diff --git a/default.nix b/default.nix index 52e8924cd..cab55d40a 100644 --- a/default.nix +++ b/default.nix @@ -3,3 +3,20 @@ import { (import "NIXOS_CONFIG" ) ]; } +// +{ + lib = import ./lib; + systems = with import ./lib; let + ns = getEnv "LOGNAME"; + in + genAttrs + (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) + (name: let + config = import ( + "/${ns}/1systems/${name}/config.nix"); + source = import ( + "/${ns}/1systems/${name}/source.nix"); + in import { + modules = [ config ]; + } // { + inherit source; + }); +} diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 8a3090a49..c9a7a34e2 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -1,42 +1,19 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, lib, pkgs, ... }: # bln config file { imports = - [ # Include the results of the hardware scan. - + [ + ./hardware-configuration.nix - # ./dcso-vpn.nix ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + jeschliFontSize = 20; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.extraEntries = '' - menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { - search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 - linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro - initrd ($drive1)/initrd.img-4.9.0-4-amd64 - } - ''; - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; - preLVM = true; - allowDiscards = true; - } - ]; + environment.shellAliases = { n = "nix-shell"; gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; @@ -46,23 +23,13 @@ LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' ''; }; - networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. + networking.hostName = lib.mkForce "BLN02NB0232"; networking.networkmanager.enable = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; # Set your time zone. time.timeZone = "Europe/Berlin"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget + # Setup Packages nixpkgs.config.allowUnfree = true; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ @@ -85,7 +52,7 @@ emacs # databases sqlite - # internet + # internet thunderbird hipchat chromium @@ -114,79 +81,44 @@ ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. services.xserver.enable = true; - # services.xserver.xrandrHeads = [ - # { output = "eDP1"; } - # { output = "DP-2-2-8"; primary = true; } - # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } - # ]; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; + services.xserver.videoDrivers = [ "nvidia" ]; - # Enable touchpad support. - # services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. -# services.xserver.displayManager.lightdm.enable = true; services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; -# services.xserver.desktopManager.gnome3.enable = true; - # services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.sddm.enable = true; - #services.xserver.desktopManager.plasma5.enable = true; -# services.xserver.displayManager.sessionCommands = '' -# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off -#''; + services.xserver.dpi = 100; + fonts.fontconfig.dpi = 100; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.markus = { + users.extraUsers.jeschli = { isNormalUser = true; - extraGroups = ["docker"]; + extraGroups = ["docker" "vboxusers"]; uid = 1000; }; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - + system.stateVersion = "17.09"; # Gogland Debugger workaround -# nixpkgs.config.packageOverrides = super: { -# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { -# postFixup = '' -# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" -# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# ''; -# }); -# }; + # nixpkgs.config.packageOverrides = super: { + # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { + # postFixup = '' + # interp="$(cat $NIX_CC/nix-support/dynamic-linker)" + # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # ''; + # }); + # }; -# virtualisation.docker.enable = true; - + virtualisation.docker.enable = true; # DCSO Certificates security.pki.certificateFiles = [ @@ -197,7 +129,7 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - ]; + ]; hardware.bluetooth.enable = true; krebs.build.host = config.krebs.hosts.bln; diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 714162271..b774bfc19 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, ... }: { @@ -8,27 +5,29 @@ [ ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d"; + fileSystems."/" = - { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; - fsType = "ext2"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/927E-01A0"; + fsType = "vfat"; }; swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 4; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "powersave"; } diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index 83640801f..699a85b58 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -10,6 +10,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.bolide; diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index eb2bb11d2..1203720a5 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.brauerei; diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix new file mode 100644 index 000000000..d9e6c854a --- /dev/null +++ b/jeschli/2configs/emacs.nix @@ -0,0 +1,77 @@ +{ config, pkgs, ... }: + +let + packageRepos = '' + (require 'package) ;; You might already have this line + (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) + ) + (when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + (package-initialize) + ''; + evilMode = '' + ;; Evil Mode + (add-to-list 'load-path "~/.emacs.d/evil") + (require 'evil) + (evil-mode 1) + (require 'evil-org) + (add-hook 'org-mode-hook 'evil-org-mode) + (evil-org-set-key-theme '(navigation insert textobjects additional calendar)) + (require 'evil-org-agenda) + (evil-org-agenda-set-keys) + ''; + windowCosmetics = '' + (tool-bar-mode -1) ; Disable the button bar atop screen + (scroll-bar-mode -1) ; Disable scroll bar + (setq inhibit-startup-screen t) ; Disable startup screen with graphics + (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs + (setq tab-width 2) ; Four spaces is a tab + (setq visible-bell nil) ; Disable annoying