Actions.CopyWindow (copy, kill1)
import qualified Data.Map as M
import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
--import XMonad.Actions.Submap
import XMonad.Stockholm.Pager
import XMonad.Stockholm.Rhombus
import XMonad.Stockholm.Shutdown
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Prompt (autoComplete, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent)
import XMonad.Util.EZConfig (additionalKeysP)
myTerm :: String
myTerm = "urxvtc"
myRootTerm :: String
myRootTerm = "urxvtc -name root-urxvt -e su -"
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
@ -67,18 +48,12 @@ mainNoArgs :: IO ()
mainNoArgs = do
workspaces0 <- getWorkspaces0
xmonad'
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
-- $ withUrgencyHook borderUrgencyHook "magenta"
-- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
{ terminal = myTerm
, modMask = mod4Mask
, workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
, startupHook = spawn "echo emit XMonadStartup"
, normalBorderColor = "#1c1c1c"
@ -88,7 +63,7 @@ mainNoArgs = do
myLayoutHook = defLayout
where
defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1)
xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
@ -96,7 +71,7 @@ xmonad' conf = do
path <- getEnv "XMONAD_STATE"
try (readFile path) >>= \case
Right content -> do
hPutStrLn stderr ("resuming from " ++ path)
hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content)
withArgs ("--resume" : lines content) (xmonad conf)
Left e -> do
hPutStrLn stderr (displaySomeException e)
@ -118,19 +93,21 @@ displaySomeException :: SomeException -> String
displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
[ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f")
, ("M4-p", spawn "passmenu --type")
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 3")
, ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 3")
, ("M4-a", focusUrgent)
, ("M4-S-r", renameWorkspace defaultXPConfig)
, ("M4-S-a", addWorkspacePrompt defaultXPConfig)
, ("M4-S-r", renameWorkspace def)
, ("M4-S-a", addWorkspacePrompt def)
, ("M4-S-<Backspace>", removeEmptyWorkspace)
, ("M4-S-c", kill1)
, ("M4-<Esc>", toggleWS)
@ -139,66 +116,34 @@ myKeyMap =
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)
, ("M4-v", withWorkspace myXPConfig (windows . W.view))
, ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
, ("M4-C-v", withWorkspace myXPConfig (windows . copy))
, ("M4-v", withWorkspace autoXPConfig (windows . W.view))
, ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
-- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
-- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
-- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
, ("M4-m", withFocused minimizeWindow)
, ("M4-S-m", sendMessage RestoreNextMinimizedWin)
, ("M4-q", windowPromptGoto infixAutoXPConfig)
, ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)
--, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
, ("M4-S-q", return ())
]
myGSConfig = defaultGSConfig
{ gs_cellheight = 50
autoXPConfig :: XPConfig
autoXPConfig = def
{ autoComplete = Just 5000
}
infixAutoXPConfig :: XPConfig
infixAutoXPConfig = autoXPConfig
{ searchPredicate = isInfixOf
}
gridConfig :: GSConfig WorkspaceId
gridConfig = def
{ gs_cellwidth = 100
, gs_cellheight = 30
, gs_cellpadding = 2
, gs_navigate = navNSearch
, gs_font = myFont
}
myXPConfig :: XPConfig
myXPConfig = defaultXPConfig
{ autoComplete = Just 5000
}
myWSConfig = myGSConfig
{ gs_cellwidth = 50
}
pagerConfig :: PagerConfig
pagerConfig = def
{ pc_font = myFont
, pc_cellwidth = 64
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
--, pc_borderwidth = 1
--, pc_matchcolor = "#f0b000"
, pc_matchmethod = MatchPrefix
--, pc_colors = pagerWorkspaceColors
, pc_windowColors = windowColors
}
where
windowColors _ _ _ True _ = ("#ef4242","#ff2323")
windowColors wsf m c u wf = do
let y = defaultWindowColors wsf m c u wf
if m == False && wf == True
then ("#402020", snd y)
else y
wGSConfig :: GSConfig Window
wGSConfig = def
{ gs_cellheight = 20
, gs_cellwidth = 192
, gs_cellpadding = 5
, gs_font = myFont
, gs_navigate = navNSearch
}
(&) :: a -> (a -> c) -> c
(&) = flip ($)
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
allWorkspaceNames ws =
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]

