From 4a2af184e6846f80b139357c6230558cd8785b10 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 28 Feb 2018 19:54:11 +0000 Subject: [PATCH 01/83] j vim: unsure changes --- jeschli/2configs/vim.nix | 118 ++++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 56 deletions(-) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 1a2231a86..ddf0f9195 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -16,72 +16,78 @@ let owner = "mxw"; repo = "vim-jsx"; rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; in { -# { environment.systemPackages = [ (pkgs.vim_configurable.customize { name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - :map nf :NERDTreeToggle - set autowrite - set number - set ruler - set path+=** - set wildmenu - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif + vimrcConfig.customRC = let + colorscheme = ''colorscheme molokai''; + setStatements = '' + set autowrite + set clipboard=unnamedplus + set nocompatible + set path+=** + set ruler + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + set undofile "turn on the feature + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set listchars=trail:¶ + ''; + remapStatements = '' + imap jk + map gr :GoRun " Map gr to execute go run + map nf :NERDTreeToggle + nnoremap + nnoremap :bnext + noremap x "_x + vmap v v + ''; + settingsForGo = '' + let g:go_decls_includes = "func,type" + let g:go_def_mode = 'godef' + let g:go_fmt_command = "goimports" + let g:go_highlight_extra_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_types = 1 + let g:go_list_type = "quickfix" + let g:go_metalinter_autosave = 1 + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:syntastic_go_checkers = ['go', 'golint', 'errcheck'] + let g:go_snippet_case_type = "camelcase" + let g:go_test_timeout = '10s' + let g:jsx_ext_required = 0 + let g:molokai_original = 1 + let g:rehash256 = 1 + ''; + settingsForElm = '' + let g:polyglot_disabled = ['elm'] + let g:elm_detailed_complete = 1 + let g:elm_format_autosave = 1 + let g:elm_syntastic_show_warnings = 1 ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { + names = [ + "ctrlp" + "easymotion" + "molokai" + "nerdtree" + "snipmate" + "surround" + "Syntastic" + "undotree" + "elm-vim" + "youcompleteme" + ]; + } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } From 54c439f4f432085ae27bc4e711c55fe5d45a78fc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Feb 2018 21:29:23 +0100 Subject: [PATCH 02/83] ma owncloud: add caching --- makefu/2configs/deployment/owncloud.nix | 50 ++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 3a9d57dbb..e9d4b18e0 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -1,6 +1,18 @@ { lib, pkgs, config, ... }: with lib; +# imperative in config.php: +# #local memcache: +# 'memcache.local' => '\\OC\\Memcache\\APCu', +# #local locking: +# 'memcache.locking' => '\\OC\\Memcache\\Redis', +# 'redis' => +# array ( +# 'host' => 'localhost', +# 'port' => 6379, +# ), + + let # TODO: copy-paste from lass/2/websites/util.nix serveCloud = domains: @@ -124,20 +136,48 @@ let env[PATH] = ${lib.makeBinPath [ pkgs.php ]} catch_workers_output = yes ''; + services.phpfpm.phpOptions = '' + opcache.enable=1 + opcache.enable_cli=1 + opcache.interned_strings_buffer=8 + opcache.max_accelerated_files=10000 + opcache.memory_consumption=128 + opcache.save_comments=1 + opcache.revalidate_freq=1 + + display_errors = on + display_startup_errors = on + always_populate_raw_post_data = -1 + error_reporting = E_ALL | E_STRICT + html_errors = On + date.timezone = "Europe/Berlin" + # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so + extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + ''; }; in { imports = [ ( serveCloud [ "o.euer.krebsco.de" ] ) ]; - services.mysql = { # TODO: currently nextcloud uses sqlite + services.redis.enable = true; + services.mysql = { enable = false; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; - }; - services.mysqlBackup = { - enable = false; - databases = [ "nextcloud" ]; + initialDatabases = [ + # Or use writeText instead of literalExample? + #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } + { + name = "nextcloud"; + schema = pkgs.writeText "nextcloud.sql" + '' + create user if not exists 'nextcloud'@'localhost' identified by 'password'; + grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; + ''; + } + ]; }; # dataDir is only defined after mysql is enabled # krebs.secret.files.mysql_rootPassword = { From 55a156814ae06f16f9e87638ddd5d0b73ddf41e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Mar 2018 15:02:47 +0100 Subject: [PATCH 03/83] l deploy: don't run --diff --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6ca980155..cbb71ab24 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -182,7 +182,7 @@ with import ; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' From 742cda0e2261acad6b3d17dc42331ecc5e833854 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Mar 2018 15:07:00 +0100 Subject: [PATCH 04/83] l: turn pkgs into overlay --- lass/2configs/baseX.nix | 6 +- .../xmonad-lass/default.nix} | 9 +++ lass/5pkgs/default.nix | 63 +++++++++---------- lass/default.nix | 4 +- 4 files changed, 45 insertions(+), 37 deletions(-) rename lass/5pkgs/{xmonad-lass.nix => custom/xmonad-lass/default.nix} (94%) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2b7a5c924..99e574ed4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -2,6 +2,7 @@ with import ; let user = config.krebs.build.user; + xmonad-lass = pkgs.callPackage { inherit config; }; in { imports = [ ./mpv.nix @@ -84,7 +85,6 @@ in { powertop push rxvt_unicode_with-plugins - screengrab slock sxiv timewarrior @@ -137,8 +137,8 @@ in { }; serviceConfig = { SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + ExecStart = "${xmonad-lass}/bin/xmonad"; + ExecStop = "${xmonad-lass}/bin/xmonad --shutdown"; }; restartIfChanged = false; }; diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/custom/xmonad-lass/default.nix similarity index 94% rename from lass/5pkgs/xmonad-lass.nix rename to lass/5pkgs/custom/xmonad-lass/default.nix index 59c95cff7..e658897da 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -143,12 +143,21 @@ myKeyMap = , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-", spawn "${pkgs.writeDash "nm-dmenu" '' + export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin + exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" + ''}") + , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + + --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) + --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) + --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView)) ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index a158cd3c6..28482eb91 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,40 +1,39 @@ -{ config, pkgs, ... }@args: +with import ; +self: super: let -{ - nixpkgs.config.packageOverrides = rec { - acronym = pkgs.callPackage ./acronym/default.nix {}; - dpass = pkgs.callPackage ./dpass {}; - firefoxPlugins = { - noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; - ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; - vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; - }; - init = pkgs.callPackage ./init/default.nix args; - logify = pkgs.callPackage ./logify/default.nix {}; - mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; - mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; - pop = pkgs.callPackage ./pop/default.nix {}; - q = pkgs.callPackage ./q {}; - rs = pkgs.callPackage ./rs/default.nix {}; - urban = pkgs.callPackage ./urban/default.nix {}; - xml2json = pkgs.callPackage ./xml2json/default.nix {}; - xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; - yt-next = pkgs.callPackage ./yt-next/default.nix {}; + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = super.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then + trace + "Upstream `${upstream.name}' gets overridden by `${override.name}'." + override + else override; - bank = pkgs.writeDashBin "bank" '' + subdirsOf = path: + mapAttrs (name: _: path + "/${name}") + (filterAttrs (_: eq "directory") (readDir path)); + +in { + bank = self.writeDashBin "bank" '' tmp=$(mktemp) - ${pkgs.pass}/bin/pass show hledger > $tmp - ${pkgs.hledger}/bin/hledger --file=$tmp "$@" - ${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then + ${self.pass}/bin/pass show hledger > $tmp + ${self.hledger}/bin/hledger --file=$tmp "$@" + ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then exit 0 else - ${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger + ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger fi - ${pkgs.coreutils}/bin/rm $tmp + ${self.coreutils}/bin/rm $tmp ''; - screengrab = pkgs.writeDashBin "screengrab" '' - resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')" - ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1 - ''; - }; + rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; }; } + +// mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) diff --git a/lass/default.nix b/lass/default.nix index b1c7c1be8..d077cc09f 100644 --- a/lass/default.nix +++ b/lass/default.nix @@ -1,9 +1,9 @@ -_: +{ pkgs, ... }: { imports = [ ../krebs ./2configs ./3modules - ./5pkgs ]; + nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } From 7eb71976f102eb616dc1ab07283acdbdf519ea90 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Mar 2018 18:28:05 +0100 Subject: [PATCH 05/83] l: add xephyrify --- lass/2configs/baseX.nix | 2 +- lass/5pkgs/xephyrify/default.nix | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 lass/5pkgs/xephyrify/default.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 99e574ed4..ed179ded6 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -99,6 +99,7 @@ in { zathura cabal2nix + xephyrify ]; fonts.fonts = with pkgs; [ @@ -129,7 +130,6 @@ in { }; systemd.user.services.xmonad = { - #wantedBy = [ "graphical-session.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; RXVT_SOCKET = "%t/urxvtd-socket"; diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix new file mode 100644 index 000000000..cd918af37 --- /dev/null +++ b/lass/5pkgs/xephyrify/default.nix @@ -0,0 +1,9 @@ +{ writeDashBin, coreutils, xorg, virtualgl, ... }: + +writeDashBin "xephyrify" '' + NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1) + ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY & + XEPHYR_PID=$! + DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@" + kill $XEPHYR_PID +'' From 6d975a493caba41734cc5e0a51890798538bd0cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Mar 2018 18:28:40 +0100 Subject: [PATCH 06/83] l: add more mails --- lass/2configs/exim-smarthost.