visual bell graphic + (setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; + orgMode = '' + (add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) + (global-set-key "\C-cl" 'org-store-link) + (global-set-key "\C-ca" 'org-agenda) + (global-set-key "\C-cb" 'org-iswitchb) + (if (boundp 'org-user-agenda-files) + (setq org-agenda-files org-user-agenda-files) + (setq org-agenda-files (quote ("~/projects/notes"))) + ) + ''; + emacsFile = '' + ${packageRepos} + ${windowCosmetics} + (custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) + ${orgMode} + ''; + dotEmacs = pkgs.writeText "dot-emacs" emacsFile; + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + epkgs.melpaStablePackages.magit + epkgs.melpaPackages.mmm-mode + epkgs.melpaPackages.nix-mode + epkgs.melpaPackages.go-mode + ]); + myEmacs = pkgs.writeDashBin "my-emacs" '' + exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" + ''; +in { + environment.systemPackages = [ + myEmacs + ]; +} diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix index b2cb851a1..c9bb8c41f 100644 --- a/jeschli/2configs/virtualbox.nix +++ b/jeschli/2configs/virtualbox.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let - mainUser = config.users.extraUsers.markus; + mainUser = config.users.extraUsers.jeschli; in { #services.virtualboxHost.enable = true; diff --git a/jeschli/source.nix b/jeschli/source.nix index fe1de8fd1..29cf9d818 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -13,10 +13,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "0653b73"; - }; + nixpkgs = (import host).nixpkgs; secrets.file = getAttr builder { buildbot = toString ; jeschli = "${getEnv "HOME"}/secrets/${name}"; diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 5ea78f227..d85cde175 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -5,6 +5,5 @@ with import ; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); - krebs.ci.tests = [ "deploy" ]; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e269d1fa1..0c3e68c39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,7 +89,7 @@ with import ; 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx -all + 60 IN TXT v=spf1 mx a:lassul.us -all cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} @@ -618,6 +618,47 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; + cabal = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.4"; + ip6.addr = "42::1:4"; + aliases = [ + "cabal.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A + SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj + rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK + qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e + LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq + rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 + 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE + fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v + yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A + kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR + KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi + TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U + oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs + TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw + 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD + rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ + 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf + luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py + w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG + 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 + K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g + ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; + }; }; users = { lass = { diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 8f71a357f..5fbfe6614 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,8 +1,11 @@ { config, ... }: with import ; let - nixos-version-id = "${config.system.nixosVersion}"; - nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-version-id = if (hasAttr "nixos" config.system) then + "${config.system.nixos.version}" else "${config.system.nixosVersion}"; + nixos-codeName = if (hasAttr "nixos" config.system) then + "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}"; + nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py index da8e2f726..51ac7a071 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -18,20 +18,27 @@ def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) + line = argv[1] if is_regex(line): last = d.get(usr, None) if last: from subprocess import Popen, PIPE - p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE) so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex: {}".format(se.decode())) + print("something went wrong when trying to process your regex: {}".format(line.strip())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) - if ret: - d[usr] = ret + if len(ret) > 512: + print('message to long, skipped') + elif len(ret.split('\n')) > 5: + print('to many lines, skipped') + else: + if last.strip() != ret.strip(): + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + if ret: + d[usr] = ret else: print("no last message") diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 9eeccee64..3cb691f53 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,16 +2,15 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.14"; + version = "0.8.16"; namePrefix = ""; patches = []; src = fetchFromGitHub { owner = "krebscode"; repo = "buildbot-classic"; - # rev = "v${version}"; - rev = "843463911"; - sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd"; + rev = version; + sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix deleted file mode 100644 index e51136c60..000000000 --- a/krebs/5pkgs/simple/electron-cash/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ stdenv, fetchFromGitHub, python2Packages }: - -python2Packages.buildPythonApplication rec { - name = "electron-cash-${src.rev}"; - - src = fetchFromGitHub { - owner = "fyookball"; - repo = "electrum"; - rev = "a2245ea"; - sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv"; - }; - - propagatedBuildInputs = with python2Packages; [ - dns - ecdsa - jsonrpclib - pbkdf2 - pyaes - pycrypto - pyqt4 - pysocks - qrcode - requests - tlslite - - # plugins - keepkey - trezor - ]; - - preBuild = '' - sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py - pyrcc4 icons.qrc -o gui/qt/icons_rc.py - # Recording the creation timestamps introduces indeterminism to the build - sed -i '/Created: .