52
lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
View File

@ -1,52 +0,0 @@
module Util.PerWorkspaceConfig
( WorkspaceConfig (..)
, WorkspaceConfigs
, switchToWorkspace
, defaultWorkspaceConfig
, perWorkspaceAction
, perWorkspaceTermAction
-- , myLayoutHack
)
where
import XMonad
import XMonad.Core (LayoutClass)
import Control.Monad (when)
import qualified Data.Map as M
import qualified XMonad.StackSet as W
data WorkspaceConfig l =
WorkspaceConfig
{ switchAction :: X ()
, startAction :: X ()
, keyAction :: X ()
, termAction :: X ()
}
type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
defaultWorkspaceConfig = WorkspaceConfig
{ switchAction = return ()
, startAction = return ()
, keyAction = return ()
, termAction = spawn "urxvtc"
}
whenLookup wsId cfg a =
when (M.member wsId cfg) (a $ cfg M.! wsId)
switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
switchToWorkspace cfg wsId = do
windows $ W.greedyView wsId
wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
when (null wins) $ whenLookup wsId cfg startAction
whenLookup wsId cfg switchAction
perWorkspaceAction :: WorkspaceConfigs l -> X ()
perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
Just x -> termAction x
_ -> termAction defaultWorkspaceConfig

4
makefu/1systems/gum.nix
View File

@ -41,6 +41,8 @@ in {
];
};
makefu.taskserver.enable = true;
krebs.nginx.servers.cgit = {
server-names = [ "cgit.euer.krebsco.de" ];
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@ -86,6 +88,8 @@ in {
21032
# tinc-retiolum
21031
# taskserver
53589
];
allowedUDPPorts = [
# tinc

30
makefu/1systems/pornocauster.nix
View File

@ -26,6 +26,7 @@
# services
../2configs/git/brain-retiolum.nix
../2configs/tor.nix
../2configs/steam.nix
# ../2configs/buildbot-standalone.nix
# hardware specifics are in here
@ -35,23 +36,36 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
../2configs/nginx/public_html.nix
# temporary modules
# ../2configs/temp/share-samba.nix
# ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
];
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
servers.default.server-names = [ "_" ];
};
krebs.retiolum.enable = true;
# steam
hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
virtualisation.docker.enable = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
25
80
];
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowedUDPPorts = [ 665 ];
krebs.build.host = config.krebs.hosts.pornocauster;
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
krebs.retiolum = {
enable = true;
connectTo = [ "omo" "gum" "prism" ];
};
networking.extraHosts = ''
192.168.1.11 omo.local
'';
}

26
makefu/1systems/vbob.nix
View File

@ -1,9 +1,7 @@
#
#
#
{ lib, config, pkgs, ... }:
{
krebs.build.host = config.krebs.hosts.vbob;
makefu.awesome.modkey = "Mod1";
imports =
[ # Include the results of the hardware scan.
../.
@ -19,6 +17,10 @@
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";
};
fileSystems."/var/lib/docker" = {
device ="/dev/disk/by-label/nix-docker";
fsType = "ext4";
};
#makefu.buildbot.master.enable = true;
# allow vbob to deploy self
users.extraUsers = {
@ -28,11 +30,14 @@
};
environment.systemPackages = with pkgs;[
fortclientsslvpn
buildbot
buildbot-slave
get
logstash
docker
devpi-web
devpi-client
];
# virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
25
@ -42,18 +47,21 @@
krebs.retiolum = {
enable = true;
extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
connectTo = [
"omo"
"gum"
];
};
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
networking.extraHosts = ''
172.17.20.190 gitlab
172.17.62.27 svbittool01 tool
'';
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = "rw,uid=9001,gid=9001";
options = [ "rw" "uid=9001" "gid=9001" ];
};
}