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4335c7cab..ae652722a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -11,7 +11,6 @@ with import ; primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" - "aidsballs.de" ]; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors @@ -70,6 +69,15 @@ with import ; { from = "aws@lassul.us"; to = lass.mail; } { from = "reddit@lassul.us"; to = lass.mail; } { from = "banggood@lassul.us"; to = lass.mail; } + { from = "immoscout@lassul.us"; to = lass.mail; } + { from = "gmail@lassul.us"; to = lass.mail; } + { from = "amazon@lassul.us"; to = lass.mail; } + { from = "humblebundle@lassul.us"; to = lass.mail; } + { from = "meetup@lassul.us"; to = lass.mail; } + { from = "gebfrei@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "ovh@lassul.us"; to = lass.mail; } + { from = "hetzner@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 58a21e21e262c6edea2aefff0d8ca772a7e3ea70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Mar 2018 18:36:58 +0100 Subject: [PATCH 07/83] l mail: add more mailboxes --- lass/2configs/mail.nix | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index c6866c69d..03d39ef75 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -22,20 +22,45 @@ let mailboxes = { c-base = [ "to:c-base.org" ]; + coins = [ + "to:btce@lassul.us" + "to:coinbase@lassul.us" + "to:polo@lassul.us" + "to:bitwala@lassul.us" + "to:payeer@lassul.us" + "to:gatehub@lassul.us" + "to:bitfinex@lassul.us" + "to:binance@lassul.us" + "to:bitcoin.de@lassul.us" + "to:robinhood@lassul.us" + ]; dezentrale = [ "to:dezentrale.space" ]; - kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" ]; + dhl = [ "to:dhl@lassul.us" ]; + github = [ "to:github@lassul.us" ]; + gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ]; patreon = [ "to:patreon@lassul.us" ]; - security = [ "to:seclists.org" "to:security" "to:bugtraq" ]; + paypal = [ "to:paypal@lassul.us" ]; + ptl = [ "to:ptl@posttenebraslab.ch" ]; + retiolum = [ "to:lass@mors.r" ]; + security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ]; shack = [ "to:shackspace.de" ]; + steam = [ "to:steam@lassul.us" ]; + tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ]; wireguard = [ "to:wireguard@lists.zx2c4" ]; + zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ]; }; - tag-mails = pkgs.writeDashBin "nm-init-tag" '' + tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} ''; + tag-old-mails = pkgs.writeDashBin "nm-tag-old" '' + ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ''; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -170,6 +195,7 @@ in { mutt pkgs.much pkgs.notmuch - tag-mails + tag-new-mails + tag-old-mails ]; } From ca1d401aaf7bd760f262cfaea1e4fe42e0e17888 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Mar 2018 23:10:23 +0100 Subject: [PATCH 08/83] ma pkgs.python-firetv: init --- makefu/5pkgs/python-firetv/default.nix | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 makefu/5pkgs/python-firetv/default.nix diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix new file mode 100644 index 000000000..04c76ac55 --- /dev/null +++ b/makefu/5pkgs/python-firetv/default.nix @@ -0,0 +1,41 @@ +{ lib, pkgs, python2Packages, ... }: +# requires libusb1 from unstable +with (import {}).python2Packages; let + + python-adb = buildPythonPackage rec { + name = "python-adb-${version}"; + version = "1.2.0"; + + src = pkgs.fetchFromGitHub { + owner = "google"; + repo = "python-adb"; + rev = "28d912a"; + sha256 = "1cy18l96v72hrhf21im5i8hlzd8ilv0vcck026npnxiw095a5hm2"; + }; + + propagatedBuildInputs = [ libusb1 m2crypto ]; + meta = { + homepage = https://github.com/google/python-adb; + description = "Python ADB + Fastboot implementation"; + license = lib.licenses.apache2; + }; + }; +in + buildPythonPackage rec { + name = "python-firetv-${version}"; + version = "1.0.5"; + + src = pkgs.fetchFromGitHub { + owner = "happyleavesaoc"; + repo = "python-firetv"; + rev = version; + sha256 = "0j5p8jg13hc9gcbv0ipxgljrpcxk8b7k4p4kyfhmblpjm51mycs3"; + }; + + propagatedBuildInputs = [ python-adb flask pyyaml ]; + meta = { + homepage = https://github.com/happyleavesaoc/python-firetv; + description = "provides state informations and some control of an amazon firetv"; + license = lib.licenses.mit; + }; +} From 0170701ee6dbcb13073e85d24bec4d67c7f73a28 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Mar 2018 23:37:18 +0100 Subject: [PATCH 09/83] ma pkgs.python-firetv: need to pin adb --- makefu/5pkgs/python-firetv/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix index 04c76ac55..1fb772f1f 100644 --- a/makefu/5pkgs/python-firetv/default.nix +++ b/makefu/5pkgs/python-firetv/default.nix @@ -3,21 +3,19 @@ with (import {}).python2Packages; let python-adb = buildPythonPackage rec { - name = "python-adb-${version}"; + pname = "adb"; version = "1.2.0"; - src = pkgs.fetchFromGitHub { - owner = "google"; - repo = "python-adb"; - rev = "28d912a"; - sha256 = "1cy18l96v72hrhf21im5i8hlzd8ilv0vcck026npnxiw095a5hm2"; + src = fetchPypi { + inherit pname version; + sha256 = "0v4my47ikgkbq04gdllpx6kql5cfh7dnpq2fk72x03z74mqri7v8"; }; propagatedBuildInputs = [ libusb1 m2crypto ]; meta = { homepage = https://github.com/google/python-adb; description = "Python ADB + Fastboot implementation"; - license = lib.licenses.apache2; + license = lib.licenses.asl20; }; }; in @@ -28,8 +26,9 @@ in src = pkgs.fetchFromGitHub { owner = "happyleavesaoc"; repo = "python-firetv"; - rev = version; - sha256 = "0j5p8jg13hc9gcbv0ipxgljrpcxk8b7k4p4kyfhmblpjm51mycs3"; + # rev = version; + rev = "55406c6"; + sha256 = "1r2yighilchs0jvcvbngkjxkk7gp588ikcl64x7afqzxc6zxv7wp"; }; propagatedBuildInputs = [ python-adb flask pyyaml ]; From 02f67eed443ba552d775d1a0ab7860d439f7552b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 6 Mar 2018 21:30:05 +0100 Subject: [PATCH 10/83] l xephyrify: add minimal xmonad --- lass/5pkgs/xephyrify/default.nix | 37 ++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index cd918af37..8b18ea949 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -1,9 +1,42 @@ -{ writeDashBin, coreutils, xorg, virtualgl, ... }: +{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }: -writeDashBin "xephyrify" '' +let + + minimalXmonad = writeHaskell "minimalXmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + } + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }; + +in writeDashBin "xephyrify" '' NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1) + echo "using DISPLAY $NDISPLAY" ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY & XEPHYR_PID=$! + DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad & + XMONAD_PID=$! DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@" + kill $XMONAD_PID kill $XEPHYR_PID '' From 194e7011d42ed75c76dc7a7efea450ba6497d2f1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:48:44 +0100 Subject: [PATCH 11/83] ma source: bump nixpkgs --- makefu/source.nix | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 708f0d20c..405740b5c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -1,12 +1,13 @@ with import ; host@{ name, - override ? {}, - secure ? false, - full ? false, - torrent ? false, - hw ? false, - musnix ? false, - python ? false + override ? {} +, secure ? false +, full ? false +, torrent ? false +, hw ? false +, musnix ? false +, python ? false +, unstable ? false #unstable channel checked out }: let builder = if getEnv "dummy_secrets" == "true" @@ -14,7 +15,7 @@ let else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; # TODO: automate updating of this ref + cherry-picks - ref = "51810e0"; # nixos-17.09 @ 2018-02-14 + ref = "6b6e72b"; # nixos-17.09 @ 2018-03-07 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 @@ -53,21 +54,30 @@ in (mkIf ( hw ) { nixos-hardware.git = { url = https://github.com/nixos/nixos-hardware.git; - ref = "8a05dc9"; + ref = "30fdd53"; }; }) (mkIf ( python ) { python.git = { url = https://github.com/garbas/nixpkgs-python; - ref = "cac319b"; + ref = "cac319b7"; }; }) + (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString ; makefu = "/home/makefu/secrets/torrent" ; }; }) + + (mkIf ( unstable ) { + nixpkgs-unstable.git = { + url = https://github.com/nixos/nixpkgs-channels; + ref = "nixos-unstable"; + }; + }) + override ] From bd8438858ef06737602501cbbb697a7da50de45d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:52:20 +0100 Subject: [PATCH 12/83] ma pkgs.zj-58: init --- makefu/2configs/printer.nix | 1 + makefu/5pkgs/zj-58/default.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 makefu/5pkgs/zj-58/default.nix diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 51e69d8b7..d5fa65ef9 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -9,6 +9,7 @@ in { pkgs.samsungUnifiedLinuxDriver pkgs.cups-dymo # dymo labelwriter pkgs.foo2zjs # magicolor 1690mf + pkgs.zj-58 ]; }; diff --git a/makefu/5pkgs/zj-58/default.nix b/makefu/5pkgs/zj-58/default.nix new file mode 100644 index 000000000..6eda84959 --- /dev/null +++ b/makefu/5pkgs/zj-58/default.nix @@ -0,0 +1,30 @@ +{stdenv, fetchFromGitHub, cups}: + +stdenv.mkDerivation rec { + name = "cups-zj58-2018-02-22"; + + src = fetchFromGitHub { + owner = "klirichek"; + repo = "zj-58"; + rev = "e4212cd"; + sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi"; + }; + + buildInputs = [cups]; + + installPhase = '' + mkdir -p $out/lib/cups/filter + + cp rastertozj $out/lib/cups/filter + + + mkdir -p $out/share/cups/model/zjiang + cp ZJ-58.ppd $out/share/cups/model/zjiang/ + ''; + + meta = { + description = "CUPS filter for thermal printer Zjiang ZJ-58"; + homepage = https://github.com/klirichek/zj-58; + platforms = stdenv.lib.platforms.linux; + }; +} From 909fe1091fa599a816fbabc274952d3aca63b8c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:52:40 +0100 Subject: [PATCH 13/83] ma pkgs.nodemcu-uploader: 0.2.2 -> 0.4.1 --- makefu/5pkgs/nodemcu-uploader/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/makefu/5pkgs/nodemcu-uploader/default.nix b/makefu/5pkgs/nodemcu-uploader/default.nix index 64476be6e..f3e47be55 100644 --- a/makefu/5pkgs/nodemcu-uploader/default.nix +++ b/makefu/5pkgs/nodemcu-uploader/default.nix @@ -1,19 +1,22 @@ -{ lib, pkgs, pythonPackages, fetchurl, ... }: +{ lib, pkgs, pythonPackages, ... }: with pythonPackages; buildPythonPackage rec { name = "nodemcu-uploader-${version}"; - version = "0.2.2"; - disabled = isPy3k || isPyPy; + version = "0.4.1"; propagatedBuildInputs = [ pyserial + wrapt ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/n/nodemcu-uploader/nodemcu-uploader-${version}.tar.gz"; - sha256 = "090giz84y9y3idgifp0yh80qqyv2czv6h3y55wyrlgf7qfbwbrvn"; + + src = pkgs.fetchFromGitHub { + owner = "kmpm"; + repo = "nodemcu-uploader"; + rev = "v${version}"; + sha256 = "055pvlg544vb97kaqnnq51fs9f9g75vwgbazc293f3g1sk263gmn"; }; - # ImportError: No module named tests - # not sure what to do here + doCheck = false; + meta = { homepage = https://github.com/kmpm/nodemcu-uploader; description = "tool for uploading files to NodeMCU filesystem"; From c19a5c9b557042e130c90c9c616f91e09d212eb3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:53:41 +0100 Subject: [PATCH 14/83] ma x.r: switch audio on port change --- makefu/1systems/x/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index ad2ad8779..e0417e00d 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -123,6 +123,7 @@ with import ; load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + load-module module-switch-on-port-available ''; }; From 3ba773c18e092d327f3d45cede4214e05401ac95 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:54:25 +0100 Subject: [PATCH 15/83] ma tp-x2x0: start charging at 95% again --- makefu/2configs/hw/tp-x2x0.