*/d' gui/qt/icons_rc.py - ''; - - postInstall = '' - # Despite setting usr_share above, these files are installed under - # $out/nix ... - mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out - rm -rf $out/lib/python2.7/site-packages/nix - - substituteInPlace $out/share/applications/electron.desktop \ - --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" - ''; - - doInstallCheck = true; - installCheckPhase = '' - $out/bin/electrum help >/dev/null - ''; - - meta = with stdenv.lib; { - description = "A lightweight Bitcoin wallet"; - longDescription = '' - An easy-to-use Bitcoin client featuring wallets generated from - mnemonic seeds (in addition to other, more advanced, wallet options) - and the ability to perform transactions without downloading a copy - of the blockchain. - ''; - homepage = https://electrum.org/; - license = licenses.mit; - }; -} diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index a48fc0f87..1939bf854 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,8 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils + # TODO remove if everyone migrated to 18.03 + (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) coreutils gcc ])} diff --git a/krebs/source.nix b/krebs/source.nix index 7e0ea7e47..1f83d29f7 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27 + ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; # nixos-18.03 # 2018-04-02 }; } override diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix new file mode 100644 index 000000000..7eba86c52 --- /dev/null +++ b/lass/1systems/cabal/config.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.cabal; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix new file mode 100644 index 000000000..5d9507f3d --- /dev/null +++ b/lass/1systems/cabal/source.nix @@ -0,0 +1,4 @@ +import { + name = "cabal"; + secure = true; +} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4d99cb2c..e64cfbe79 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,7 @@ with import ; ]; services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal ''; networking.hostName = lib.mkForce "BLN02NB0162"; @@ -168,8 +168,6 @@ with import ; '') ]; - lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; - programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6ca980155..f77bc64c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -170,31 +170,11 @@ with import ; export PATH=${makeBinPath [ pkgs.bash pkgs.coreutils - pkgs.nix - (pkgs.writeDashBin "is-git-crypt-locked" '' - magic=$(dd status=none if="$1" skip=1 bs=1 count=8) - test "$magic" = GITCRYPT - '') + pkgs.nixUnstable ]} cd ~/stockholm export SYSTEM="$1" - if is-git-crypt-locked ~/secrets/ready; then - echo 'secrets are crypted' >&2 - exit 23 - else - exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' - fi - ''; - predeploy = pkgs.writeDash "predeploy" '' - set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nix - ]} - cd ~/stockholm - export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; }; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2b7a5c924..ed179ded6 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -2,6 +2,7 @@ with import ; let user = config.krebs.build.user; + xmonad-lass = pkgs.callPackage { inherit config; }; in { imports = [ ./mpv.nix @@ -84,7 +85,6 @@ in { powertop push rxvt_unicode_with-plugins - screengrab slock sxiv timewarrior @@ -99,6 +99,7 @@ in { zathura cabal2nix + xephyrify ]; fonts.fonts = with pkgs; [ @@ -129,7 +130,6 @@ in { }; systemd.user.services.xmonad = { - #wantedBy = [ "graphical-session.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; RXVT_SOCKET = "%t/urxvtd-socket"; @@ -137,8 +137,8 @@ in { }; serviceConfig = { SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + ExecStart = "${xmonad-lass}/bin/xmonad"; + ExecStop = "${xmonad-lass}/bin/xmonad --shutdown"; }; restartIfChanged = false; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,59 +21,32 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createUser = script: name: groups: precedence: dpi: + { + lass.xjail.${name} = { + inherit script groups dpi; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; - }; - lass.browser.paths.${name} = { - path = bin; - inherit precedence; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; - }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; - #TODO: abstract this + createFirefoxUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; + + createQuteUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in { @@ -110,12 +83,13 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4335c7cab..4455d2761 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -11,7 +11,6 @@ with import ; primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" - "aidsballs.de" ]; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors @@ -70,6 +69,16 @@ with import ; { from = "aws@lassul.us"; to = lass.mail; } { from = "reddit@lassul.us"; to = lass.mail; } { from = "banggood@lassul.us"; to = lass.mail; } + { from = "immoscout@lassul.us"; to = lass.mail; } + { from = "gmail@lassul.us"; to = lass.mail; } + { from = "amazon@lassul.us"; to = lass.mail; } + { from = "humblebundle@lassul.us"; to = lass.mail; } + { from = "meetup@lassul.us"; to = lass.mail; } + { from = "gebfrei@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "ovh@lassul.us"; to = lass.mail; } + { from = "hetzner@lassul.us"; to = lass.mail; } + { from = "allygator@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index c6866c69d..81db59617 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -8,6 +8,16 @@ let logfile ~/.msmtp.log account prism host prism.r + account c-base + from lassulus@c-base.org + host c-mail.c-base.org + port 465 + tls on + tls_starttls off + tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4 + auth on + user lassulus + passwordeval