10
makefu/2configs/base-gui.nix
View File

@ -14,7 +14,6 @@
with config.krebs.lib;
let
mainUser = config.krebs.build.user.name;
awesomecfg = pkgs.awesomecfg.full;
in
{
imports = [ ];
@ -36,14 +35,7 @@ in
};
# lid switch is handled via button presses
services.logind.extraConfig = mkDefault "HandleLidSwitch=ignore";
nixpkgs.config.packageOverrides = pkgs: rec {
awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
postFixup = ''
cp ${awesomecfg} $out/etc/xdg/awesome/rc.lua
'';
});
};
makefu.awesome.enable = true;
i18n.consoleFont = "Lat2-Terminus16";
fonts = {

8
makefu/2configs/default.nix
View File

@ -22,7 +22,7 @@ with config.krebs.lib;
source = mapAttrs (_: mkDefault) {
nixpkgs = {
url = https://github.com/nixos/nixpkgs;
rev = "40c586b7ce2c559374df435f46d673baf711c543"; # unstable @ 2016-02-27, tested on wry
rev = "63b9785"; # stable @ 2016-06-01
};
secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
stockholm = "/home/makefu/stockholm";
@ -75,7 +75,7 @@ with config.krebs.lib;
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
nix.nixPath = [ "/var/src" ];
environment.variables = {
NIX_PATH = mkForce "/var/src";
EDITOR = mkForce "vim";
@ -126,6 +126,7 @@ with config.krebs.lib;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
tinc = pkgs.tinc_pre;
gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; };
};
services.cron.enable = false;
@ -138,6 +139,9 @@ with config.krebs.lib;
"time.apple.com"
"time.nist.gov"
];
nix.extraOptions = ''
auto-optimise-store = true
'';
security.setuidPrograms = [ "sendmail" ];
services.journald.extraConfig = ''

3
makefu/2configs/exim-retiolum.nix
View File

@ -2,9 +2,10 @@
with config.krebs.lib;
{
networking.firewall.allowedTCPPorts = [ 25 ];
krebs.exim-retiolum.enable = true;
environment.systemPackages = with pkgs; [
msmtp
];
}

3
makefu/2configs/git/cgit-retiolum.nix
View File

@ -15,6 +15,9 @@ let
tinc_graphs = {
desc = "Tinc Advanced Graph Generation";
};
stockholm-init = {
desc = "Build new Stockholm hosts";
};
cac-api = { };
init-stockholm = {
desc = "Init stuff for stockholm";

8
makefu/2configs/hw/tp-x220.nix
View File

@ -4,8 +4,10 @@ with config.krebs.lib;
{
imports = [ ./tp-x2x0.nix ];
boot.kernelModules = [ "kvm-intel" ];
boot = {
kernelModules = [ "kvm-intel" "acpi_call" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
};
services.xserver = {
videoDriver = "intel";
@ -15,6 +17,8 @@ with config.krebs.lib;
'';
};
security.rngd.enable = true;
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2

26
makefu/2configs/omo-share.nix
View File

@ -13,6 +13,16 @@ in {
omo-share = {
listen = [ "${local-ip}:80" ];
locations = singleton (nameValuePair "/" ''
access_log off;
# sendfile off;
# tcp_nopush on;
# aio on;
sendfile on;
sendfile_max_chunk 512k;
directio 512;
aio threads;
mp4;
autoindex on;
root /media;
limit_rate_after 100m;
@ -24,7 +34,6 @@ in {
keepalive_timeout 65;
keepalive_requests 200;
reset_timedout_connection on;
sendfile on;
tcp_nopush on;
gzip off;
'');
@ -48,7 +57,6 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
emu = {
path = "/media/crypt1/emu";
"read only" = "yes";
@ -61,6 +69,20 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
crypt0-rw = {
path = "/media/crypt0/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "makefu";
};
crypt1-rw = {
path = "/media/crypt1/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "makefu";
};
};
extraConfig = ''
guest account = smbguest