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index f33c12a8f..98fe30daf 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -38,7 +38,7 @@ with import ; services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - START_CHARGE_THRESH_BAT0=67 + START_CHARGE_THRESH_BAT0=95 STOP_CHARGE_THRESH_BAT0=100 From 574be59987debd726d6a6a8508a697762dca7ca1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 15:27:06 +0100 Subject: [PATCH 16/83] ma source: add mic92 as source --- makefu/1systems/x/source.nix | 2 ++ makefu/source.nix | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6278877c3..ab6429dc1 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -3,5 +3,7 @@ import { full = true; python = true; hw = true; + unstable = true; + mic92 = true; # torrent = true; } diff --git a/makefu/source.nix b/makefu/source.nix index 474f7e15b..6b32a1b40 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -8,6 +8,7 @@ host@{ name, , musnix ? false , python ? false , unstable ? false #unstable channel checked out +, mic92 ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -85,5 +86,12 @@ in }; }) + (mkIf ( mic92 ) { + mic92.git = { + url = https://github.com/Mic92/dotfiles/; + ref = "48a1f49"; + }; + }) + override ] From b2c1e1804a28bc88c564a3e7580e4c30c98e6baf Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 17:05:50 +0100 Subject: [PATCH 17/83] ma pkgs.mic92: init overlay --- makefu/1systems/x/config.nix | 5 ++++- makefu/2configs/tools/mic92.nix | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/tools/mic92.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index e0417e00d..1623ff44f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -11,6 +11,8 @@ with import ; + + @@ -27,6 +29,8 @@ with import ; # # # + # + # # Krebs @@ -78,7 +82,6 @@ with import ; # # # - # { networking.wireguard.interfaces.wg0 = { diff --git a/makefu/2configs/tools/mic92.nix b/makefu/2configs/tools/mic92.nix new file mode 100644 index 000000000..176e461c7 --- /dev/null +++ b/makefu/2configs/tools/mic92.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (import ) + ]; + users.users.makefu.packages = [ + pkgs.nix-review + ]; +} From cbb83a487837d06a67f7ed8a6f918ee58fee0eaf Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 17:06:11 +0100 Subject: [PATCH 18/83] ma hass: init config --- .../deployment/bureautomation/hass.nix | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 makefu/2configs/deployment/bureautomation/hass.nix diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix new file mode 100644 index 000000000..b62f37bdb --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, ... }: +let + firetv = "192.168.1.238"; +in { + imports = [ + + ]; + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.packageOverrides = oldpkgs: { + home-assistant = (import {}).home-assistant; + }; + ids.uids.hass = 286; + ids.gids.hass = 286; + services.home-assistant = { + #panel_iframe: + #configurator: + # title: Configurator + # icon: mdi:wrench + # url: http://hassio.local:3218 + # sensor: + # - platform: random + enable = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + }; + panel_iframe = { + euer_blog = { + title = "Euer Blog"; + icon = "mdi:wrench"; + url = "https://euer.krebsco.de"; + }; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { + platform = "luftdaten"; + name = "Shack 1"; + sensorid = "50"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Shack 2"; + sensorid = "658"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + { platform = "random"; } + ]; + frontend = { }; + http = { }; + feedreader.urls = [ "https://nixos.org/blogs.xml" ]; + }; + }; +} From 68f2953f7c5351e8584e3b3e747384aea355d523 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 17:06:46 +0100 Subject: [PATCH 19/83] ma cgit-retiolum: make hydra-stockholm krebsroot --- makefu/2configs/git/cgit-retiolum.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1109e2519..30d90f9e3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -3,10 +3,15 @@ with import ; let - repos = priv-repos // krebs-repos // connector-repos ; + repos = priv-repos // krebs-repos // connector-repos // krebsroot-repos; rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos) - ++ concatMap connector-rules (attrValues connector-repos); + ++ concatMap connector-rules (attrValues connector-repos) + ++ concatMap krebsroot-rules (attrValues krebsroot-repos); + + krebsroot-repos = mapAttrs make-krebs-repo { + hydra-stockholm = { }; + }; krebs-repos = mapAttrs make-krebs-repo { stockholm = { @@ -28,7 +33,6 @@ let init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; - hydra-stockholm = { }; }; priv-repos = mapAttrs make-priv-repo { @@ -70,6 +74,9 @@ let krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; + krebsroot-rules = repo: + set-owners repo (all-makefu ++ krebsminister); + set-ro-access = with git; repo: user: optional repo.public { inherit user; From 325be7a661a4bb34d1e2c2cc7332916741cf1a4b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 13 Mar 2018 11:33:26 +0100 Subject: [PATCH 20/83] ma x.r: re-enable virtualbox --- makefu/1systems/x/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1623ff44f..f72f2a15b 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -44,7 +44,7 @@ with import ; # Virtualization - # + { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { From 28324a02d902b0ca31a383f162c585fb8f9b2972 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 13 Mar 2018 11:34:28 +0100 Subject: [PATCH 21/83] ma awesome: make locker configurable --- makefu/3modules/awesome-extra.nix | 4 +++- makefu/5pkgs/awesomecfg/default.nix | 6 +++--- makefu/5pkgs/awesomecfg/full.cfg | 32 ++++++++++++++--------------- makefu/5pkgs/awesomecfg/kiosk.lua | 4 ++-- 4 files changed, 24 insertions(+), 22 deletions(-) diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix index e4a79aa87..6f19f8f72 100644 --- a/makefu/3modules/awesome-extra.nix +++ b/makefu/3modules/awesome-extra.nix @@ -21,7 +21,9 @@ let This module will use substituteAll to replace strings before writing to /etc/xdg/awesome/rc.lua ''; - default = pkgs.awesomecfg.full; + default = pkgs.awesomecfg.full.override { + locker = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper"; + }; }; }; imp = { diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index 7e9724ec8..e5f62e910 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,23 +1,23 @@ { pkgs , lib , alsaUtils -, xlockmore , xbacklight , modkey?"Mod4" +, locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: { # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@ full = lib.makeOverridable pkgs.substituteAll { name = "awesome_full_config"; - inherit alsaUtils xlockmore xbacklight modkey; + inherit alsaUtils locker xbacklight modkey; isExecutable = false; src = ./full.cfg; }; kiosk = lib.makeOverridable pkgs.substituteAll { name = "awesome_kiosk_config"; - inherit alsaUtils xlockmore xbacklight modkey; + inherit alsaUtils locker xbacklight modkey; isExecutable = false; src = ./kiosk.lua; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 3488d0102..e748981c6 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -243,7 +243,7 @@ awful.screen.connect_for_each_screen(function(s) set_wallpaper(s) -- Each screen has its own tag table. - awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) + awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) -- Create a promptbox for each screen s.mypromptbox = awful.widget.prompt() @@ -277,10 +277,10 @@ awful.screen.connect_for_each_screen(function(s) { -- Right widgets layout = wibox.layout.fixed.horizontal, mykeyboardlayout, - mailwidget, + mailwidget, wibox.widget.systray(), - cpuwidget, - batwidget, + cpuwidget, + batwidget, mytextclock, s.mylayoutbox, }, @@ -379,19 +379,19 @@ globalkeys = awful.util.table.join( -- Prompt awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, {description = "run prompt", group = "launcher"}), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@locker@") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@locker@") end), - awful.key({ modkey }, "x", - function () - awful.prompt.run { - prompt = "Run Lua code: ", - textbox = awful.screen.focused().mypromptbox.widget, - exe_callback = awful.util.eval, - history_path = awful.util.get_cache_dir() .. "/history_eval" - } - end, - {description = "lua execute prompt", group = "awesome"}), + awful.key({ modkey }, "x", + function () + awful.prompt.run { + prompt = "Run Lua code: ", + textbox = awful.screen.focused().mypromptbox.widget, + exe_callback = awful.util.eval, + history_path = awful.util.get_cache_dir() .. "/history_eval" + } + end, + {description = "lua execute prompt", group = "awesome"}), -- Menubar awful.key({ modkey }, "p", function() menubar.show() end) diff --git a/makefu/5pkgs/awesomecfg/kiosk.lua b/makefu/5pkgs/awesomecfg/kiosk.lua index ec255a8af..d0261f798 100644 --- a/makefu/5pkgs/awesomecfg/kiosk.lua +++ b/makefu/5pkgs/awesomecfg/kiosk.lua @@ -331,8 +331,8 @@ globalkeys = awful.util.table.join( -- Prompt awful.key({ modkey }, "r", function () mypromptbox[mouse.screen]:run() end), -- awful.key({ modkey }, "r", function () awful.util.spawn( "dmenu_run" ) end ), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@locker@") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@locker@") end), awful.key({ modkey }, "x", function () From 5fdbd513406ce6a4caef35f60a446cc15104d9ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:30:04 +0100 Subject: [PATCH 22/83] buildbot-all: remove deploy test (currently broken) --- krebs/2configs/buildbot-all.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 5ea78f227..d85cde175 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -5,6 +5,5 @@ with import ; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); - krebs.ci.tests = [ "deploy" ]; } From 53c3b2b80593569d736bcced56f97b995f246997 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:30:36 +0100 Subject: [PATCH 23/83] l: make spf header more restrictive --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e269d1fa1..dbdf70008 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,7 +89,7 @@ with import ; 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx -all + 60 IN TXT v=spf1 mx a:lassul.us -all cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} From 666f030b10d8c8ad3ea92fce5c20e013df598cb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:02 +0100 Subject: [PATCH 24/83] l helios.r: fix displayManager setup --- lass/1systems/helios/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4d99cb2c..c4a171d86 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,7 @@ with import ; ]; services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal ''; networking.hostName = lib.mkForce "BLN02NB0162"; From d5a7a288ba51b6cc21529f610fcfecd90d2664ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:30 +0100 Subject: [PATCH 25/83] l mors.r: minimize deploy script --- lass/1systems/mors/config.nix | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cbb71ab24..f77bc64c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -170,31 +170,11 @@ with import ; export PATH=${makeBinPath [ pkgs.bash pkgs.coreutils - pkgs.nix - (pkgs.writeDashBin "is-git-crypt-locked" '' - magic=$(dd status=none if="$1" skip=1 bs=1 count=8) - test "$magic" = GITCRYPT - '') + pkgs.nixUnstable ]} cd ~/stockholm export SYSTEM="$1" - if is-git-crypt-locked ~/secrets/ready; then - echo 'secrets are crypted' >&2 - exit 23 - else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' - fi - ''; - predeploy = pkgs.writeDash "predeploy" '' - set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nix - ]} - cd ~/stockholm - export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; }; From fbf87b0f7eedc029c111a98662b2e639888d45db Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:39:24 +0100 Subject: [PATCH 26/83] l: add allygator@lassul.us mail --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index ae652722a..4455d2761 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -78,6 +78,7 @@ with import ; { from = "github@lassul.us"; to = lass.mail; } { from = "ovh@lassul.us"; to = lass.mail; } { from = "hetzner@lassul.us"; to = lass.mail; } + { from = "allygator@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 099bf40e49688ab8946a5b88ac974458eee69469 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 22:39:38 +0100 Subject: [PATCH 27/83] l: add c-base to msmtprc --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 03d39ef75..ebe873cf9 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -8,6 +8,16 @@ let logfile ~/.msmtp.log account prism host prism.r + account c-base + from lassulus@c-base.org + host c-mail.c-base.org + port 465 + tls on + tls_starttls off + tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4 + auth on + user lassulus + passwordeval pass show c-base/pass account default: prism ''; From 7bc8fc7a44969387621425b1c10c8391e56ba087 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 22:40:46 +0100 Subject: [PATCH 28/83] l mail: add more mailboxes --- lass/2configs/mail.