pass show c-base/pass account default: prism ''; @@ -22,25 +32,52 @@ let mailboxes = { c-base = [ "to:c-base.org" ]; + coins = [ + "to:btce@lassul.us" + "to:coinbase@lassul.us" + "to:polo@lassul.us" + "to:bitwala@lassul.us" + "to:payeer@lassul.us" + "to:gatehub@lassul.us" + "to:bitfinex@lassul.us" + "to:binance@lassul.us" + "to:bitcoin.de@lassul.us" + "to:robinhood@lassul.us" + ]; dezentrale = [ "to:dezentrale.space" ]; - kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" ]; + dhl = [ "to:dhl@lassul.us" ]; + eloop = [ "to:eloop.org" ]; + github = [ "to:github@lassul.us" ]; + gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; + lugs = [ "to:lugs@lug-s.org" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ]; patreon = [ "to:patreon@lassul.us" ]; - security = [ "to:seclists.org" "to:security" "to:bugtraq" ]; + paypal = [ "to:paypal@lassul.us" ]; + ptl = [ "to:ptl@posttenebraslab.ch" ]; + retiolum = [ "to:lass@mors.r" ]; + security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ]; shack = [ "to:shackspace.de" ]; + steam = [ "to:steam@lassul.us" ]; + tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ]; wireguard = [ "to:wireguard@lists.zx2c4" ]; + zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ]; }; - tag-mails = pkgs.writeDashBin "nm-init-tag" '' + tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} ''; + tag-old-mails = pkgs.writeDashBin "nm-tag-old" '' + ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ''; + muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes - set pgp_sign_as = 0x976A7E4D + set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes set crypt_replyencrypt = yes set crypt_verify_sig = yes @@ -158,7 +195,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ '') pkgs.neomutt ]; @@ -170,6 +207,7 @@ in { mutt pkgs.much pkgs.notmuch - tag-mails + tag-new-mails + tag-old-mails ]; } diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix index 33e8d1e46..e0a086421 100644 --- a/lass/2configs/privoxy.nix +++ b/lass/2configs/privoxy.nix @@ -3,10 +3,5 @@ { services.privoxy = { enable = true; - extraConfig = '' - #use polipo - forward / localhost:8123 - ''; }; - services.polipo.enable = true; } diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix index c3d07d5fe..537c8a59b 100644 --- a/lass/2configs/security-workarounds.nix +++ b/lass/2configs/security-workarounds.nix @@ -5,6 +5,4 @@ with import ; boot.extraModprobeConfig = '' install dccp /run/current-system/sw/bin/false ''; - - boot.kernelPackages = pkgs.linuxPackages_latest; } diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d196057..8171def2d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = { diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9ece2af77..7a72499c9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -49,6 +49,7 @@ in { "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" + "www.joemisch.com" "www.weirdwednesday.de" "aldona2.ubikmedia.de" @@ -63,6 +64,7 @@ in { "weirdwednesday.ubikmedia.de" "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" + "crypto4art.ubikmedia.de" ]) ]; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index aa57a9857..14d6ce9ec 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,9 +12,8 @@ let ; msmtprc = pkgs.writeText "msmtprc" '' - account localhost + account default host localhost - account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd77b2262..0c10e1ec2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xjail.nix ./xserver ]; } diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index e16ce9868..29c3861f2 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -14,7 +14,7 @@ let enable = mkEnableOption "screenlock"; command = mkOption { type = types.str; - default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; }; }; @@ -28,7 +28,7 @@ let serviceConfig = { SyslogIdentifier = "screenlock"; ExecStart = cfg.command; - Type = "forking"; + Type = "simple"; User = "lass"; }; }; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix new file mode 100644 index 000000000..325ebcc99 --- /dev/null +++ b/lass/3modules/xjail.nix @@ -0,0 +1,164 @@ +{ config, pkgs, lib, ... }: + +with import ; +{ + options.lass.xjail = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + name = mkOption { + type = types.string; + default = config._module.args.name; + }; + user = mkOption { + type = types.string; + default = config.name; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + from = mkOption { + type = types.string; + default = "lass"; + }; + display = mkOption { + type = types.string; + default = toString (genid_signed config._module.args.name); + }; + dpi = mkOption { + type = types.int; + default = 90; + }; + extraXephyrArgs = mkOption { + type = types.str; + default = ""; + }; + extraVglrunArgs = mkOption { + type = types.str; + default = ""; + }; + script = mkOption { + type = types.path; + default = pkgs.writeScript "echo_lol" "echo lol"; + }; + wm = mkOption { + #TODO find type + type = types.string; + default = "${pkgs.writeHaskell "xephyrify-xmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + , handleEventHook = myEventHook + } + + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }}/bin/xmonad"; + }; + }; + })); + default = {}; + }; + + options.lass.xjail-bins = mkOption { + type = types.attrsOf types.path; + }; + + # implementation + config = let + scripts = mapAttrs' (name: cfg: + let + newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' + DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo using existing xephyr + ${sudo_} "$@" + else + echo starting new xephyr + ${xephyr_} "$@" + fi + ''; + xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' + ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & + XEPHYR_PID=$! + DISPLAY=:${cfg.display} ${cfg.wm} & + WM_PID=$! + ${sudo_} "$@" + ${pkgs.coreutils}/bin/kill $WM_PID + ${pkgs.coreutils}/bin/kill $XEPHYR_PID + ''; + sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" + ''; + vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' + DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" + ''; + in nameValuePair name { + existing = newOrExisting; + xephyr = xephyr_; + sudo = sudo_; + vglrun = vglrun_; + } + ) config.lass.xjail; + in { + + users.users = mapAttrs' (_: cfg: + nameValuePair cfg.name { + uid = genid cfg.name; + home = "/home/${cfg.name}"; + useDefaultShell = true; + createHome = true; + extraGroups = cfg.groups; + } + ) config.lass.xjail; + + users.groups = mapAttrs' (_: cfg: + nameValuePair cfg.name { + members = [ + cfg.name + cfg.from + ]; + } + ) config.lass.xjail; + + security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: + # TODO allow just the right script with sudo + "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL" + ) config.lass.xjail)); + + lass.xjail-bins = mapAttrs' (name: cfg: + nameValuePair name (pkgs.writeScriptBin cfg.name '' + ${scripts.