6
makefu/2configs/steam.nix Normal file
View File

@ -0,0 +1,6 @@
{pkgs, ...}:
{
environment.systemPackages = [ pkgs.steam ];
hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true;
}

28
makefu/2configs/temp-share-samba.nix Normal file
View File

@ -0,0 +1,28 @@
{config, ... }:{
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/var/empty";
};
services.samba = {
enable = true;
shares = {
share-home = {
path = "/home/share/";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
}

40
makefu/3modules/awesome-extra.nix Normal file
View File

@ -0,0 +1,40 @@
{config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.makefu.awesome;
out = {
options.makefu.awesome = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "awesome custom config";
modkey = mkOption {
type = types.str;
description = "Modkey to be used";
default = "Mod4";
};
baseConfig = mkOption {
type = types.path;
description = ''
rc.lua file to be used as default
This module will use substituteAll to replace strings before writing to
/etc/xdg/awesome/rc.lua
'';
default = pkgs.awesomecfg.full;
};
};
imp = {
# TODO: configure display manager as well
nixpkgs.config.packageOverrides = pkgs: rec {
awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : {
postFixup = let
rclua = pkgs.substituteAll {
src = cfg.baseConfig;
inherit (cfg) modkey;
};
in "cp ${rclua} $out/etc/xdg/awesome/rc.lua";
});
};
};
in out

2
makefu/3modules/default.nix
View File

@ -4,6 +4,8 @@ _:
imports = [
./snapraid.nix
./umts.nix
./taskserver.nix
./awesome-extra.nix
];
}

60
makefu/3modules/taskserver.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.makefu.taskserver;
out = {
options.makefu.taskserver = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "taskserver";
workingDir = mkOption {
type = types.str;
default = "/var/lib/taskserver";
};
package = mkOption {
type = types.package;
default = pkgs.taskserver;
};
};
imp = {
environment.systemPackages = [ cfg.package ];
systemd.services.taskserver = {
description = "taskd server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
unitConfig = {
Documentation = "http://taskwarrior.org/docs/#taskd" ;
# https://taskwarrior.org/docs/taskserver/configure.html
ConditionPathExists = "${cfg.workingDir}/config";
};
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
WorkingDirectory = cfg.workingDir;
PrivateTmp = true;
InaccessibleDirectories = "/home /boot /opt /mnt /media";
User = "taskd";
};
};
users.users.taskd = {
uid = genid "taskd";
home = cfg.workingDir;
createHome = true;
};
users.groups.taskd.gid = genid "taskd";
};
in
out

12
makefu/5pkgs/awesomecfg/full.cfg
View File

@ -83,13 +83,11 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0")
-- {{{ Variable definitions
-- Themes define colours, icons, and wallpapers
-- beautiful.init("/usr/share/awesome/themes/default/theme.lua")
-- ./qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/lib/beautiful.lua
--
-- @awesome@/share/awesome/lib/beautiful.lua
-- beautiful.init("@awesome@/share/awesome/themes/default/theme.lua")
-- Find the default theme
--
-- beautiful.init("/nix/store/qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/themes/default/theme.lua")
function find_default_theme()
-- find the default lua theme in the package path
for path in package.path:gmatch('([^;]+);') do
@ -115,7 +113,7 @@ browser = "firefox"
-- If you do not like this or do not have such a key,
-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
-- However, you can use another modifier like Mod1, but it may interact with others.
modkey = "Mod4"
modkey = "@modkey@"
-- Table of layouts to cover with awful.layout.inc, order matters.
local layouts =

5
makefu/5pkgs/default.nix
View File

@ -9,8 +9,11 @@ in
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
inherit (callPackage ./devpi {}) devpi-web devpi-server;
skytraq-logger = callPackage ./skytraq-logger/ {};
taskserver = callPackage ./taskserver {};
};
}

70
makefu/5pkgs/devpi/default.nix Normal file
View File

@ -0,0 +1,70 @@
{ pkgs ? import <nixpkgs> {} }:
with pkgs.stdenv.lib;
let
execnet14 = pkgs.python3Packages.buildPythonPackage rec {
name = "execnet-1.4.1";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/e/execnet/${name}.tar.gz";
sha256 = "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn";
};
propagatedBuildInputs = with pkgs.python3Packages;
[ setuptools_scm apipkg ];
meta = {
description = "rapid multi-Python deployment";
license = licenses.gpl2;
};
};
devpi-web = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-web";
version = "3.0.0";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/d/devpi-web/devpi-web-${version}.tar.gz";
sha256 = "156abxyhj17a8cg38hpyr31qkjb61mb2kggsxij4p4xvy9jwkbwi";
};
propagatedBuildInputs = with pkgs.python3Packages;
[ devpi-server pyramid_chameleon beautifulsoup4 Whoosh defusedxml ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
description = "a web view for devpi-server";
license = licenses.mit;
maintainers = with maintainers; [ makefu ];
};
};
devpi-server = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-server";
version = "3.0.2";
# original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to
# `.devpi-server-wrapped` which
# results in "not existing devpi-server: 'devpi-server'"
postFixup = "";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/d/devpi-server/devpi-server-${version}.tar.gz";
sha256 = "14r1024i3x2pb72khyzvi56sh9smpdswmrbc88xvjxnalmzfn99d";
};
propagatedBuildInputs = with pkgs.python3Packages;
[ devpi-common execnet14 itsdangerous pluggy waitress pyramid ];
buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
description = "Devpi Server";
license = licenses.mit;
maintainers = with maintainers; [ makefu ];
};
};
in {
inherit devpi-server;
devpi-web = pkgs.python3.buildEnv.override {
extraLibs = [ devpi-web devpi-server ];
};
}

31
makefu/5pkgs/skytraq-logger/default.nix Normal file
View File

@ -0,0 +1,31 @@
{ stdenv, lib, pkgs, fetchFromGitHub, ... }:
stdenv.mkDerivation rec {
name = "skytraq-datalogger-${version}";
version = "4966a8";
src = fetchFromGitHub {
owner = "makefu";
repo = "skytraq-datalogger";
rev = version ;
sha256 = "1qaszrs7638kc9x4qq4m1yxqmk8jw7wajywvdk4wc2i007p89v3y";
};
buildFlags = "CC=gcc";
makeFlags = "PREFIX=bin/ DESTDIR=$(out)";
preInstall = ''
mkdir -p $out/bin
'';
#patchPhase = ''
# sed -i -e 's#/usr/bin/gcc#gcc#' -e Makefile
#'';
buildInputs = with pkgs;[
curl
gnugrep
];
meta = {
homepage = http://github.com/makefu/skytraq-datalogger;
description = "datalogger for skytraq";
license = lib.licenses.gpl2;
};
}

43
makefu/5pkgs/taskserver/default.nix Normal file
View File

@ -0,0 +1,43 @@
{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
stdenv.mkDerivation rec {
name = "taskserver-${version}";
version = "1.1.0";
enableParallelBuilding = true;
src = fetchurl {
url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
};
patchPhase = ''
pkipath=$out/share/taskd/pki
mkdir -p $pkipath
cp -r pki/* $pkipath
echo "patching paths in pki/generate"
sed -i "s#^\.#$pkipath#" $pkipath/generate
for f in $pkipath/generate* ;do
i=$(basename $f)
echo patching $i
sed -i \
-e 's/which/type -p/g' \
-e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
echo wrapping $i
makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \
--prefix PATH : ${gnutls}/bin/
done
'';
buildInputs = [ makeWrapper ];
nativeBuildInputs = [ cmake libuuid gnutls ];
meta = {
description = "Server for synchronising Taskwarrior clients";
homepage = http://taskwarrior.org;
license = stdenv.lib.licenses.mit;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
};
}