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index ebe873cf9..278ec0ff3 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -46,9 +46,11 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; + lugs = [ "to:lugs@lug-s.org" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; From 92f8c5f94b88cd837bc77200e70e7fd9f2af88d2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Mar 2018 19:33:43 +0100 Subject: [PATCH 29/83] l mail: update pubkey --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 278ec0ff3..b9682c5ee 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -77,7 +77,7 @@ let # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc set pgp_use_gpg_agent = yes - set pgp_sign_as = 0x976A7E4D + set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes set crypt_replyencrypt = yes set crypt_verify_sig = yes From 2e8dd5027bb71f1a329f63e2035f24647843c67e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Mar 2018 20:37:48 +0100 Subject: [PATCH 30/83] ma bluetooth-mpd: make abstract --- makefu/1systems/omo/config.nix | 8 +++- makefu/1systems/wbob/config.nix | 61 +------------------------ makefu/2configs/bluetooth-mpd.nix | 74 +++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 61 deletions(-) create mode 100644 makefu/2configs/bluetooth-mpd.nix diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 01438397e..c31d27c8f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -9,7 +9,7 @@ let keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp1s0"; + primaryInterface = "enp2s0"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -54,6 +54,7 @@ in { # # + # @@ -72,6 +73,11 @@ in { + + { + hardware.pulseaudio.systemWide = true; + makefu.mpd.musicDirectory = "/media/cryptX/music"; + } # security diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 637d8e2d8..cfbcf0e9c 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,66 +32,7 @@ in { - (let - musicDirectory = "/data/music"; - in { - services.mpd = { - enable = true; - inherit musicDirectory; - # dataDir = "/home/anders/.mpd"; - network.listenAddress = "any"; - extraConfig = '' - audio_output { - type "pulse" - name "Local MPD" - server "127.0.0.1" - } - ''; - }; - # open because of truestedInterfaces - # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; - services.samba.shares.music = { - path = musicDirectory; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - # systemWide = true; - support32Bit = true; - zeroconf.discovery.enable = true; - zeroconf.publish.enable = true; - tcp = { - enable = true; - anonymousClients.allowAll = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; - }; - configFile = pkgs.writeText "default.pa" '' - load-module module-udev-detect - load-module module-bluetooth-policy - load-module module-bluetooth-discover - load-module module-native-protocol-unix - load-module module-always-sink - load-module module-console-kit - load-module module-systemd-login - load-module module-intended-roles - load-module module-position-event-sounds - load-module module-filter-heuristics - load-module module-filter-apply - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover - ''; - }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; - }) + # Sensors diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix new file mode 100644 index 000000000..f7fa999ca --- /dev/null +++ b/makefu/2configs/bluetooth-mpd.nix @@ -0,0 +1,74 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.makefu.mpd; +in { + options.makefu.mpd.musicDirectory = lib.mkOption { + description = "music Directory"; + default = "/data/music"; + type = lib.types.str; + }; + config = { + services.mpd = { + enable = true; + inherit (cfg) musicDirectory; + network.listenAddress = "0.0.0.0"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = cfg.musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + # PULSE_SERVER=192.168.1.11 pavucontrol + anonymousClients.allowAll = true; + # anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + # will be enabled by pulseaudio.tcp.enable + # load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + #hardware.bluetooth.extraConfig = '' + # [general] + # Enable=Source,Sink,Media,Socket + #''; + }; +} From 78486827c3ed1e7d5777a41d2b6798a9b61ae8d4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Mar 2018 20:38:48 +0100 Subject: [PATCH 31/83] ma bluetooth-mpd: remove obsolete comments --- makefu/2configs/bluetooth-mpd.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index f7fa999ca..226f5cf1f 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -42,7 +42,6 @@ in { enable = true; # PULSE_SERVER=192.168.1.11 pavucontrol anonymousClients.allowAll = true; - # anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; }; configFile = pkgs.writeText "default.pa" '' load-module module-udev-detect @@ -56,12 +55,7 @@ in { load-module module-position-event-sounds load-module module-filter-heuristics load-module module-filter-apply - # will be enabled by pulseaudio.tcp.enable - # load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio From 8766727e01f8892b5adab38096264028878d2803 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:31:03 +0100 Subject: [PATCH 32/83] electron-cash: RIP --- krebs/5pkgs/simple/electron-cash/default.nix | 64 -------------------- 1 file changed, 64 deletions(-) delete mode 100644 krebs/5pkgs/simple/electron-cash/default.nix diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix deleted file mode 100644 index e51136c60..000000000 --- a/krebs/5pkgs/simple/electron-cash/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ stdenv, fetchFromGitHub, python2Packages }: - -python2Packages.buildPythonApplication rec { - name = "electron-cash-${src.rev}"; - - src = fetchFromGitHub { - owner = "fyookball"; - repo = "electrum"; - rev = "a2245ea"; - sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv"; - }; - - propagatedBuildInputs = with python2Packages; [ - dns - ecdsa - jsonrpclib - pbkdf2 - pyaes - pycrypto - pyqt4 - pysocks - qrcode - requests - tlslite - - # plugins - keepkey - trezor - ]; - - preBuild = '' - sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py - pyrcc4 icons.qrc -o gui/qt/icons_rc.py - # Recording the creation timestamps introduces indeterminism to the build - sed -i '/Created: .*/d' gui/qt/icons_rc.py - ''; - - postInstall = '' - # Despite setting usr_share above, these files are installed under - # $out/nix ... - mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out - rm -rf $out/lib/python2.7/site-packages/nix - - substituteInPlace $out/share/applications/electron.desktop \ - --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" - ''; - - doInstallCheck = true; - installCheckPhase = '' - $out/bin/electrum help >/dev/null - ''; - - meta = with stdenv.lib; { - description = "A lightweight Bitcoin wallet"; - longDescription = '' - An easy-to-use Bitcoin client featuring wallets generated from - mnemonic seeds (in addition to other, more advanced, wallet options) - and the ability to perform transactions without downloading a copy - of the blockchain. - ''; - homepage = https://electrum.org/; - license = licenses.mit; - }; -} From f4562cf068ee880cfd7a06c7efc6cc19ab8ae729 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:34:11 +0100 Subject: [PATCH 33/83] l security: use default kernel --- lass/2configs/security-workarounds.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix index c3d07d5fe..537c8a59b 100644 --- a/lass/2configs/security-workarounds.nix +++ b/lass/2configs/security-workarounds.nix @@ -5,6 +5,4 @@ with import ; boot.extraModprobeConfig = '' install dccp /run/current-system/sw/bin/false ''; - - boot.kernelPackages = pkgs.linuxPackages_latest; } From 768d9a94967a502e497aada07cafd9521bd08d8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:35:27 +0100 Subject: [PATCH 34/83] l websites domsen: more domains --- lass/2configs/websites/domsen.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9ece2af77..7a72499c9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -49,6 +49,7 @@ in { "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" + "www.joemisch.com" "www.weirdwednesday.de" "aldona2.ubikmedia.de" @@ -63,6 +64,7 @@ in { "weirdwednesday.ubikmedia.de" "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" + "crypto4art.ubikmedia.de" ]) ]; From 8a0e77e2bbe8147e81ccbf1039a6590369b6100d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:57:45 +0100 Subject: [PATCH 35/83] l: add cabal --- krebs/3modules/lass/default.nix | 41 +++++++++++++++++++++++++++++++++ lass/1systems/cabal/config.nix | 35 ++++++++++++++++++++++++++++ lass/1systems/cabal/source.nix | 4 ++++ 3 files changed, 80 insertions(+) create mode 100644 lass/1systems/cabal/config.nix create mode 100644 lass/1systems/cabal/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dbdf70008..0c3e68c39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -618,6 +618,47 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; + cabal = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.4"; + ip6.addr = "42::1:4"; + aliases = [ + "cabal.