${name}.existing} "$@" + '') + ) config.lass.xjail; + }; +} diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/custom/xmonad-lass/default.nix similarity index 94% rename from lass/5pkgs/xmonad-lass.nix rename to lass/5pkgs/custom/xmonad-lass/default.nix index 59c95cff7..e658897da 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -143,12 +143,21 @@ myKeyMap = , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-", spawn "${pkgs.writeDash "nm-dmenu" '' + export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin + exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" + ''}") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + + --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) + --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) + --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView)) ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index a158cd3c6..28482eb91 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,40 +1,39 @@ -{ config, pkgs, ... }@args: +with import ; +self: super: let -{ - nixpkgs.config.packageOverrides = rec { - acronym = pkgs.callPackage ./acronym/default.nix {}; - dpass = pkgs.callPackage ./dpass {}; - firefoxPlugins = { - noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; - ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; - vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; - }; - init = pkgs.callPackage ./init/default.nix args; - logify = pkgs.callPackage ./logify/default.nix {}; - mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; - mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; - pop = pkgs.callPackage ./pop/default.nix {}; - q = pkgs.callPackage ./q {}; - rs = pkgs.callPackage ./rs/default.nix {}; - urban = pkgs.callPackage ./urban/default.nix {}; - xml2json = pkgs.callPackage ./xml2json/default.nix {}; - xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; - yt-next = pkgs.callPackage ./yt-next/default.nix {}; + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = super.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then + trace + "Upstream `${upstream.name}' gets overridden by `${override.name}'." + override + else override; - bank = pkgs.writeDashBin "bank" '' + subdirsOf = path: + mapAttrs (name: _: path + "/${name}") + (filterAttrs (_: eq "directory") (readDir path)); + +in { + bank = self.writeDashBin "bank" '' tmp=$(mktemp) - ${pkgs.pass}/bin/pass show hledger > $tmp - ${pkgs.hledger}/bin/hledger --file=$tmp "$@" - ${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then + ${self.pass}/bin/pass show hledger > $tmp + ${self.hledger}/bin/hledger --file=$tmp "$@" + ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then exit 0 else - ${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger + ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger fi - ${pkgs.coreutils}/bin/rm $tmp + ${self.coreutils}/bin/rm $tmp ''; - screengrab = pkgs.writeDashBin "screengrab" '' - resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" - ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 - ''; - }; + rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; }; } + +// mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix new file mode 100644 index 000000000..8d6036843 --- /dev/null +++ b/lass/5pkgs/xephyrify/default.nix @@ -0,0 +1,62 @@ +{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }: + +let + + xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + , handleEventHook = myEventHook + } + + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }; + +in writeDashBin "xephyrify" '' + NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)} + echo "using DISPLAY $NDISPLAY" + ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY & + if test -n $DROP_TO_USER; then + sleep 1 + ls /tmp/.X11-unix/ + id + ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY" + ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY" + fi + XEPHYR_PID=$! + DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad & + XMONAD_PID=$! + DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@" + kill $XMONAD_PID + kill $XEPHYR_PID +'' diff --git a/lass/default.nix b/lass/default.nix index b1c7c1be8..d077cc09f 100644 --- a/lass/default.nix +++ b/lass/default.nix @@ -1,9 +1,9 @@ -_: +{ pkgs, ... }: { imports = [ ../krebs ./2configs ./3modules - ./5pkgs ]; + nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix index 74de846c0..45bd6f97e 100644 --- a/makefu/1systems/drop/source.nix +++ b/makefu/1systems/drop/source.nix @@ -1,3 +1,4 @@ import { name="drop"; + torrent = true; } diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix index 699267e21..caca1fbcb 100644 --- a/makefu/1systems/fileleech/source.nix +++ b/makefu/1systems/fileleech/source.nix @@ -1,3 +1,4 @@ import { - name="fileleech"; + name = "fileleech"; + torrent = true; } diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b859efc94..40fa233d3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -52,7 +52,7 @@ in { # network - + # diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 01438397e..bed6ae9fd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -9,7 +9,7 @@ let keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp1s0"; + primaryInterface = "enp2s0"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -54,6 +54,7 @@ in { # # + # @@ -65,6 +66,7 @@ in { + # services @@ -72,6 +74,11 @@ in { + + { + hardware.pulseaudio.systemWide = true; + makefu.mpd.musicDirectory = "/media/cryptX/music"; + } # security diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 637d8e2d8..cfbcf0e9c 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,66 +32,7 @@ in { - (let - musicDirectory = "/data/music"; - in { - services.mpd = { - enable = true; - inherit musicDirectory; - # dataDir = "/home/anders/.mpd"; - network.listenAddress = "any"; - extraConfig = '' - audio_output { - type "pulse" - name "Local MPD" - server "127.0.0.1" - } - ''; - }; - # open because of truestedInterfaces - # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; - services.samba.shares.music = { - path = musicDirectory; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - # systemWide = true; - support32Bit = true; - zeroconf.discovery.enable = true; - zeroconf.publish.enable = true; - tcp = { - enable = true; - anonymousClients.allowAll = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; - }; - configFile = pkgs.writeText "default.pa" '' - load-module module-udev-detect - load-module module-bluetooth-policy - load-module module-bluetooth-discover - load-module module-native-protocol-unix - load-module module-always-sink - load-module module-console-kit - load-module module-systemd-login - load-module module-intended-roles - load-module module-position-event-sounds - load-module module-filter-heuristics - load-module module-filter-apply - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover - ''; - }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; - }) + # Sensors diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index ad2ad8779..f72f2a15b 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -11,6 +11,8 @@ with import ; + + @@ -27,6 +29,8 @@ with import ; # # # + # + # # Krebs @@ -40,7 +44,7 @@ with import ; # Virtualization - # + { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { @@ -78,7 +82,6 @@ with import ; # # # - # { networking.wireguard.interfaces.wg0 = { @@ -123,6 +126,7 @@ with import ; load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + load-module module-switch-on-port-available ''; }; diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6278877c3..ab6429dc1 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -3,5 +3,7 @@ import { full = true; python = true; hw = true; + unstable = true; + mic92 = true; # torrent = true; } diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix new file mode 100644 index 000000000..226f5cf1f --- /dev/null +++ b/makefu/2configs/bluetooth-mpd.nix @@ -0,0 +1,68 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.makefu.mpd; +in { + options.makefu.mpd.musicDirectory = lib.mkOption { + description = "music Directory"; + default = "/data/music"; + type = lib.types.str; + }; + config = { + services.mpd = { + enable = true; + inherit (cfg) musicDirectory; + network.listenAddress = "0.0.0.0"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = cfg.musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + # PULSE_SERVER=192.168.1.11 pavucontrol + anonymousClients.allowAll = true; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-switch-on-connect + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + #hardware.bluetooth.extraConfig = '' + # [general] + # Enable=Source,Sink,Media,Socket + #''; + }; +} diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix new file mode 100644 index 000000000..b62f37bdb --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, ... }: +let + firetv = "192.168.1.238"; +in { + imports = [ + + ]; + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.packageOverrides = oldpkgs: { + home-assistant = (import {}).home-assistant; + }; + ids.uids.hass = 286; + ids.gids.hass = 286; + services.home-assistant = { + #panel_iframe: + #configurator: + # title: Configurator + # icon: mdi:wrench + # url: http://hassio.local:3218 + # sensor: + # - platform: random + enable = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + }; + panel_iframe = { + euer_blog = { + title = "Euer Blog"; + icon = "mdi:wrench"; + url = "https://euer.krebsco.de"; + }; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { + platform = "luftdaten"; + name = "Shack 1"; + sensorid = "50"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Shack 2"; + sensorid = "658"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + { platform = "random"; } + ]; + frontend = { }; + http = { }; + feedreader.urls = [ "https://nixos.org/blogs.xml" ]; + }; + }; +} diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 3a9d57dbb..e9d4b18e0 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -1,6 +1,18 @@ { lib, pkgs, config, ... }: with lib; +# imperative in config.php: +# #local memcache: +# 'memcache.local' => '\\OC\\Memcache\\APCu', +# #local locking: +# 'memcache.locking' => '\\OC\\Memcache\\Redis', +# 'redis' => +# array ( +# 'host' => 'localhost', +# 'port' => 6379, +# ), + + let # TODO: copy-paste from lass/2/websites/util.nix serveCloud = domains: @@ -124,20 +136,48 @@ let env[PATH] = ${lib.makeBinPath [ pkgs.php ]} catch_workers_output = yes ''; + services.phpfpm.phpOptions = '' + opcache.enable=1 + opcache.enable_cli=1 + opcache.interned_strings_buffer=8 + opcache.max_accelerated_files=10000 + opcache.memory_consumption=128 + opcache.save_comments=1 + opcache.revalidate_freq=1 + + display_errors = on + display_startup_errors = on + always_populate_raw_post_data = -1 + error_reporting = E_ALL | E_STRICT + html_errors = On + date.timezone = "Europe/Berlin" + # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so + extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + ''; }; in { imports = [ ( serveCloud [ "o.euer.krebsco.de" ] ) ]; - services.mysql = { # TODO: currently nextcloud uses sqlite + services.redis.enable = true; + services.mysql = { enable = false; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; - }; - services.mysqlBackup = { - enable = false; - databases = [ "nextcloud" ]; + initialDatabases = [ + # Or use writeText instead of literalExample? + #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } + { + name = "nextcloud"; + schema = pkgs.writeText "nextcloud.sql" + '' + create user if not exists 'nextcloud'@'localhost' identified by 