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A + SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj + rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK + qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e + LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq + rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 + 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE + fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v + yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A + kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR + KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi + TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U + oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs + TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw + 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD + rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ + 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf + luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py + w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG + 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 + K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g + ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; + }; }; users = { lass = { diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix new file mode 100644 index 000000000..7eba86c52 --- /dev/null +++ b/lass/1systems/cabal/config.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.cabal; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix new file mode 100644 index 000000000..5d9507f3d --- /dev/null +++ b/lass/1systems/cabal/source.nix @@ -0,0 +1,4 @@ +import { + name = "cabal"; + secure = true; +} From fa724ceab0f5f10b253d806326b7c917814412eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:03:25 +0100 Subject: [PATCH 36/83] l: use xlockmore as lockscreen --- lass/1systems/helios/config.nix | 2 -- lass/3modules/screenlock.nix | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4a171d86..e64cfbe79 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -168,8 +168,6 @@ with import ; '') ]; - lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; - programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index e16ce9868..29c3861f2 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -14,7 +14,7 @@ let enable = mkEnableOption "screenlock"; command = mkOption { type = types.str; - default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; }; }; @@ -28,7 +28,7 @@ let serviceConfig = { SyslogIdentifier = "screenlock"; ExecStart = cfg.command; - Type = "forking"; + Type = "simple"; User = "lass"; }; }; From 1334ab82d0f987c3551ed49d67869bc528f5bd07 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:12:55 +0100 Subject: [PATCH 37/83] l websites fritz: simplify msmtprc --- lass/2configs/websites/fritz.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index aa57a9857..14d6ce9ec 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,9 +12,8 @@ let ; msmtprc = pkgs.writeText "msmtprc" '' - account localhost + account default host localhost - account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' From bd4def24bfbd8f034032e3a6e89ce4dd88d6930e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:36:44 +0100 Subject: [PATCH 38/83] nixpkgs: c5bc83b -> c665fcc --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 7e0ea7e47..733601a21 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27 + ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 }; } override From 390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 15:17:36 +0100 Subject: [PATCH 39/83] j: dirty merge again --- jeschli/1systems/bln/config.nix | 85 ++++++------------- .../1systems/bln/hardware-configuration.nix | 22 ++--- jeschli/2configs/virtualbox.nix | 2 +- jeschli/source.nix | 2 +- 4 files changed, 38 insertions(+), 73 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9c491c8a1..885307b7a 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -12,54 +12,25 @@ ./hardware-configuration.nix # ./dcso-vpn.nix ]; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.extraEntries = '' - menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { - search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 - linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro - initrd ($drive1)/initrd.img-4.9.0-4-amd64 - } - ''; - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; - preLVM = true; - allowDiscards = true; - } - ]; - - networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/jeschli/go/src/github.com"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' + ''; + }; + networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname. networking.networkmanager.enable = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - # Set your time zone. time.timeZone = "Europe/Berlin"; - - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget + # Setup Packages nixpkgs.config.allowUnfree = true; - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ # system helper @@ -108,9 +79,6 @@ ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; # programs.mtr.enable = true; @@ -132,33 +100,26 @@ services.printing.drivers = [ pkgs.postscript-lexmark ]; # Enable the X11 windowing system. services.xserver.enable = true; + services.xserver.videoDrivers = [ "nvidia" ]; # services.xserver.xrandrHeads = [ # { output = "eDP1"; } # { output = "DP-2-2-8"; primary = true; } # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } # ]; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable touchpad support. - # services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. -# services.xserver.displayManager.lightdm.enable = true; services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; -# services.xserver.desktopManager.gnome3.enable = true; - # services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.sddm.enable = true; - #services.xserver.desktopManager.plasma5.enable = true; +# services.xserver.desktopManager.gnome3.enable = true; + services.xserver.dpi = 100; + fonts.fontconfig.dpi = 100; + # services.xserver.displayManager.sessionCommands = '' # (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off #''; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.markus = { + users.extraUsers.jeschli = { isNormalUser = true; - extraGroups = ["docker"]; + extraGroups = ["docker" "vboxusers"]; uid = 1000; }; @@ -179,7 +140,7 @@ # }); # }; -# virtualisation.docker.enable = true; + virtualisation.docker.enable = true; # DCSO Certificates @@ -191,6 +152,8 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + # VBOX certs + ./services.bundled.crt ]; hardware.bluetooth.enable = true; diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 714162271..2b354190c 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -8,27 +8,29 @@ [ ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d"; + fileSystems."/" = - { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; - fsType = "ext2"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/927E-01A0"; + fsType = "vfat"; }; swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 4; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "powersave"; } diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix index b2cb851a1..c9bb8c41f 100644 --- a/jeschli/2configs/virtualbox.nix +++ b/jeschli/2configs/virtualbox.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let - mainUser = config.users.extraUsers.markus; + mainUser = config.users.extraUsers.jeschli; in { #services.virtualboxHost.enable = true; diff --git a/jeschli/source.nix b/jeschli/source.nix index 382dd61bc..d5cc32a9f 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0653b73"; + ref = "395fe7f"; }; secrets.file = getAttr builder { buildbot = toString ; From 36aaeb793bd19fdc0662d29f242c07abf54a849c Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:06:34 +0100 Subject: [PATCH 40/83] bln: fix config again --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6142933f5..407e913c0 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -19,8 +19,8 @@ jeschliFontSize = 20; # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; +# boot.loader.grub.enable = true; +# boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; From 0c04595ddfdd25b7d5cbb508609d731736a2f00e Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:37:12 +0100 Subject: [PATCH 41/83] jeschli bln: config cosmetics --- jeschli/1systems/bln/config.nix | 75 +++++++++------------------------ 1 file changed, 20 insertions(+), 55 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 407e913c0..6098f8cfe 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -1,30 +1,18 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, lib, pkgs, ... }: # bln config file { imports = - [ # Include the results of the hardware scan. - + [ ./hardware-configuration.nix - # ./dcso-vpn.nix ]; - # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; jeschliFontSize = 20; - # Use the GRUB 2 boot loader. -# boot.loader.grub.enable = true; -# boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. + environment.shellAliases = { n = "nix-shell"; gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; @@ -34,10 +22,12 @@ LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' ''; }; - networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname. + networking.hostName = lib.mkForce "BLN02NB0232"; networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "Europe/Berlin"; + # Setup Packages nixpkgs.config.allowUnfree = true; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; @@ -61,7 +51,7 @@ emacs # databases sqlite - # internet + # internet thunderbird hipchat chromium @@ -92,67 +82,42 @@ programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; - # services.xserver.xrandrHeads = [ - # { output = "eDP1"; } - # { output = "DP-2-2-8"; primary = true; } - # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } - # ]; + services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; services.xserver.displayManager.sddm.enable = true; -# services.xserver.desktopManager.gnome3.enable = true; services.xserver.dpi = 100; fonts.fontconfig.dpi = 100; -# services.xserver.displayManager.sessionCommands = '' -# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off -#''; - users.extraUsers.jeschli = { isNormalUser = true; extraGroups = ["docker" "vboxusers"]; uid = 1000; }; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - + system.stateVersion = "17.09"; # Gogland Debugger workaround -# nixpkgs.config.packageOverrides = super: { -# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { -# postFixup = '' -# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" -# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# ''; -# }); -# }; + # nixpkgs.config.packageOverrides = super: { + # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { + # postFixup = '' + # interp="$(cat $NIX_CC/nix-support/dynamic-linker)" + # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # ''; + # }); + # }; virtualisation.docker.enable = true; - # DCSO Certificates security.pki.certificateFiles = [ @@ -165,7 +130,7 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) # VBOX certs ./services.bundled.crt - ]; + ]; hardware.bluetooth.enable = true; krebs.build.host = config.krebs.hosts.bln; From 44843b90627eb95ab98955e6ea51171706b30aca Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:42:35 +0100 Subject: [PATCH 42/83] j bln: -VBOX certs --- jeschli/1systems/bln/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6098f8cfe..75f083a05 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -128,8 +128,6 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - # VBOX certs - ./services.bundled.crt ]; hardware.bluetooth.enable = true; From 86cb23a682b6453544942646080c6c62d488e617 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 17:38:26 +0100 Subject: [PATCH 43/83] j: add my-emacs --- jeschli/1systems/bln/config.nix | 1 + jeschli/2configs/emacs.nix | 58 +++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 jeschli/2configs/emacs.