'password'; + grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; + ''; + } + ]; }; # dataDir is only defined after mysql is enabled # krebs.secret.files.mysql_rootPassword = { diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index ecbca9ea3..19a8df235 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -30,6 +30,7 @@ in { forceSSL = true; locations = { "/".extraConfig = '' + expires -1; uwsgi_pass unix://${wsgi-sock}; uwsgi_param UWSGI_CHDIR ${workdir}; uwsgi_param UWSGI_MODULE cuserver.main; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1109e2519..30d90f9e3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -3,10 +3,15 @@ with import ; let - repos = priv-repos // krebs-repos // connector-repos ; + repos = priv-repos // krebs-repos // connector-repos // krebsroot-repos; rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos) - ++ concatMap connector-rules (attrValues connector-repos); + ++ concatMap connector-rules (attrValues connector-repos) + ++ concatMap krebsroot-rules (attrValues krebsroot-repos); + + krebsroot-repos = mapAttrs make-krebs-repo { + hydra-stockholm = { }; + }; krebs-repos = mapAttrs make-krebs-repo { stockholm = { @@ -28,7 +33,6 @@ let init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; - hydra-stockholm = { }; }; priv-repos = mapAttrs make-priv-repo { @@ -70,6 +74,9 @@ let krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; + krebsroot-rules = repo: + set-owners repo (all-makefu ++ krebsminister); + set-ro-access = with git; repo: user: optional repo.public { inherit user; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index f33c12a8f..98fe30daf 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -38,7 +38,7 @@ with import ; services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - START_CHARGE_THRESH_BAT0=67 + START_CHARGE_THRESH_BAT0=95 STOP_CHARGE_THRESH_BAT0=100 diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 08bc5659f..99533b25c 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -17,6 +17,7 @@ let # contains: # user1 = pass1 # userN = passN + # afterwards put /var/www//user1.html as tiddlywiki tw-pass-file = "${sec}/tw-pass.ini"; in { @@ -45,7 +46,7 @@ in { systemd.services.prepare-tw = { wantedBy = [ "local-fs.target" ]; - before = [ "phpfpm.service" ]; + before = [ "phpfpm.service" "nginx.service" ]; serviceConfig = { ExecStart = pkgs.writeScript "prepare-tw-service" '' #!/bin/sh @@ -92,6 +93,7 @@ in { locations = { "/" = { root = wiki-dir; + index = "makefu.html"; extraConfig = '' expires -1; autoindex on; diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 51e69d8b7..d5fa65ef9 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -9,6 +9,7 @@ in { pkgs.samsungUnifiedLinuxDriver pkgs.cups-dymo # dymo labelwriter pkgs.foo2zjs # magicolor 1690mf + pkgs.zj-58 ]; }; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix new file mode 100644 index 000000000..e04b12f9c --- /dev/null +++ b/makefu/2configs/stats/arafetch.nix @@ -0,0 +1,36 @@ +{ pkgs, lib, ...}: +with import ; +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "762d747"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests + docopt + influxdb + beautifulsoup4 + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/arafetch"; + inherit rev; + sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + }; + }; + home = "/var/lib/arafetch"; +in { + users.users.arafetch = { + uid = genid "arafetch"; + inherit home; + createHome = true; + }; + + systemd.services.arafetch = { + startAt = "Mon 09:15:00"; + wantedBy = [ "multi-user.target" ]; + environment = { + OUTDIR = home; + }; + path = [ pkg pkgs.git pkgs.wget ]; + script = "${pkg}/bin/weekrun"; + }; +} diff --git a/makefu/2configs/tools/mic92.nix b/makefu/2configs/tools/mic92.nix new file mode 100644 index 000000000..176e461c7 --- /dev/null +++ b/makefu/2configs/tools/mic92.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (import ) + ]; + users.users.makefu.packages = [ + pkgs.nix-review + ]; +} diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix index e4a79aa87..6f19f8f72 100644 --- a/makefu/3modules/awesome-extra.nix +++ b/makefu/3modules/awesome-extra.nix @@ -21,7 +21,9 @@ let This module will use substituteAll to replace strings before writing to /etc/xdg/awesome/rc.lua ''; - default = pkgs.awesomecfg.full; + default = pkgs.awesomecfg.full.override { + locker = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper"; + }; }; }; imp = { diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index 7e9724ec8..e5f62e910 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,23 +1,23 @@ { pkgs , lib , alsaUtils -, xlockmore , xbacklight , modkey?"Mod4" +, locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: { # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@ full = lib.makeOverridable pkgs.substituteAll { name = "awesome_full_config"; - inherit alsaUtils xlockmore xbacklight modkey; + inherit alsaUtils locker xbacklight modkey; isExecutable = false; src = ./full.cfg; }; kiosk = lib.makeOverridable pkgs.substituteAll { name = "awesome_kiosk_config"; - inherit alsaUtils xlockmore xbacklight modkey; + inherit alsaUtils locker xbacklight modkey; isExecutable = false; src = ./kiosk.lua; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 3488d0102..e748981c6 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -243,7 +243,7 @@ awful.screen.connect_for_each_screen(function(s) set_wallpaper(s) -- Each screen has its own tag table. - awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) + awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) -- Create a promptbox for each screen s.mypromptbox = awful.widget.prompt() @@ -277,10 +277,10 @@ awful.screen.connect_for_each_screen(function(s) { -- Right widgets layout = wibox.layout.fixed.horizontal, mykeyboardlayout, - mailwidget, + mailwidget, wibox.widget.systray(), - cpuwidget, - batwidget, + cpuwidget, + batwidget, mytextclock, s.mylayoutbox, }, @@ -379,19 +379,19 @@ globalkeys = awful.util.table.join( -- Prompt awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, {description = "run prompt", group = "launcher"}), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@locker@") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@locker@") end), - awful.key({ modkey }, "x", - function () - awful.prompt.run { - prompt = "Run Lua code: ", - textbox = awful.screen.focused().mypromptbox.widget, - exe_callback = awful.util.eval, - history_path = awful.util.get_cache_dir() .. "/history_eval" - } - end, - {description = "lua execute prompt", group = "awesome"}), + awful.key({ modkey }, "x", + function () + awful.prompt.run { + prompt = "Run Lua code: ", + textbox = awful.screen.focused().mypromptbox.widget, + exe_callback = awful.util.eval, + history_path = awful.util.get_cache_dir() .. "/history_eval" + } + end, + {description = "lua execute prompt", group = "awesome"}), -- Menubar awful.key({ modkey }, "p", function() menubar.show() end) diff --git a/makefu/5pkgs/awesomecfg/kiosk.lua b/makefu/5pkgs/awesomecfg/kiosk.lua index ec255a8af..d0261f798 100644 --- a/makefu/5pkgs/awesomecfg/kiosk.lua +++ b/makefu/5pkgs/awesomecfg/kiosk.lua @@ -331,8 +331,8 @@ globalkeys = awful.util.table.join( -- Prompt awful.key({ modkey }, "r", function () mypromptbox[mouse.screen]:run() end), -- awful.key({ modkey }, "r", function () awful.util.spawn( "dmenu_run" ) end ), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@locker@") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@locker@") end), awful.key({ modkey }, "x", function () diff --git a/makefu/5pkgs/nodemcu-uploader/default.nix b/makefu/5pkgs/nodemcu-uploader/default.nix index 64476be6e..f3e47be55 100644 --- a/makefu/5pkgs/nodemcu-uploader/default.nix +++ b/makefu/5pkgs/nodemcu-uploader/default.nix @@ -1,19 +1,22 @@ -{ lib, pkgs, pythonPackages, fetchurl, ... }: +{ lib, pkgs, pythonPackages, ... }: with pythonPackages; buildPythonPackage rec { name = "nodemcu-uploader-${version}"; - version = "0.2.2"; - disabled = isPy3k || isPyPy; + version = "0.4.1"; propagatedBuildInputs = [ pyserial + wrapt ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/n/nodemcu-uploader/nodemcu-uploader-${version}.tar.gz"; - sha256 = "090giz84y9y3idgifp0yh80qqyv2czv6h3y55wyrlgf7qfbwbrvn"; + + src = pkgs.fetchFromGitHub { + owner = "kmpm"; + repo = "nodemcu-uploader"; + rev = "v${version}"; + sha256 = "055pvlg544vb97kaqnnq51fs9f9g75vwgbazc293f3g1sk263gmn"; }; - # ImportError: No module named tests - # not sure what to do here + doCheck = false; + meta = { homepage = https://github.com/kmpm/nodemcu-uploader; description = "tool for uploading files to NodeMCU filesystem"; diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix new file mode 100644 index 000000000..1fb772f1f --- /dev/null +++ b/makefu/5pkgs/python-firetv/default.nix @@ -0,0 +1,40 @@ +{ lib, pkgs, python2Packages, ... }: +# requires libusb1 from unstable +with (import {}).python2Packages; let + + python-adb = buildPythonPackage rec { + pname = "adb"; + version = "1.2.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "0v4my47ikgkbq04gdllpx6kql5cfh7dnpq2fk72x03z74mqri7v8"; + }; + + propagatedBuildInputs = [ libusb1 m2crypto ]; + meta = { + homepage = https://github.com/google/python-adb; + description = "Python ADB + Fastboot implementation"; + license = lib.licenses.asl20; + }; + }; +in + buildPythonPackage rec { + name = "python-firetv-${version}"; + version = "1.0.5"; + + src = pkgs.fetchFromGitHub { + owner = "happyleavesaoc"; + repo = "python-firetv"; + # rev = version; + rev = "55406c6"; + sha256 = "1r2yighilchs0jvcvbngkjxkk7gp588ikcl64x7afqzxc6zxv7wp"; + }; + + propagatedBuildInputs = [ python-adb flask pyyaml ]; + meta = { + homepage = https://github.com/happyleavesaoc/python-firetv; + description = "provides state informations and some control of an amazon firetv"; + license = lib.licenses.mit; + }; +} diff --git a/makefu/5pkgs/zj-58/default.nix b/makefu/5pkgs/zj-58/default.nix new file mode 100644 index 000000000..6eda84959 --- /dev/null +++ b/makefu/5pkgs/zj-58/default.nix @@ -0,0 +1,30 @@ +{stdenv, fetchFromGitHub, cups}: + +stdenv.mkDerivation rec { + name = "cups-zj58-2018-02-22"; + + src = fetchFromGitHub { + owner = "klirichek"; + repo = "zj-58"; + rev = "e4212cd"; + sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi"; + }; + + buildInputs = [cups]; + + installPhase = '' + mkdir -p $out/lib/cups/filter + + cp rastertozj $out/lib/cups/filter + + + mkdir -p $out/share/cups/model/zjiang + cp ZJ-58.ppd $out/share/cups/model/zjiang/ + ''; + + meta = { + description = "CUPS filter for thermal printer Zjiang ZJ-58"; + homepage = https://github.com/klirichek/zj-58; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix deleted file mode 100644 index 0967ef424..000000000 --- a/makefu/6tests/data/secrets/torrent-secrets/auth.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/makefu/source.nix b/makefu/source.nix index 79a2c535f..d25fe5528 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -1,12 +1,14 @@ with import ; host@{ name, - override ? {}, - secure ? false, - full ? false, - torrent ? false, - hw ? false, - musnix ? false, - python ? false + override ? {} +, secure ? false +, full ? false +, torrent ? false +, hw ? false +, musnix ? false +, python ? false +, unstable ? false #unstable channel checked out +, mic92 ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -19,9 +21,9 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "51810e0"; # nixos-17.09 @ 2018-02-14 + ref = "6583793"; # nixos-17.09 @ 2018-03-07 # + do_sqlite3 ruby: 55a952be5b5 - # + signal: 0f19beef3 + # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2 in evalSource (toString _file) [ @@ -59,21 +61,37 @@ in (mkIf ( hw ) { nixos-hardware.git = { url = https://github.com/nixos/nixos-hardware.git; - ref = "8a05dc9"; + ref = "30fdd53"; }; }) (mkIf ( python ) { python.git = { url = https://github.com/garbas/nixpkgs-python; - ref = "cac319b"; + ref = "cac319b7"; }; }) + (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString ; makefu = "/home/makefu/secrets/torrent" ; }; }) + + (mkIf ( unstable ) { + nixpkgs-unstable.git = { + url = https://github.com/nixos/nixpkgs-channels; + ref = "nixos-unstable"; + }; + }) + + (mkIf ( mic92 ) { + mic92.git = { + url = https://github.com/Mic92/dotfiles/; + ref = "48a1f49"; + }; + }) + override ]