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 75f083a05..c9a7a34e2 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -5,6 +5,7 @@ [ + ./hardware-configuration.nix ]; diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix new file mode 100644 index 000000000..3c1d6ba06 --- /dev/null +++ b/jeschli/2configs/emacs.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: + +let + emacsFile = '' +(require 'package) ;; You might already have this line +(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) +) +(when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + +(package-initialize) + +;; Evil Mode +(add-to-list 'load-path "~/.emacs.d/evil") +(require 'evil) +(evil-mode 1) +(require 'evil-org) + + + +(custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) +(custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) + +(tool-bar-mode -1) ; Disable the button bar atop screen +(scroll-bar-mode -1) ; Disable scroll bar +(setq inhibit-startup-screen t) ; Disable startup screen with graphics +(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs +(setq tab-width 2) ; Four spaces is a tab +(setq visible-bell nil) ; Disable annoying visual bell graphic +(setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; + dotEmacs = pkgs.writeText "dot-emacs" emacsFile; + myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}''; +in { + environment.systemPackages = [ + myEmacs + ]; +} From 917db24b3f0f3da858d5575ca20fdaeafc007c20 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 17:39:11 +0100 Subject: [PATCH 44/83] j bln: hardware-configuration cosmetics --- jeschli/1systems/bln/hardware-configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 2b354190c..b774bfc19 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, ... }: { From c16e7b2ceae1d42d961f9e2aa66ec2bf32ac489b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 20 Mar 2018 20:12:13 +0100 Subject: [PATCH 45/83] default.nix: add debug code --- default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/default.nix b/default.nix index 52e8924cd..cab55d40a 100644 --- a/default.nix +++ b/default.nix @@ -3,3 +3,20 @@ import { (import "NIXOS_CONFIG" ) ]; } +// +{ + lib = import ./lib; + systems = with import ./lib; let + ns = getEnv "LOGNAME"; + in + genAttrs + (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) + (name: let + config = import ( + "/${ns}/1systems/${name}/config.nix"); + source = import ( + "/${ns}/1systems/${name}/source.nix"); + in import { + modules = [ config ]; + } // { + inherit source; + }); +} From 117ca7ba1c7709fd4249b5e64d06731a302eb970 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 20:14:51 +0100 Subject: [PATCH 46/83] j brauerei: +emacs --- jeschli/1systems/brauerei/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index eb2bb11d2..1203720a5 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.brauerei; From a94da8573103f3a7ccaf836c6126041dc351b623 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 20:16:12 +0100 Subject: [PATCH 47/83] j brauerei: *emacs with magit --- jeschli/2configs/emacs.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3c1d6ba06..b616acfae 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -50,7 +50,12 @@ let (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}''; + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ + magit + ])); + myEmacs = pkgs.writeDashBin "my-emacs" '' + exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" + ''; in { environment.systemPackages = [ myEmacs From 87528e2ab6085a1a0fadcd1aa00870834c878c27 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 21 Mar 2018 08:59:35 +0100 Subject: [PATCH 48/83] j emacs: cosmetics --- jeschli/2configs/emacs.nix | 103 +++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index b616acfae..05e977844 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -1,58 +1,63 @@ { config, pkgs, ... }: let + packageRepos = '' + (require 'package) ;; You might already have this line + (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) + ) + (when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + (package-initialize) + ''; + evilMode = '' + ;; Evil Mode + (add-to-list 'load-path "~/.emacs.d/evil") + (require 'evil) + (evil-mode 1) + (require 'evil-org) + ''; + windowCosmetics = '' + (tool-bar-mode -1) ; Disable the button bar atop screen + (scroll-bar-mode -1) ; Disable scroll bar + (setq inhibit-startup-screen t) ; Disable startup screen with graphics + (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs + (setq tab-width 2) ; Four spaces is a tab + (setq visible-bell nil) ; Disable annoying visual bell graphic + (setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; emacsFile = '' -(require 'package) ;; You might already have this line -(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) - (not (gnutls-available-p)))) - (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) - (add-to-list 'package-archives (cons "melpa" url) t) - (add-to-list 'package-archives - '("org" . "http://orgmode.org/elpa/") t) -) -(when (< emacs-major-version 24) - ;; For important compatibility libraries like cl-lib - (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) - -(package-initialize) - -;; Evil Mode -(add-to-list 'load-path "~/.emacs.d/evil") -(require 'evil) -(evil-mode 1) -(require 'evil-org) - - - -(custom-set-variables - ;; custom-set-variables was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - '(inhibit-startup-screen t) - '(org-agenda-files nil) - '(package-selected-packages - (quote - (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) -(custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - ) - -(tool-bar-mode -1) ; Disable the button bar atop screen -(scroll-bar-mode -1) ; Disable scroll bar -(setq inhibit-startup-screen t) ; Disable startup screen with graphics -(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs -(setq tab-width 2) ; Four spaces is a tab -(setq visible-bell nil) ; Disable annoying visual bell graphic -(setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ${packageRepos} + ${evilMode} + ${windowCosmetics} + (custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) + (custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ - magit - ])); + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + epkgs.melpaStablePackages.magit + epkgs.melpaPackages.mmm-mode + epkgs.melpaPackages.nix-mode + ]); myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" ''; From 26eb236cd9cce469be2a7cb227083742e037fac8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:22:14 +0100 Subject: [PATCH 49/83] nixpkgs: c5bc83b -> 2a32f6b (18.03) --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 733601a21..e12175b66 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 + ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 }; } override From e5f3827fc84ba1c769c1422d92fa93ebcb0fc5d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:31:59 +0100 Subject: [PATCH 50/83] os-release: follow renamed modules --- krebs/3modules/os-release.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 8f71a357f..5fbfe6614 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,8 +1,11 @@ { config, ... }: with import ; let - nixos-version-id = "${config.system.nixosVersion}"; - nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-version-id = if (hasAttr "nixos" config.system) then + "${config.system.nixos.version}" else "${config.system.nixosVersion}"; + nixos-codeName = if (hasAttr "nixos" config.system) then + "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}"; + nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let From 84adc28a3b70bd6a93c79d36f0247393d801b32b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:36:46 +0100 Subject: [PATCH 51/83] l privoxy: RIP polipo --- lass/2configs/privoxy.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix index 33e8d1e46..e0a086421 100644 --- a/lass/2configs/privoxy.nix +++ b/lass/2configs/privoxy.nix @@ -3,10 +3,5 @@ { services.privoxy = { enable = true; - extraConfig = '' - #use polipo - forward / localhost:8123 - ''; }; - services.polipo.enable = true; } From f859b7d7f8fe0c9968c961711ec7a6578a4d36a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 20:51:52 +0100 Subject: [PATCH 52/83] nixpkgs: 2a32f6b -> 0e7c9b3 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e12175b66..f275460e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 + ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 }; } override From 7303238443b3a76af6d12df1992ee499d98a7902 Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 22 Mar 2018 16:19:29 +0100 Subject: [PATCH 53/83] j emacs: +orgMode +evil-org --- jeschli/2configs/emacs.nix | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 05e977844..3eced793c 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -21,6 +21,10 @@ let (require 'evil) (evil-mode 1) (require 'evil-org) + (add-hook 'org-mode-hook 'evil-org-mode) + (evil-org-set-key-theme '(navigation insert textobjects additional calendar)) + (require 'evil-org-agenda) + (evil-org-agenda-set-keys) ''; windowCosmetics = '' (tool-bar-mode -1) ; Disable the button bar atop screen @@ -31,6 +35,16 @@ let (setq visible-bell nil) ; Disable annoying visual bell graphic (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; + orgMode = '' + (add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) + (global-set-key "\C-cl" 'org-store-link) + (global-set-key "\C-ca" 'org-agenda) + (global-set-key "\C-cb" 'org-iswitchb) + (if (boundp 'org-user-agenda-files) + (setq org-agenda-files org-user-agenda-files) + (setq org-agenda-files (quote ("~/projects/notes"))) + ) + ''; emacsFile = '' ${packageRepos} ${evilMode} @@ -45,12 +59,7 @@ let '(package-selected-packages (quote (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) - (custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - ) + ${orgMode} ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ From 9b3d1c8b31006d92590e4f8e78fd5662d8ed390b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 23 Mar 2018 10:28:33 +0100 Subject: [PATCH 54/83] ma nginx/wiki: index to makefu.html --- makefu/2configs/nginx/euer.wiki.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 08bc5659f..99533b25c 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -17,6 +17,7 @@ let # contains: # user1 = pass1 # userN = passN + # afterwards put /var/www//user1.html as tiddlywiki tw-pass-file = "${sec}/tw-pass.ini"; in { @@ -45,7 +46,7 @@ in { systemd.services.prepare-tw = { wantedBy = [ "local-fs.target" ]; - before = [ "phpfpm.service" ]; + before = [ "phpfpm.service" "nginx.service" ]; serviceConfig = { ExecStart = pkgs.writeScript "prepare-tw-service" '' #!/bin/sh @@ -92,6 +93,7 @@ in { locations = { "/" = { root = wiki-dir; + index = "makefu.html"; extraConfig = '' expires -1; autoindex on; From e7f3880de27ff00ac5d0a18899dc271675fdc2d0 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 10:30:03 +0000 Subject: [PATCH 55/83] j bolide: +emacs --- jeschli/1systems/bolide/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index 83640801f..699a85b58 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -10,6 +10,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.bolide; From e80c081eb7d720fb5584f24b0f38b5d6e61ac41e Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 10:30:30 +0000 Subject: [PATCH 56/83] j emacs: +go-mode -evil-mode --- jeschli/2configs/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3eced793c..d9e6c854a 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -47,7 +47,6 @@ let ''; emacsFile = '' ${packageRepos} - ${evilMode} ${windowCosmetics} (custom-set-variables ;; custom-set-variables was added by Custom. @@ -66,6 +65,7 @@ let epkgs.melpaStablePackages.magit epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.nix-mode + epkgs.melpaPackages.go-mode ]); myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" From b27dfa5a37b1345d36b57aa24b940287293418e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Mar 2018 20:53:23 +0100 Subject: [PATCH 57/83] 0e7c9b3 -> 48856a9 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index f275460e1..0bd797a16 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 + ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 }; } override From 4851f6b43ff2eebecf5f1dc6a808225ee1af0f08 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 12:08:14 +0100 Subject: [PATCH 58/83] j nixpkgs: follow krebs --- jeschli/source.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/jeschli/source.nix b/jeschli/source.nix index 91ff5514f..29cf9d818 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -13,10 +13,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "395fe7f"; - }; + nixpkgs = (import host).nixpkgs; secrets.file = getAttr builder { buildbot = toString ; jeschli = "${getEnv "HOME"}/secrets/${name}"; From d810727b985bbdce57ae2de515111949c141c3bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 24 Mar 2018 12:19:52 +0100 Subject: [PATCH 59/83] exim: krebs.setuid -> security.wrappers --- krebs/3modules/exim.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..274a943b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,15 +50,9 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { - exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; - sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; + security.wrappers = { + exim.source = "${pkgs.exim}/bin/exim"; + sendmail.source = "${pkgs.exim}/bin/exim"; }; systemd.services.exim = { restartTriggers = [ From 99cc82a53b9f51752b684c081d0aa6b49504516a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Mar 2018 11:12:38 +0200 Subject: [PATCH 60/83] ma source: new signal-desktop --- makefu/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 6b32a1b40..d25fe5528 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -21,9 +21,9 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "6b6e72b"; # nixos-17.09 @ 2018-03-07 + ref = "6583793"; # nixos-17.09 @ 2018-03-07 # + do_sqlite3 ruby: 55a952be5b5 - # + signal: 0f19beef3 + # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2 in evalSource (toString _file) [ From 2cc1d9a54eaf512a2fddb57990df3462931990a4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 21:32:14 +0200 Subject: [PATCH 61/83] writeC: use binutils-unwrapped --- krebs/5pkgs/writers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index a48fc0f87..23773e17f 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,7 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils + binutils-unwrapped coreutils gcc ])} From 7e62c44607f193d3c9740f7c56df976b0db3c417 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Mar 2018 21:35:27 +0200 Subject: [PATCH 62/83] Revert "exim: krebs.setuid -> security.wrappers" This reverts commit d810727b985bbdce57ae2de515111949c141c3bd. --- krebs/3modules/exim.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 274a943b1..cfcbbc438 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,9 +50,15 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - security.wrappers = { - exim.source = "${pkgs.exim}/bin/exim"; - sendmail.source = "${pkgs.exim}/bin/exim"; + krebs.setuid = { + exim = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; }; systemd.services.exim = { restartTriggers = [ From d82c2f228b7179319cdea4d16a59fa553f249505 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:06:40 +0200 Subject: [PATCH 63/83] ma gum.r: disable vpnws --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b859efc94..40fa233d3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -52,7 +52,7 @@ in { # network - + # From 650090bb3541e2b3ffd15af241481afb120e3522 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:22 +0200 Subject: [PATCH 64/83] ma photostore: expire -1 --- makefu/2configs/deployment/photostore.krebsco.de.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index ecbca9ea3..19a8df235 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -30,6 +30,7 @@ in { forceSSL = true; locations = { "/".extraConfig = '' + expires -1; uwsgi_pass unix://${wsgi-sock}; uwsgi_param UWSGI_CHDIR ${workdir}; uwsgi_param UWSGI_MODULE cuserver.main; From ba31c34013519b26883faf8321df11298b37085f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:35 +0200 Subject: [PATCH 65/83] ma arafetch: init --- makefu/2configs/stats/arafetch.nix | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 makefu/2configs/stats/arafetch.nix diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix new file mode 100644 index 000000000..e04b12f9c --- /dev/null +++ b/makefu/2configs/stats/arafetch.nix @@ -0,0 +1,36 @@ +{ pkgs, lib, ...}: +with import ; +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "762d747"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests + docopt + influxdb + beautifulsoup4 + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/arafetch"; + inherit rev; + sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + }; + }; + home = "/var/lib/arafetch"; +in { + users.users.arafetch = { + uid = genid "arafetch"; + inherit home; + createHome = true; + }; + + systemd.services.arafetch = { + startAt = "Mon 09:15:00"; + wantedBy = [ "multi-user.target" ]; + environment = { + OUTDIR = home; + }; + path = [ pkg pkgs.git pkgs.wget ]; + script = "${pkg}/bin/weekrun"; + }; +} From fc774f31fb0cdbc49f60d33d800e66ced3786b2c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:48 +0200 Subject: [PATCH 66/83] ma omo.r: enable arafetch --- makefu/1systems/omo/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index c31d27c8f..bed6ae9fd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -66,6 +66,7 @@ in { + # services From 9c1e215dd500458d37832f234ecb33f455ed4c64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:08:35 +0200 Subject: [PATCH 67/83] l xephyrify: handle resize --- lass/5pkgs/xephyrify/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8b18ea949..f1711891c 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -2,15 +2,18 @@ let - minimalXmonad = writeHaskell "minimalXmonad" { + xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" + "unix" "xmonad" ]; text = /* haskell */ '' module Main where import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) import qualified Data.Map as Map main :: IO () @@ -21,8 +24,18 @@ let , keys = myKeys , normalBorderColor = "#000000" , focusedBorderColor = "#000000" + , handleEventHook = myEventHook } + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + myLayoutHook = Full myKeys _ = Map.fromList [] ''; From 28e1b8d3a51e2405ecc60b04e321f1f7dba364ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:11:51 +0200 Subject: [PATCH 68/83] l xephyrify: change ownership of socket if wanted --- lass/5pkgs/xephyrify/default.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index f1711891c..8d6036843 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -43,13 +43,20 @@ let }; in writeDashBin "xephyrify" '' - NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1) + NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)} echo "using DISPLAY $NDISPLAY" - ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY & + ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY & + if test -n $DROP_TO_USER; then + sleep 1 + ls /tmp/.X11-unix/ + id + ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY" + ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY" + fi XEPHYR_PID=$! - DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad & + DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad & XMONAD_PID=$! - DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@" + DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@" kill $XMONAD_PID kill $XEPHYR_PID '' From 92540f5cf1628cfaceee6c19f08b3c13b05cf6b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:12:53 +0200 Subject: [PATCH 69/83] l xjails: init --- lass/3modules/default.nix | 1 + lass/3modules/xjail.nix | 87 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 lass/3modules/xjail.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd77b2262..0c10e1ec2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xjail.nix ./xserver ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix new file mode 100644 index 000000000..af851760b --- /dev/null +++ b/lass/3modules/xjail.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +with import ; +{ + options.lass.xjail = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + user = mkOption { + type = types.string; + default = "nobody"; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + name = mkOption { + type = types.string; + default = config._module.args.name; + }; + display = mkOption { + type = types.string; + default = toString (genid_signed config._module.args.name); + }; + script = mkOption { + type = types.path; + default = pkgs.writeScript "echo_lol" "echo lol"; + }; + from = mkOption { + type = types.string; + default = "lass"; + }; + }; + })); + default = {}; + }; + + options.lass.xjail-bins = mkOption { + type = types.attrsOf types.path; + }; + + # implementation + config = { + + users.users = mapAttrs' (_: cfg: + nameValuePair cfg.name { + uid = genid cfg.name; + home = "/home/${cfg.name}"; + useDefaultShell = true; + createHome = true; + extraGroups = cfg.groups; + } + ) config.lass.xjail; + + users.groups = mapAttrs' (_: cfg: + nameValuePair cfg.name { + members = [ + cfg.name + cfg.from + ]; + } + ) config.lass.xjail; + + security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: + # TODO allow just the right script with sudo + "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL" + ) config.lass.xjail)); + + lass.xjail-bins = mapAttrs' (name: cfg: + let + sudo-wrapper = pkgs.writeScript name '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" + ''; + in nameValuePair name (pkgs.writeScriptBin cfg.name '' + export NDISPLAY=${cfg.display} + DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo xephyr already running + export DISPLAY=:$NDISPLAY + ${sudo-wrapper} "$@" + else + echo xephyr not running + DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" + fi + '') + ) config.lass.xjail; + }; +} From 30068c17c9c8dc807feab2856b40012c3fffcce4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:13:57 +0200 Subject: [PATCH 70/83] l browsers: use xjails --- lass/2configs/browsers.nix | 77 ++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..153c386cf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,58 +21,55 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createChromiumUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createFirefoxUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; + createQuteUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + ''; + inherit groups; + }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + lass.browser.paths.${name} = { + path = config.lass.xjail-bins.${name}; + inherit precedence; + }; + }; + + #TODO: abstract this in { From e7b4686c7ac46e08a526e5d74eb6cd45af23b1da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:20 +0200 Subject: [PATCH 71/83] l browsers: remove video group from most users --- lass/2configs/browsers.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 153c386cf..351f15154 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -108,11 +108,11 @@ in { }; } ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } From 1b050f22d44711c4f296c6bba371528d0cf44cf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:42 +0200 Subject: [PATCH 72/83] l browsers: add qb --- lass/2configs/browsers.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 351f15154..75a86db6a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -107,6 +107,7 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) From 22f33b8e99cf9ffe575905370df736ddc3517338 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:16:03 +0200 Subject: [PATCH 73/83] reaktor-plugins sed: limit output --- .../5pkgs/simple/Reaktor/scripts/sed-plugin.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py index da8e2f726..51ac7a071 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -18,20 +18,27 @@ def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) + line = argv[1] if is_regex(line): last = d.get(usr, None) if last: from subprocess import Popen, PIPE - p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE) so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex: {}".format(se.decode())) + print("something went wrong when trying to process your regex: {}".format(line.strip())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) - if ret: - d[usr] = ret + if len(ret) > 512: + print('message to long, skipped') + elif len(ret.split('\n')) > 5: + print('to many lines, skipped') + else: + if last.strip() != ret.strip(): + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + if ret: + d[usr] = ret else: print("no last message") From 10bcf2db927692818a948c755fdfbf961a2ac3d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 11:15:13 +0200 Subject: [PATCH 74/83] buildbot: bump to 0.8.15 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 9eeccee64..77ba0342d 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,16 +2,15 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.14"; + version = "0.8.15"; namePrefix = ""; patches = []; src = fetchFromGitHub { owner = "krebscode"; repo = "buildbot-classic"; - # rev = "v${version}"; - rev = "843463911"; - sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd"; + rev = version; + sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; From 1710530cae5189cdc779212084ea3091fefc275b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 14:10:23 +0200 Subject: [PATCH 75/83] writers writeC: 17.09 workaround --- krebs/5pkgs/writers.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 23773e17f..1939bf854 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,8 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils-unwrapped + # TODO remove if everyone migrated to 18.03 + (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) coreutils gcc ])} From 23e797744017d984d67ba66d879e35913bbac4d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 16:39:08 +0200 Subject: [PATCH 76/83] l mail: track neomutt name change --- lass/2configs/mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b9682c5ee..81db59617 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -75,7 +75,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes @@ -195,7 +195,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ '') pkgs.neomutt ]; From e4d0f7d81f5ff80eef4da50d15d5fdc0d824acf1 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 18:55:15 +0200 Subject: [PATCH 77/83] ma torrent-secrets: enable for drop and fileleech --- makefu/1systems/drop/source.nix | 1 + makefu/1systems/fileleech/source.nix | 3 ++- makefu/6tests/data/secrets/torrent-secrets/auth.nix | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) delete mode 100644 makefu/6tests/data/secrets/torrent-secrets/auth.nix diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix index 74de846c0..45bd6f97e 100644 --- a/makefu/1systems/drop/source.nix +++ b/makefu/1systems/drop/source.nix @@ -1,3 +1,4 @@ import { name="drop"; + torrent = true; } diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix index 699267e21..caca1fbcb 100644 --- a/makefu/1systems/fileleech/source.nix +++ b/makefu/1systems/fileleech/source.nix @@ -1,3 +1,4 @@ import { - name="fileleech"; + name = "fileleech"; + torrent = true; } diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix deleted file mode 100644 index 0967ef424..000000000 --- a/makefu/6tests/data/secrets/torrent-secrets/auth.nix +++ /dev/null @@ -1 +0,0 @@ -{} From a64238e7660ab92c7dcdf33d13ee4222bfe5eadf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 19:08:44 +0200 Subject: [PATCH 78/83] buildbot: 0.8.15 -> 0.8.16 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 77ba0342d..3cb691f53 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,7 +2,7 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.15"; + version = "0.8.16"; namePrefix = ""; patches = []; @@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec { owner = "krebscode"; repo = "buildbot-classic"; rev = version; - sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm"; + sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; From a75858a8ced30f9ed46e282e75a3cdccd515abd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 14:11:14 +0200 Subject: [PATCH 79/83] nixpkgs: 48856a9 -> b6ddb99 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 0bd797a16..e5fb6c5e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 + ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 }; } override From 0f47b98e81755494df19325e91974f8d9d2c8617 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:17:45 +0200 Subject: [PATCH 80/83] l xjail: add working GPU acceleration --- lass/3modules/xjail.nix | 121 ++++++++++++++++++++++++++++++++-------- 1 file changed, 99 insertions(+), 22 deletions(-) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index af851760b..325ebcc99 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -1,33 +1,88 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with import ; { options.lass.xjail = mkOption { type = types.attrsOf (types.submodule ({ config, ...}: { options = { + name = mkOption { + type = types.string; + default = config._module.args.name; + }; user = mkOption { type = types.string; - default = "nobody"; + default = config.name; }; groups = mkOption { type = types.listOf types.str; default = []; }; - name = mkOption { + from = mkOption { type = types.string; - default = config._module.args.name; + default = "lass"; }; display = mkOption { type = types.string; default = toString (genid_signed config._module.args.name); }; + dpi = mkOption { + type = types.int; + default = 90; + }; + extraXephyrArgs = mkOption { + type = types.str; + default = ""; + }; + extraVglrunArgs = mkOption { + type = types.str; + default = ""; + }; script = mkOption { type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; - from = mkOption { + wm = mkOption { + #TODO find type type = types.string; - default = "lass"; + default = "${pkgs.writeHaskell "xephyrify-xmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + , handleEventHook = myEventHook + } + + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }}/bin/xmonad"; }; }; })); @@ -39,7 +94,42 @@ with import ; }; # implementation - config = { + config = let + scripts = mapAttrs' (name: cfg: + let + newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' + DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo using existing xephyr + ${sudo_} "$@" + else + echo starting new xephyr + ${xephyr_} "$@" + fi + ''; + xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' + ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & + XEPHYR_PID=$! + DISPLAY=:${cfg.display} ${cfg.wm} & + WM_PID=$! + ${sudo_} "$@" + ${pkgs.coreutils}/bin/kill $WM_PID + ${pkgs.coreutils}/bin/kill $XEPHYR_PID + ''; + sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" + ''; + vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' + DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" + ''; + in nameValuePair name { + existing = newOrExisting; + xephyr = xephyr_; + sudo = sudo_; + vglrun = vglrun_; + } + ) config.lass.xjail; + in { users.users = mapAttrs' (_: cfg: nameValuePair cfg.name { @@ -66,21 +156,8 @@ with import ; ) config.lass.xjail)); lass.xjail-bins = mapAttrs' (name: cfg: - let - sudo-wrapper = pkgs.writeScript name '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" - ''; - in nameValuePair name (pkgs.writeScriptBin cfg.name '' - export NDISPLAY=${cfg.display} - DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo xephyr already running - export DISPLAY=:$NDISPLAY - ${sudo-wrapper} "$@" - else - echo xephyr not running - DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" - fi + nameValuePair name (pkgs.writeScriptBin cfg.name '' + ${scripts.${name}.existing} "$@" '') ) config.lass.xjail; }; From 1a5b58c828409ce9bf1639f3f26ebeb142e0148a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:19:28 +0200 Subject: [PATCH 81/83] l browsers: use new xjail interface --- lass/2configs/browsers.nix | 50 ++++++++++---------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 75a86db6a..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,14 +21,10 @@ let $BIN "$@" ''; - createChromiumUser = name: groups: precedence: + createUser = script: name: groups: precedence: dpi: { lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - ''; - inherit groups; + inherit script groups dpi; }; environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { @@ -37,40 +33,20 @@ let }; }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; + createFirefoxUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; createQuteUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - - #TODO: abstract this + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in { From 8d3db0fcb75f65d6074e8c60e05bd4cfda32e1e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Apr 2018 23:06:03 +0200 Subject: [PATCH 82/83] nixpkgs: b6ddb99 -> 09bca91 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e5fb6c5e1..1f83d29f7 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 + ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; # nixos-18.03 # 2018-04-02 }; } override From 1604ecfc706d2921248d0c9ac7cef02274842272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Apr 2018 12:02:31 +0200 Subject: [PATCH 83/83] l virtualbox: enable usb passthrough --- lass/2configs/virtualbox.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d196057..8171def2d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = {