Merge remote-tracking branch 'nextgum/master'
This commit is contained in:
commit
eff97662c0
@ -5,7 +5,7 @@
|
||||
6667 6669
|
||||
];
|
||||
|
||||
services.charybdis = {
|
||||
krebs.charybdis = {
|
||||
enable = true;
|
||||
motd = ''
|
||||
hello
|
||||
|
110
krebs/3modules/charybdis.nix
Normal file
110
krebs/3modules/charybdis.nix
Normal file
@ -0,0 +1,110 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkEnableOption mkIf mkOption singleton types;
|
||||
inherit (pkgs) coreutils charybdis;
|
||||
cfg = config.krebs.charybdis;
|
||||
|
||||
configFile = pkgs.writeText "charybdis.conf" ''
|
||||
${cfg.config}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
krebs.charybdis = {
|
||||
|
||||
enable = mkEnableOption "Charybdis IRC daemon";
|
||||
|
||||
config = mkOption {
|
||||
type = types.string;
|
||||
description = ''
|
||||
Charybdis IRC daemon configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
statedir = mkOption {
|
||||
type = types.string;
|
||||
default = "/var/lib/charybdis";
|
||||
description = ''
|
||||
Location of the state directory of charybdis.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "ircd";
|
||||
description = ''
|
||||
Charybdis IRC daemon user.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "ircd";
|
||||
description = ''
|
||||
Charybdis IRC daemon group.
|
||||
'';
|
||||
};
|
||||
|
||||
motd = mkOption {
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
description = ''
|
||||
Charybdis MOTD text.
|
||||
|
||||
Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
|
||||
If set, the value of this option will be written to this path.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable (lib.mkMerge [
|
||||
{
|
||||
users.users = singleton {
|
||||
name = cfg.user;
|
||||
description = "Charybdis IRC daemon user";
|
||||
uid = config.ids.uids.ircd;
|
||||
group = cfg.group;
|
||||
};
|
||||
|
||||
users.groups = singleton {
|
||||
name = cfg.group;
|
||||
gid = config.ids.gids.ircd;
|
||||
};
|
||||
|
||||
systemd.services.charybdis = {
|
||||
description = "Charybdis IRC daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
BANDB_DBPATH = "${cfg.statedir}/ban.db";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
|
||||
Group = cfg.group;
|
||||
User = cfg.user;
|
||||
PermissionsStartOnly = true; # preStart needs to run with root permissions
|
||||
};
|
||||
preStart = ''
|
||||
${coreutils}/bin/mkdir -p ${cfg.statedir}
|
||||
${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
(mkIf (cfg.motd != null) {
|
||||
environment.etc."charybdis/ircd.motd".text = cfg.motd;
|
||||
})
|
||||
]);
|
||||
}
|
@ -14,6 +14,7 @@ let
|
||||
./buildbot/master.nix
|
||||
./buildbot/slave.nix
|
||||
./build.nix
|
||||
./charybdis.nix
|
||||
./ci.nix
|
||||
./current.nix
|
||||
./exim.nix
|
||||
@ -111,7 +112,6 @@ let
|
||||
{ krebs = import ./krebs { inherit config; }; }
|
||||
{ krebs = import ./lass { inherit config; }; }
|
||||
{ krebs = import ./makefu { inherit config; }; }
|
||||
{ krebs = import ./nin { inherit config; }; }
|
||||
{ krebs = import ./tv { inherit config; }; }
|
||||
{
|
||||
krebs.dns.providers = {
|
||||
|
@ -494,6 +494,8 @@ in {
|
||||
ip6.addr = "42:f9f0::10";
|
||||
aliases = [
|
||||
"omo.r"
|
||||
"dcpp.omo.r"
|
||||
"torrent.omo.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -554,7 +556,7 @@ in {
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
|
||||
};
|
||||
nextgum = rec {
|
||||
gum = rec {
|
||||
ci = true;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
@ -563,6 +565,23 @@ in {
|
||||
graph IN A ${nets.internet.ip4.addr}
|
||||
gold IN A ${nets.internet.ip4.addr}
|
||||
iso.euer IN A ${nets.internet.ip4.addr}
|
||||
wg.euer IN A ${nets.internet.ip4.addr}
|
||||
photostore IN A ${nets.internet.ip4.addr}
|
||||
o.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
pigstarter IN A ${nets.internet.ip4.addr}
|
||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||
git.euer IN A ${nets.internet.ip4.addr}
|
||||
euer IN A ${nets.internet.ip4.addr}
|
||||
share.euer IN A ${nets.internet.ip4.addr}
|
||||
gum IN A ${nets.internet.ip4.addr}
|
||||
wikisearch IN A ${nets.internet.ip4.addr}
|
||||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
io IN NS gum.krebsco.de.
|
||||
'';
|
||||
};
|
||||
cores = 8;
|
||||
@ -571,6 +590,7 @@ in {
|
||||
ip4.addr = "144.76.26.247";
|
||||
ip6.addr = "2a01:4f8:191:12f6::2";
|
||||
aliases = [
|
||||
"gum.i"
|
||||
"nextgum.i"
|
||||
];
|
||||
};
|
||||
@ -594,6 +614,16 @@ in {
|
||||
"stats.makefu.r"
|
||||
"backup.makefu.r"
|
||||
"dcpp.nextgum.r"
|
||||
"gum.r"
|
||||
"cgit.gum.r"
|
||||
"o.gum.r"
|
||||
"tracker.makefu.r"
|
||||
"search.makefu.r"
|
||||
"wiki.makefu.r"
|
||||
"wiki.gum.r"
|
||||
"blog.makefu.r"
|
||||
"blog.gum.r"
|
||||
"dcpp.gum.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -610,72 +640,6 @@ in {
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
|
||||
gum = rec {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
share.euer IN A ${nets.internet.ip4.addr}
|
||||
mattermost.euer IN A ${nets.internet.ip4.addr}
|
||||
gum IN A ${nets.internet.ip4.addr}
|
||||
wikisearch IN A ${nets.internet.ip4.addr}
|
||||
pigstarter IN A ${nets.internet.ip4.addr}
|
||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||
euer IN A ${nets.internet.ip4.addr}
|
||||
o.euer IN A ${nets.internet.ip4.addr}
|
||||
git.euer IN A ${nets.internet.ip4.addr}
|
||||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
photostore IN A ${nets.internet.ip4.addr}
|
||||
io IN NS gum.krebsco.de.
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "185.194.143.140";
|
||||
ip6.addr = "2a03:4000:1c:43f::1";
|
||||
aliases = [
|
||||
"gum.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.0.211";
|
||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
|
||||
aliases = [
|
||||
"gum.r"
|
||||
"cgit.gum.r"
|
||||
"o.gum.r"
|
||||
"tracker.makefu.r"
|
||||
|
||||
"search.makefu.r"
|
||||
"wiki.makefu.r"
|
||||
"wiki.gum.r"
|
||||
"blog.makefu.r"
|
||||
"blog.gum.r"
|
||||
"dcpp.gum.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
# configured manually
|
||||
# ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
shoney = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
|
@ -1,111 +0,0 @@
|
||||
{ config, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.nin;
|
||||
ci = true;
|
||||
}) {
|
||||
hiawatha = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.132.96";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
|
||||
aliases = [
|
||||
"hiawatha.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
|
||||
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
|
||||
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
|
||||
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
|
||||
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
|
||||
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
|
||||
};
|
||||
axon= {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.134.66";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
|
||||
aliases = [
|
||||
"axon.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
|
||||
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
|
||||
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
|
||||
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
|
||||
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
|
||||
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
|
||||
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
|
||||
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
|
||||
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
|
||||
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
|
||||
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
|
||||
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
|
||||
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
|
||||
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
|
||||
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
|
||||
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
|
||||
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
|
||||
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
|
||||
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
|
||||
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
|
||||
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
|
||||
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
|
||||
};
|
||||
onondaga = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.132.55";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
|
||||
aliases = [
|
||||
"onondaga.r"
|
||||
"cgit.onondaga.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
|
||||
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
|
||||
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
|
||||
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
|
||||
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
|
||||
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
|
||||
};
|
||||
|
||||
};
|
||||
users = {
|
||||
nin = {
|
||||
mail = "nin@axon.r";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
|
||||
};
|
||||
nin_h = {
|
||||
mail = "nin@hiawatha.r";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
|
||||
};
|
||||
};
|
||||
}
|
@ -57,13 +57,6 @@ with import <stockholm/lib>;
|
||||
config.krebs.users.makefu.pubkey
|
||||
];
|
||||
};
|
||||
users.users.nin = {
|
||||
uid = genid "nin";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
users.extraUsers.dritter = {
|
||||
uid = genid "dritter";
|
||||
isNormalUser = true;
|
||||
@ -119,7 +112,6 @@ with import <stockholm/lib>;
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
|
@ -8,16 +8,21 @@ in {
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
./hardware-config.nix
|
||||
{
|
||||
users.users.lass = {
|
||||
uid = 9002;
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
makefu.pubkey
|
||||
];
|
||||
};
|
||||
}
|
||||
<stockholm/makefu/2configs/headless.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
# <stockholm/makefu/2configs/mattermost-docker.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
@ -26,83 +31,90 @@ in {
|
||||
<stockholm/makefu/2configs/tools/dev.nix>
|
||||
<stockholm/makefu/2configs/tools/sec.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
# <stockholm/makefu/2configs/gui/xpra.nix>
|
||||
|
||||
# networking
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
#<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
# <stockholm/makefu/2configs/backup.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# ci
|
||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/shack/gitlab-runner>
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/taskd.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
# <stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
# <stockholm/makefu/2configs/retroshare.nix>
|
||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
||||
|
||||
# network
|
||||
# sharing
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
#<stockholm/makefu/2configs/retroshare.nix>
|
||||
## <stockholm/makefu/2configs/ipfs.nix>
|
||||
#<stockholm/makefu/2configs/syncthing.nix>
|
||||
{ # ncdc
|
||||
environment.systemPackages = [ pkgs.ncdc ];
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51411 ];
|
||||
allowedTCPPorts = [ 51411 ];
|
||||
};
|
||||
}
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
|
||||
## network
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
||||
<stockholm/makefu/2configs/backup/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
<stockholm/makefu/2configs/bitlbee.nix>
|
||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
||||
|
||||
# buildbot
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
|
||||
## Web
|
||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
# Removed until move: no extra mails
|
||||
<stockholm/makefu/2configs/urlwatch>
|
||||
# Removed until move: avoid letsencrypt ban
|
||||
### Web
|
||||
#<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||
<stockholm/makefu/2configs/shack/events-publisher>
|
||||
|
||||
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
# <stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
||||
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
services.taskserver.listenHost = "::";
|
||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
'';
|
||||
}
|
||||
# <stockholm/makefu/2configs/ipfs.nix>
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
||||
<stockholm/makefu/2configs/dcpp/client.nix>
|
||||
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
# Temporary:
|
||||
# sharing
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
||||
|
||||
## Temporary:
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
|
||||
#{
|
||||
# services.dockerRegistry.enable = true;
|
||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
|
||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# extraConfig = ''
|
||||
# client_max_body_size 1000M;
|
||||
# '';
|
||||
# locations."/".proxyPass = "http://localhost:5000";
|
||||
# };
|
||||
#}
|
||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
||||
{ # iperf3
|
||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
||||
}
|
||||
|
||||
# krebs infrastructure services
|
||||
<stockholm/makefu/2configs/stats/server.nix>
|
||||
];
|
||||
makefu.dl-dir = "/var/download";
|
||||
|
||||
@ -120,9 +132,7 @@ in {
|
||||
ListenAddress = ${external-ip} 21031
|
||||
'';
|
||||
connectTo = [
|
||||
"muhbaasu" "tahoe" "flap" "wry"
|
||||
"ni"
|
||||
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
|
||||
"prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
|
||||
];
|
||||
};
|
||||
|
||||
@ -137,10 +147,11 @@ in {
|
||||
environment.systemPackages = with pkgs;[
|
||||
weechat
|
||||
bepasty-client-cli
|
||||
get
|
||||
tmux
|
||||
];
|
||||
|
||||
# Hardware
|
||||
|
||||
# Network
|
||||
networking = {
|
||||
firewall = {
|
||||
@ -179,4 +190,5 @@ in {
|
||||
};
|
||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
||||
boot.tmpOnTmpfs = true;
|
||||
state = [ "/home/makefu/.weechat" ];
|
||||
}
|
||||
|
@ -1,26 +1,24 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
external-mac = "2a:c5:6e:d2:fc:7f";
|
||||
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
||||
external-gw = "185.194.140.1";
|
||||
external-mac = "50:46:5d:9f:63:6b";
|
||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
||||
external-gw = "144.76.26.225";
|
||||
# single partition, label "nixos"
|
||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
||||
|
||||
|
||||
# static
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
|
||||
external-ip = "144.76.26.247";
|
||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
||||
external-gw6 = "fe80::1";
|
||||
external-netmask = 22;
|
||||
external-netmask = 27;
|
||||
external-netmask6 = 64;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
in {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
];
|
||||
|
||||
makefu.server.primary-itf = ext-if;
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
||||
@ -40,7 +38,62 @@ in {
|
||||
defaultGateway = external-gw;
|
||||
};
|
||||
boot.kernelParams = [ ];
|
||||
boot.loader.grub.device = main-disk;
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.devices = [ main-disk ];
|
||||
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||
];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/nixos-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib" = {
|
||||
device = "/dev/mapper/nixos-lib";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/mapper/nixos-download";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib/borgbackup" = {
|
||||
device = "/dev/mapper/nixos-backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda2";
|
||||
fsType = "vfat";
|
||||
};
|
||||
# parted -s -a optimal "$disk" \
|
||||
# mklabel gpt \
|
||||
# mkpart no-fs 0 1024KiB \
|
||||
# set 1 bios_grub on \
|
||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
||||
# mkpart primary 1025MiB 100%
|
||||
# parted -s -a optimal "/dev/sdb" \
|
||||
# mklabel gpt \
|
||||
# mkpart primary 1M 100%
|
||||
|
||||
#mkfs.vfat /dev/sda2
|
||||
#pvcreate /dev/sda3
|
||||
#pvcreate /dev/sdb1
|
||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||
#lvcreate -L 120G -m 1 -n root nixos
|
||||
#lvcreate -L 50G -m 1 -n lib nixos
|
||||
#lvcreate -L 100G -n download nixos
|
||||
#lvcreate -L 100G -n backup nixos
|
||||
#mkfs.ext4 /dev/mapper/nixos-root
|
||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
||||
#mkfs.ext4 /dev/mapper/nixos-download
|
||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
||||
#mount /dev/mapper/nixos-root /mnt
|
||||
#mkdir /mnt/boot
|
||||
#mount /dev/sda2 /mnt/boot
|
||||
#mkdir -p /mnt/var/src
|
||||
#touch /mnt/var/src/.populate
|
||||
|
||||
}
|
||||
|
11
makefu/1systems/gum/rescue.txt
Normal file
11
makefu/1systems/gum/rescue.txt
Normal file
@ -0,0 +1,11 @@
|
||||
mount /dev/mapper/nixos-root /mnt
|
||||
mount /dev/sda2 /mnt/boot
|
||||
|
||||
chroot-prepare /mnt
|
||||
chroot /mnt /bin/sh
|
||||
|
||||
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
|
||||
|
||||
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
|
||||
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
|
||||
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
|
@ -1,5 +1,5 @@
|
||||
{
|
||||
name="gum";
|
||||
name="nextgum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
||||
|
@ -1,253 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
ext-if = config.makefu.server.primary-itf;
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
./hardware-config.nix
|
||||
./transfer-config.nix
|
||||
<stockholm/makefu/2configs/headless.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
# Tools
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/tools/dev.nix>
|
||||
<stockholm/makefu/2configs/tools/sec.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
<stockholm/makefu/2configs/gui/xpra.nix>
|
||||
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
||||
|
||||
# sharing
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
#<stockholm/makefu/2configs/retroshare.nix>
|
||||
## <stockholm/makefu/2configs/ipfs.nix>
|
||||
#<stockholm/makefu/2configs/syncthing.nix>
|
||||
{ # ncdc
|
||||
environment.systemPackages = [ pkgs.ncdc ];
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51411 ];
|
||||
allowedTCPPorts = [ 51411 ];
|
||||
};
|
||||
}
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
|
||||
## network
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
<stockholm/makefu/2configs/bitlbee.nix>
|
||||
|
||||
## buildbot
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
|
||||
# Removed until move: no extra mails
|
||||
<stockholm/makefu/2configs/urlwatch>
|
||||
# Removed until move: avoid double-update of domain
|
||||
# <stockholm/makefu/2configs/hub.nix>
|
||||
# Removed until move: avoid letsencrypt ban
|
||||
### Web
|
||||
#<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||
<stockholm/makefu/2configs/deployment/events-publisher>
|
||||
|
||||
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
#<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||
#<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
#<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
||||
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
services.taskserver.listenHost = "::";
|
||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
'';
|
||||
}
|
||||
|
||||
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
## Temporary:
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
|
||||
#{
|
||||
# services.dockerRegistry.enable = true;
|
||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
|
||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# extraConfig = ''
|
||||
# client_max_body_size 1000M;
|
||||
# '';
|
||||
# locations."/".proxyPass = "http://localhost:5000";
|
||||
# };
|
||||
#}
|
||||
{ # wireguard server
|
||||
|
||||
# opkg install wireguard luci-proto-wireguard
|
||||
|
||||
# TODO: networking.nat
|
||||
|
||||
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
# conf.all.proxy_arp =1
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
extraCommands = ''
|
||||
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.0.1/24" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = [
|
||||
{
|
||||
# x
|
||||
allowedIPs = [ "10.244.0.2/32" ];
|
||||
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||
}
|
||||
{
|
||||
# vbob
|
||||
allowedIPs = [ "10.244.0.3/32" ];
|
||||
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
||||
}
|
||||
{
|
||||
# x-test
|
||||
allowedIPs = [ "10.244.0.4/32" ];
|
||||
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
|
||||
}
|
||||
{
|
||||
# work-router
|
||||
allowedIPs = [ "10.244.0.5/32" ];
|
||||
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
|
||||
}
|
||||
{
|
||||
# workr
|
||||
allowedIPs = [ "10.244.0.6/32" ];
|
||||
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
{ # iperf3
|
||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
||||
}
|
||||
|
||||
# krebs infrastructure services
|
||||
<stockholm/makefu/2configs/stats/server.nix>
|
||||
];
|
||||
makefu.dl-dir = "/var/download";
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
|
||||
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
|
||||
###### stable
|
||||
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
|
||||
krebs.build.host = config.krebs.hosts.gum;
|
||||
|
||||
krebs.tinc.retiolum = {
|
||||
extraConfig = ''
|
||||
ListenAddress = ${external-ip} 53
|
||||
ListenAddress = ${external-ip} 655
|
||||
ListenAddress = ${external-ip} 21031
|
||||
'';
|
||||
connectTo = [
|
||||
"muhbaasu" "tahoe" "flap" "wry"
|
||||
"ni"
|
||||
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
# access
|
||||
users.users = {
|
||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
|
||||
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
|
||||
};
|
||||
|
||||
# Chat
|
||||
environment.systemPackages = with pkgs;[
|
||||
weechat
|
||||
bepasty-client-cli
|
||||
tmux
|
||||
];
|
||||
|
||||
# Hardware
|
||||
|
||||
# Network
|
||||
networking = {
|
||||
firewall = {
|
||||
allowPing = true;
|
||||
logRefusedConnections = false;
|
||||
allowedTCPPorts = [
|
||||
# smtp
|
||||
25
|
||||
# http
|
||||
80 443
|
||||
# httptunnel
|
||||
8080 8443
|
||||
# tinc
|
||||
655
|
||||
# tinc-shack
|
||||
21032
|
||||
# tinc-retiolum
|
||||
21031
|
||||
# taskserver
|
||||
53589
|
||||
# temp vnc
|
||||
18001
|
||||
# temp reverseshell
|
||||
31337
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# tinc
|
||||
655 53
|
||||
# tinc-retiolum
|
||||
21031
|
||||
# tinc-shack
|
||||
21032
|
||||
];
|
||||
};
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
};
|
||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
||||
boot.tmpOnTmpfs = true;
|
||||
}
|
@ -1,99 +0,0 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
external-mac = "50:46:5d:9f:63:6b";
|
||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
||||
external-gw = "144.76.26.225";
|
||||
# single partition, label "nixos"
|
||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
||||
|
||||
|
||||
# static
|
||||
external-ip = "144.76.26.247";
|
||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
||||
external-gw6 = "fe80::1";
|
||||
external-netmask = 27;
|
||||
external-netmask6 = 64;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
makefu.server.primary-itf = ext-if;
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
||||
'';
|
||||
networking = {
|
||||
interfaces."${ext-if}" = {
|
||||
ipv4.addresses = [{
|
||||
address = external-ip;
|
||||
prefixLength = external-netmask;
|
||||
}];
|
||||
ipv6.addresses = [{
|
||||
address = external-ip6;
|
||||
prefixLength = external-netmask6;
|
||||
}];
|
||||
};
|
||||
defaultGateway6 = external-gw6;
|
||||
defaultGateway = external-gw;
|
||||
};
|
||||
boot.kernelParams = [ ];
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.devices = [ main-disk ];
|
||||
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||
];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/nixos-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib" = {
|
||||
device = "/dev/mapper/nixos-lib";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/mapper/nixos-download";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib/borgbackup" = {
|
||||
device = "/dev/mapper/nixos-backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda2";
|
||||
fsType = "vfat";
|
||||
};
|
||||
# parted -s -a optimal "$disk" \
|
||||
# mklabel gpt \
|
||||
# mkpart no-fs 0 1024KiB \
|
||||
# set 1 bios_grub on \
|
||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
||||
# mkpart primary 1025MiB 100%
|
||||
# parted -s -a optimal "/dev/sdb" \
|
||||
# mklabel gpt \
|
||||
# mkpart primary 1M 100%
|
||||
|
||||
#mkfs.vfat /dev/sda2
|
||||
#pvcreate /dev/sda3
|
||||
#pvcreate /dev/sdb1
|
||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||
#lvcreate -L 120G -m 1 -n root nixos
|
||||
#lvcreate -L 50G -m 1 -n lib nixos
|
||||
#lvcreate -L 100G -n download nixos
|
||||
#lvcreate -L 100G -n backup nixos
|
||||
#mkfs.ext4 /dev/mapper/nixos-root
|
||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
||||
#mkfs.ext4 /dev/mapper/nixos-download
|
||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
||||
#mount /dev/mapper/nixos-root /mnt
|
||||
#mkdir /mnt/boot
|
||||
#mount /dev/sda2 /mnt/boot
|
||||
#mkdir -p /mnt/var/src
|
||||
#touch /mnt/var/src/.populate
|
||||
|
||||
}
|
@ -1,5 +0,0 @@
|
||||
{
|
||||
name="nextgum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
@ -1,7 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
# configuration which is only required for the time of the transfer
|
||||
{
|
||||
krebs.tinc.retiolum.connectTo = [ "gum" ];
|
||||
krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
|
||||
}
|
||||
|
@ -8,11 +8,11 @@ let
|
||||
in {
|
||||
imports =
|
||||
[
|
||||
#./hw/omo.nix
|
||||
./hw/tsp.nix
|
||||
./hw/omo.nix
|
||||
#./hw/tsp.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
<stockholm/makefu/2configs/backup/state.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
@ -25,6 +25,22 @@ in {
|
||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||
<stockholm/makefu/2configs/share/omo.nix>
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
{ krebs.airdcpp.dcpp.shares = let
|
||||
d = path: "/media/cryptX/${path}";
|
||||
in {
|
||||
emu.path = d "emu";
|
||||
audiobooks.path = lib.mkForce (d "audiobooks");
|
||||
incoming.path = lib.mkForce (d "torrent");
|
||||
anime.path = d "anime";
|
||||
};
|
||||
krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
|
||||
}
|
||||
{
|
||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||
#services.sabnzbd.enable = true;
|
||||
#systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
}
|
||||
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
@ -41,12 +57,22 @@ in {
|
||||
<stockholm/makefu/2configs/stats/arafetch.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
}
|
||||
# <stockholm/makefu/2configs/syncthing.nix>
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||
<stockholm/makefu/2configs/deployment/homeautomation>
|
||||
{
|
||||
makefu.ps3netsrv = {
|
||||
enable = true;
|
||||
servedir = "/media/cryptX/emu/ps3";
|
||||
};
|
||||
}
|
||||
{
|
||||
hardware.pulseaudio.systemWide = true;
|
||||
makefu.mpd.musicDirectory = "/media/cryptX/music";
|
||||
@ -74,7 +100,7 @@ in {
|
||||
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
|
||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||
extraConfig = ''
|
||||
upload_rate = 200
|
||||
upload_rate = 500
|
||||
'';
|
||||
};
|
||||
users.groups.share = {
|
||||
@ -83,14 +109,7 @@ in {
|
||||
};
|
||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||
|
||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||
services.sabnzbd.enable = true;
|
||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
makefu.ps3netsrv = {
|
||||
enable = true;
|
||||
servedir = "/media/cryptX/emu/ps3";
|
||||
};
|
||||
|
||||
users.users.misa = {
|
||||
uid = 9002;
|
||||
|
@ -11,10 +11,10 @@ in {
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
# <stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
# <stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
# <stockholm/makefu/2configs/tools/media.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/media.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/mqtt.nix>
|
||||
@ -33,9 +33,6 @@ in {
|
||||
|
||||
<stockholm/makefu/2configs/share/wbob.nix>
|
||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||
{
|
||||
users.users.makefu.extraGroups = [ "pulse" ];
|
||||
}
|
||||
|
||||
# Sensors
|
||||
<stockholm/makefu/2configs/stats/telegraf>
|
||||
@ -46,10 +43,11 @@ in {
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
||||
|
||||
{ environment.systemPackages = [ pkgs.vlc ]; }
|
||||
|
||||
|
||||
<stockholm/makefu/2configs/deployment/bureautomation>
|
||||
<stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
|
||||
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
|
||||
(let
|
||||
collectd-port = 25826;
|
||||
@ -174,20 +172,4 @@ in {
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
# DualHead on NUC
|
||||
# TODO: update synergy package with these extras (username)
|
||||
# TODO: add crypto layer
|
||||
systemd.services."synergy-client" = {
|
||||
environment.DISPLAY = ":0";
|
||||
serviceConfig.User = user;
|
||||
};
|
||||
|
||||
services.synergy = {
|
||||
client = {
|
||||
enable = true;
|
||||
screenName = "wbob";
|
||||
serverAddress = "x.r";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||
<stockholm/makefu/2configs/tools/all.nix>
|
||||
|
||||
<stockholm/makefu/2configs/laptop-backup.nix>
|
||||
<stockholm/makefu/2configs/backup/state.nix>
|
||||
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
||||
<stockholm/makefu/2configs/avahi.nix>
|
||||
|
||||
@ -74,6 +74,7 @@
|
||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
<stockholm/makefu/2configs/hw/irtoy.nix>
|
||||
<stockholm/makefu/2configs/hw/switch.nix>
|
||||
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
||||
<stockholm/makefu/2configs/hw/smartcard.nix>
|
||||
@ -83,11 +84,11 @@
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
{
|
||||
programs.adb.enable = true;
|
||||
}
|
||||
{ programs.adb.enable = true; }
|
||||
# temporary
|
||||
{ services.redis.enable = true; }
|
||||
<stockholm/makefu/2configs/pyload.nix>
|
||||
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||
@ -121,13 +122,11 @@
|
||||
];
|
||||
|
||||
makefu.server.primary-itf = "wlp3s0";
|
||||
makefu.full-populate = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
|
||||
networking.firewall.allowedUDPPorts = [ 665 26061 ];
|
||||
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
|
||||
|
||||
@ -144,14 +143,25 @@
|
||||
# avoid full boot dir
|
||||
boot.loader.grub.configurationLimit = 3;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||
|
||||
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
|
||||
state = [
|
||||
"/home/makefu/stockholm"
|
||||
"/home/makefu/backup/borgun"
|
||||
"/home/makefu/.mail/"
|
||||
"/home/makefu/.ssh/"
|
||||
"/home/makefu/.zsh_history"
|
||||
"/home/makefu/.bash_history"
|
||||
"/home/makefu/.zshrc"
|
||||
"/home/makefu/bin"
|
||||
"/home/makefu/.gnupg"
|
||||
"/home/makefu/.imapfilter"
|
||||
"/home/makefu/.mutt"
|
||||
"/home/makefu/docs"
|
||||
"/home/makefu/.password-store"
|
||||
"/home/makefu/.secrets-pass"
|
||||
"/home/makefu/autosync/Database.kdb"
|
||||
];
|
||||
|
||||
services.syncthing.user = lib.mkForce "makefu";
|
||||
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
||||
}
|
||||
|
@ -1,52 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
# preparation:
|
||||
# mkdir -p defaultBackupDir/host.name/src
|
||||
# as root on omo:
|
||||
# ssh-copy-id root@src
|
||||
startAt = "0,6,12,18:00";
|
||||
defaultBackupServer = config.krebs.hosts.omo;
|
||||
defaultBackupDir = "/home/backup";
|
||||
defaultPull = host: src: {
|
||||
method = "pull";
|
||||
src = {
|
||||
inherit host;
|
||||
path = src;
|
||||
};
|
||||
dst = {
|
||||
host = defaultBackupServer;
|
||||
path = "${defaultBackupDir}/${host.name}${src}";
|
||||
};
|
||||
startAt = "0,6,12,18:00";
|
||||
snapshots = {
|
||||
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
};
|
||||
in {
|
||||
krebs.backup.plans = {
|
||||
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
|
||||
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
|
||||
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
|
||||
{
|
||||
dst.path = "/media/cryptX/backup/gum/var-download";
|
||||
dst.host = defaultBackupServer;
|
||||
startAt = "19:00";
|
||||
};
|
||||
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
|
||||
{
|
||||
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
|
||||
dst.host = defaultBackupServer;
|
||||
|
||||
startAt = "05:00";
|
||||
};
|
||||
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.borgbackup
|
||||
];
|
||||
}
|
11
makefu/2configs/backup/server.nix
Normal file
11
makefu/2configs/backup/server.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{lib, ... }:
|
||||
let
|
||||
hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
|
||||
in {
|
||||
# TODO: for all enabled machines
|
||||
services.borgbackup.repos = lib.genAttrs hosts (host: {
|
||||
authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
|
||||
path = "/var/lib/borgbackup/${host}";
|
||||
user = "borg-${host}";
|
||||
}) ;
|
||||
}
|
1
makefu/2configs/backup/ssh/gum.pub
Normal file
1
makefu/2configs/backup/ssh/gum.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
|
1
makefu/2configs/backup/ssh/nextgum.pub
Normal file
1
makefu/2configs/backup/ssh/nextgum.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
|
1
makefu/2configs/backup/ssh/omo.pub
Normal file
1
makefu/2configs/backup/ssh/omo.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
|
1
makefu/2configs/backup/ssh/x.pub
Normal file
1
makefu/2configs/backup/ssh/x.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
|
25
makefu/2configs/backup/state.nix
Normal file
25
makefu/2configs/backup/state.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ config, ... }:
|
||||
# back up all state
|
||||
let
|
||||
sec = toString <secrets>;
|
||||
sshkey = sec + "/borg.priv";
|
||||
phrase = sec + "/borg.pw";
|
||||
in
|
||||
{
|
||||
services.borgbackup.jobs.state = {
|
||||
repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
|
||||
paths = config.state;
|
||||
encryption = {
|
||||
mode = "repokey";
|
||||
passCommand = "cat ${phrase}";
|
||||
};
|
||||
environment.BORG_RSH = "ssh -i ${sshkey}";
|
||||
prune.keep =
|
||||
{ daily = 7;
|
||||
weekly = 4;
|
||||
monthly = -1; # Keep at least one archive for each month
|
||||
};
|
||||
compression = "auto,lzma";
|
||||
startAt = "daily";
|
||||
};
|
||||
}
|
@ -32,6 +32,11 @@ in {
|
||||
"paste.${config.krebs.build.host.name}"
|
||||
"paste.r"
|
||||
];
|
||||
extraConfig = ''
|
||||
if ( $server_addr = "${external-ip}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
};
|
||||
defaultPermissions = "admin,list,create,read,delete";
|
||||
secretKeyFile = secKey;
|
||||
|
@ -57,6 +57,8 @@ in {
|
||||
load-module module-filter-heuristics
|
||||
load-module module-filter-apply
|
||||
load-module module-switch-on-connect
|
||||
load-module module-equalizer-sink
|
||||
load-module module-dbus-protocol
|
||||
#load-module module-bluez5-device
|
||||
#load-module module-bluez5-discover
|
||||
'';
|
||||
|
@ -44,5 +44,6 @@
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
|
||||
[ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
|
||||
}
|
||||
|
@ -11,6 +11,11 @@ let
|
||||
payload_available= "Online";
|
||||
payload_not_available= "Offline";
|
||||
};
|
||||
tasmota_stecki = name: topic:
|
||||
( tasmota_plug name topic) //
|
||||
{ state_topic = "/bam/${topic}/stat/POWER";
|
||||
command_topic = "/bam/${topic}/cmnd/POWER";
|
||||
};
|
||||
espeasy_dht22 = name: [
|
||||
{ platform = "mqtt";
|
||||
name = "${name} DHT22 Temperature";
|
||||
@ -38,9 +43,6 @@ let
|
||||
};
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 8123 ];
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"homeassistant-0.65.5"
|
||||
];
|
||||
|
||||
services.home-assistant = {
|
||||
enable = true;
|
||||
@ -48,6 +50,9 @@ in {
|
||||
homeassistant = {
|
||||
name = "Bureautomation";
|
||||
time_zone = "Europe/Berlin";
|
||||
latitude = "48.8265";
|
||||
longitude = "9.0676";
|
||||
elevation = 303;
|
||||
};
|
||||
|
||||
mqtt = {
|
||||
@ -72,7 +77,7 @@ in {
|
||||
switch = [
|
||||
(tasmota_plug "Bauarbeiterlampe" "plug")
|
||||
(tasmota_plug "Blitzdings" "plug2")
|
||||
(tasmota_plug "Fernseher" "plug3")
|
||||
(tasmota_stecki "Fernseher" "fernseher")
|
||||
(tasmota_plug "Pluggy" "plug4")
|
||||
];
|
||||
binary_sensor = [
|
||||
@ -96,26 +101,140 @@ in {
|
||||
sensorid = "5341";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{ platform = "influxdb";
|
||||
queries = [
|
||||
{ name = "mean value of feinstaub P1";
|
||||
where = '' "node" = 'esp8266-1355142' '';
|
||||
measurement = "feinstaub";
|
||||
database = "telegraf";
|
||||
field = "P1";
|
||||
}
|
||||
{ name = "mean value of feinstaub P2";
|
||||
where = '' "node" = 'esp8266-1355142' '';
|
||||
measurement = "feinstaub";
|
||||
database = "telegraf";
|
||||
field = "P2";
|
||||
|
||||
{ platform = "darksky";
|
||||
api_key = lib.removeSuffix "\n"
|
||||
(builtins.readFile <secrets/hass/darksky.apikey>);
|
||||
language = "de";
|
||||
monitored_conditions = [ "summary" "icon"
|
||||
"nearest_storm_distance" "precip_probability"
|
||||
"precip_intensity"
|
||||
"temperature" # "temperature_high" "temperature_low"
|
||||
"apparent_temperature"
|
||||
"hourly_summary" # next 24 hours text
|
||||
"minutely_summary"
|
||||
"humidity"
|
||||
"pressure"
|
||||
"uv_index" ];
|
||||
units = "si" ;
|
||||
update_interval = {
|
||||
days = 0;
|
||||
hours = 0;
|
||||
minutes = 30;
|
||||
seconds = 0;
|
||||
};
|
||||
}
|
||||
#{ platform = "influxdb";
|
||||
# queries = [
|
||||
# { name = "mean value of feinstaub P1";
|
||||
# where = '' "node" = 'esp8266-1355142' '';
|
||||
# measurement = "feinstaub";
|
||||
# database = "telegraf";
|
||||
# field = "P1";
|
||||
# }
|
||||
# { name = "mean value of feinstaub P2";
|
||||
# where = '' "node" = 'esp8266-1355142' '';
|
||||
# measurement = "feinstaub";
|
||||
# database = "telegraf";
|
||||
# field = "P2";
|
||||
# }
|
||||
# ];
|
||||
#}
|
||||
];
|
||||
camera = [
|
||||
{ name = "Baumarkt";
|
||||
platform = "generic";
|
||||
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
|
||||
}
|
||||
{ name = "Autobahn Heilbronn";
|
||||
platform = "generic";
|
||||
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
|
||||
}
|
||||
{ name = "Autobahn Singen";
|
||||
platform = "generic";
|
||||
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
|
||||
}
|
||||
];
|
||||
frontend = { };
|
||||
http = { };
|
||||
feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
|
||||
conversation = {};
|
||||
history = {};
|
||||
logbook = {};
|
||||
tts = [ { platform = "google";} ];
|
||||
recorder = {};
|
||||
group =
|
||||
{ default_view =
|
||||
{ view = "yes";
|
||||
entities = [
|
||||
"group.sensors"
|
||||
"group.outside"
|
||||
"group.switches"
|
||||
"group.automation"
|
||||
"group.camera"
|
||||
];
|
||||
};
|
||||
automation = [
|
||||
"automation.turn_off_fernseher_10_minutes_after_last_movement"
|
||||
];
|
||||
switches = [
|
||||
"switch.bauarbeiterlampe"
|
||||
"switch.blitzdings"
|
||||
"switch.fernseher"
|
||||
"switch.pluggy"
|
||||
];
|
||||
camera = [
|
||||
"camera.Baumarkt"
|
||||
"camera.Autobahn_Heilbronn"
|
||||
"camera.Autobahn_Singen"
|
||||
];
|
||||
sensors = [
|
||||
"binary_sensor.motion"
|
||||
"sensor.easy2_dht22_humidity"
|
||||
"sensor.easy2_dht22_temperature"
|
||||
];
|
||||
outside = [
|
||||
"sensor.ditzingen_pm10"
|
||||
"sensor.ditzingen_pm25"
|
||||
"sensor.dark_sky_temperature"
|
||||
"sensor.dark_sky_humidity"
|
||||
"sensor.dark_sky_pressure"
|
||||
"sensor.dark_sky_hourly_summary"
|
||||
"sensor.dark_sky_minutely_summary"
|
||||
];
|
||||
};
|
||||
# only for automation
|
||||
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
|
||||
automation = [
|
||||
{ alias = "Turn on Fernseher on movement";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "binary_sensor.motion";
|
||||
to = "on";
|
||||
};
|
||||
action = {
|
||||
service= "homeassistant.turn_on";
|
||||
entity_id= "switch.fernseher";
|
||||
};
|
||||
}
|
||||
{ alias = "Turn off Fernseher 10 minutes after last movement";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "binary_sensor.motion";
|
||||
to = "off";
|
||||
for.minutes = 10;
|
||||
};
|
||||
action = {
|
||||
service= "homeassistant.turn_off";
|
||||
entity_id= "switch.fernseher";
|
||||
};
|
||||
condition = [{
|
||||
condition = "time";
|
||||
before = "06:30:00"; #only turn off between 6:30 and 18:00
|
||||
after = "18:00:00";
|
||||
weekday = [ "mon" "tue" "wed" "thu" "fri" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,67 +0,0 @@
|
||||
{ pkgs, lib, ... }:
|
||||
let
|
||||
firetv = "192.168.1.238";
|
||||
in {
|
||||
systemd.services.firetv = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||
};
|
||||
};
|
||||
services.home-assistant = {
|
||||
#panel_iframe:
|
||||
#configurator:
|
||||
# title: Configurator
|
||||
# icon: mdi:wrench
|
||||
# url: http://hassio.local:3218
|
||||
# sensor:
|
||||
# - platform: random
|
||||
enable = true;
|
||||
config = {
|
||||
homeassistant = {
|
||||
name = "Bureautomation";
|
||||
time_zone = "Europe/Berlin";
|
||||
};
|
||||
panel_iframe = {
|
||||
euer_blog = {
|
||||
title = "Euer Blog";
|
||||
icon = "mdi:wrench";
|
||||
url = "https://euer.krebsco.de";
|
||||
};
|
||||
};
|
||||
media_player = [
|
||||
{ platform = "kodi";
|
||||
host = firetv;
|
||||
}
|
||||
{ platform = "firetv";
|
||||
# assumes python-firetv running
|
||||
}
|
||||
];
|
||||
sensor = [
|
||||
{
|
||||
platform = "luftdaten";
|
||||
name = "Shack 1";
|
||||
sensorid = "50";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{
|
||||
platform = "luftdaten";
|
||||
name = "Shack 2";
|
||||
sensorid = "658";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{
|
||||
platform = "luftdaten";
|
||||
name = "Ditzingen";
|
||||
sensorid = "5341";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{ platform = "random"; }
|
||||
];
|
||||
frontend = { };
|
||||
http = { };
|
||||
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
||||
};
|
||||
};
|
||||
}
|
9
makefu/2configs/deployment/bureautomation/mpd.nix
Normal file
9
makefu/2configs/deployment/bureautomation/mpd.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{lib,pkgs, ... }:
|
||||
|
||||
{
|
||||
systemd.services."ympd-wbob" = {
|
||||
description = "mpd ";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
|
||||
};
|
||||
}
|
@ -6,11 +6,6 @@ let
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
hn = config.krebs.build.host.name;
|
||||
in {
|
||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||
if ( $server_addr = "${external-ip}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
krebs.tinc_graphs = {
|
||||
enable = true;
|
||||
nginx = {
|
||||
|
@ -1,9 +1,60 @@
|
||||
{ pkgs, config, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
# Ideas:
|
||||
## wake-on-lan server
|
||||
##
|
||||
let
|
||||
tasmota_rgb = name: topic:
|
||||
# LED WS2812b
|
||||
# effect_state_topic: "stat/led/Scheme"
|
||||
# effect_command_topic: "cmnd/led/Scheme"
|
||||
# effect_value_template: "{{ value_json.Scheme }}"
|
||||
{ platform = "mqtt";
|
||||
inherit name;
|
||||
retain = false;
|
||||
qos = 1;
|
||||
optimistic = false;
|
||||
# state
|
||||
# TODO: currently broken, will not use the custom state topic
|
||||
#state_topic = "/ham/${topic}/stat/POWER";
|
||||
state_topic = "/ham/${topic}/stat/POWER";
|
||||
command_topic = "/ham/${topic}/cmnd/POWER";
|
||||
availability_topic = "/ham/${topic}/tele/LWT";
|
||||
payload_on= "ON";
|
||||
payload_off= "OFF";
|
||||
payload_available= "Online";
|
||||
payload_not_available= "Offline";
|
||||
# brightness
|
||||
brightness_state_topic = "/ham/${topic}/stat/Dimmer";
|
||||
brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
|
||||
brightness_value_template = "{{ value_json.Dimmer }}";
|
||||
brightness_scale = 100;
|
||||
# color
|
||||
rgb_state_topic = "/ham/${topic}/stat/Color";
|
||||
rgb_command_topic = "/ham/${topic}/cmnd/Color2";
|
||||
rgb_command_mode = "hex";
|
||||
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
|
||||
# effects
|
||||
effect_state_topic = "/ham/${topic}/stat/Scheme";
|
||||
effect_command_topic = "/ham/${topic}/cmnd/Scheme";
|
||||
effect_value_template = "{{ value_json.Scheme }}";
|
||||
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
|
||||
};
|
||||
# switchmode 1 - also toggle power
|
||||
# switchtopic flurlicht
|
||||
tasmota_motion = name: topic:
|
||||
{ platform = "mqtt";
|
||||
device_class = "motion";
|
||||
inherit name;
|
||||
# TODO: currently broken, will not use the custom state topic
|
||||
state_topic = "/ham/${topic}/stat/POWER";
|
||||
payload_on = "ON";
|
||||
payload_off = "OFF";
|
||||
availability_topic = "/ham/${topic}/tele/LWT";
|
||||
payload_available = "Online";
|
||||
payload_not_available = "Offline";
|
||||
};
|
||||
|
||||
firetv = "192.168.1.238";
|
||||
tasmota_plug = name: topic:
|
||||
{ platform = "mqtt";
|
||||
@ -36,20 +87,31 @@ let
|
||||
unit_of_measurement = "hPa";
|
||||
}
|
||||
];
|
||||
tasmota_am2301 = name: topic:
|
||||
[ { platform = "mqtt";
|
||||
name = "${name} Temperatur";
|
||||
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||
value_template = "{{ value_json.AM2301.Temperature }}";
|
||||
unit_of_measurement = "°C";
|
||||
}
|
||||
{ platform = "mqtt";
|
||||
name = "${name} Luftfeuchtigkeit";
|
||||
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||
value_template = "{{ value_json.AM2301.Humidity }}";
|
||||
unit_of_measurement = "%";
|
||||
}
|
||||
];
|
||||
in {
|
||||
imports = [
|
||||
./mqtt.nix
|
||||
];
|
||||
systemd.services.firetv = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||
};
|
||||
};
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"homeassistant-0.65.5"
|
||||
];
|
||||
#systemd.services.firetv = {
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# serviceConfig = {
|
||||
# User = "nobody";
|
||||
# ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||
# };
|
||||
#};
|
||||
services.home-assistant = {
|
||||
config = {
|
||||
homeassistant = {
|
||||
@ -58,7 +120,7 @@ in {
|
||||
longitude = "9.2478";
|
||||
elevation = 247;
|
||||
};
|
||||
discovery = {};
|
||||
#discovery = {};
|
||||
conversation = {};
|
||||
history = {};
|
||||
logbook = {};
|
||||
@ -71,16 +133,16 @@ in {
|
||||
{ platform = "kodi";
|
||||
host = firetv;
|
||||
}
|
||||
{ platform = "firetv";
|
||||
# assumes python-firetv running
|
||||
}
|
||||
#{ platform = "firetv";
|
||||
# # assumes python-firetv running
|
||||
#}
|
||||
];
|
||||
mqtt = {
|
||||
broker = "localhost";
|
||||
port = 1883;
|
||||
client_id = "home-assistant";
|
||||
username = "hass";
|
||||
password = builtins.readFile <secrets/mqtt/hass>;
|
||||
password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
|
||||
keepalive = 60;
|
||||
protocol = 3.1;
|
||||
birth_message = {
|
||||
@ -96,43 +158,100 @@ in {
|
||||
retain = true;
|
||||
};
|
||||
};
|
||||
binary_sensor = [
|
||||
(tasmota_motion "Flur Bewegung" "flurlicht")
|
||||
];
|
||||
sensor = [
|
||||
{ platform = "speedtest";
|
||||
monitored_conditions = [ "ping" "download" "upload" ];
|
||||
}
|
||||
# broken
|
||||
#{ platform = "speedtest";
|
||||
# monitored_conditions = [ "ping" "download" "upload" ];
|
||||
#}
|
||||
{ platform = "luftdaten";
|
||||
name = "Ditzingen";
|
||||
name = "Wangen";
|
||||
sensorid = "663";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
|
||||
{ platform = "darksky";
|
||||
api_key = "c73619e6ea79e553a585be06aacf3679";
|
||||
api_key = lib.removeSuffix "\n"
|
||||
(builtins.readFile <secrets/hass/darksky.apikey>);
|
||||
language = "de";
|
||||
monitored_conditions = [ "summary" "icon"
|
||||
"nearest_storm_distance" "precip_probability"
|
||||
"precip_intensity"
|
||||
"temperature" # "temperature_high" "temperature_low"
|
||||
"temperature"
|
||||
"apparent_temperature"
|
||||
"hourly_summary"
|
||||
"humidity"
|
||||
"pressure"
|
||||
"uv_index" ];
|
||||
units = "si" ;
|
||||
update_interval = {
|
||||
days = 0;
|
||||
hours = 0;
|
||||
minutes = 10;
|
||||
minutes = 30;
|
||||
seconds = 0;
|
||||
};
|
||||
}
|
||||
] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
|
||||
]
|
||||
++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
|
||||
++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
|
||||
frontend = { };
|
||||
#group = [
|
||||
# { default_view = { view = "yes"; entities = [
|
||||
# "sensor.luftdaten"
|
||||
# ]}
|
||||
#];
|
||||
group =
|
||||
{ default_view =
|
||||
{ view = "yes";
|
||||
entities = [
|
||||
"group.flur"
|
||||
"group.schlafzimmer"
|
||||
"group.draussen"
|
||||
"group.wohnzimmer"
|
||||
"group.arbeitszimmer"
|
||||
];
|
||||
};
|
||||
flur = [
|
||||
"light.flurlicht"
|
||||
"binary_sensor.flur_bewegung"
|
||||
];
|
||||
wohnzimmer = [
|
||||
"media_player.kodi"
|
||||
];
|
||||
draussen = [
|
||||
"sensor.dark_sky_temperature"
|
||||
"sensor.dark_sky_hourly_summary"
|
||||
"sensor.wangen_pm10"
|
||||
"sensor.wangen_pm25"
|
||||
];
|
||||
schlafzimmer = [
|
||||
"sensor.schlafzimmer_temperatur"
|
||||
"sensor.schlafzimmer_luftdruck"
|
||||
"sensor.schlafzimmer_luftfeuchtigkeit"
|
||||
"switch.lichterkette_schlafzimmer"
|
||||
];
|
||||
arbeitszimmer = [
|
||||
"switch.strom_staubsauger"
|
||||
"sensor.arbeitszimmer_temperatur"
|
||||
"sensor.arbeitszimmer_luftfeuchtigkeit"
|
||||
];
|
||||
};
|
||||
http = { };
|
||||
switch = [
|
||||
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
|
||||
(tasmota_plug "Strom Staubsauger" "arbeitszimmer")
|
||||
];
|
||||
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
|
||||
automation = [
|
||||
{ alias = "Staubsauger Strom aus nach 6h";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "switch.strom_staubsauger";
|
||||
to = "on";
|
||||
for.hours = 6;
|
||||
};
|
||||
action = {
|
||||
service= "homeassistant.turn_off";
|
||||
entity_id= "switch.strom_staubsauger";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
enable = true;
|
||||
|
@ -41,6 +41,7 @@ let
|
||||
autosync = { };
|
||||
fenkins = { };
|
||||
pass = { };
|
||||
secrets = { };
|
||||
};
|
||||
|
||||
connector-repos = mapAttrs make-priv-repo {
|
||||
|
@ -66,7 +66,7 @@ in
|
||||
cat |derp <<EOF
|
||||
XTerm*background: black
|
||||
XTerm*foreground: white
|
||||
XTerm*FaceName : xft:xos4 Terminus:pixelsize=11
|
||||
XTerm*FaceName : xft:Terminus:pixelsize=12
|
||||
|
||||
URxvt*termName: rxvt
|
||||
URxvt*saveLines: 10000
|
||||
@ -78,7 +78,7 @@ in
|
||||
URxvt.background: black
|
||||
URxvt.urgentOnBell: true
|
||||
URxvt.visualBell: false
|
||||
URxvt.font : xft:xos4 Terminus:size=11
|
||||
URxvt.font : xft:Terminus:size=12
|
||||
|
||||
|
||||
! blue
|
||||
|
@ -4,22 +4,38 @@
|
||||
imports = [
|
||||
./base.nix
|
||||
];
|
||||
users.users.makefu.packages = [ pkgs.chromium ];
|
||||
users.users.makefu = {
|
||||
packages = [ pkgs.chromium ];
|
||||
extraGroups = [ "audio" "pulse" ];
|
||||
};
|
||||
services.xserver = {
|
||||
layout = lib.mkForce "de";
|
||||
xkbVariant = lib.mkForce "";
|
||||
|
||||
windowManager = lib.mkForce {
|
||||
awesome.enable = false;
|
||||
default = "none";
|
||||
};
|
||||
desktopManager.xfce.enable = true;
|
||||
desktopManager.xfce = {
|
||||
extraSessionCommands = ''
|
||||
${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms
|
||||
${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1
|
||||
'';
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# xrandrHeads = [ "HDMI1" "HDMI2" ];
|
||||
# prevent screen from turning off, disable dpms
|
||||
displayManager.sessionCommands = ''
|
||||
xset -display :0 s off -dpms
|
||||
xrandr --output HDMI2 --right-of HDMI1
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.xset-off = {
|
||||
after = [ "display-manager.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms";
|
||||
RemainAfterExit = "yes";
|
||||
TimeoutSec = "5s";
|
||||
RestartSec="5s";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1,12 +1,18 @@
|
||||
{
|
||||
{pkgs, ... }: {
|
||||
home-manager.users.makefu = {
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
defaultCacheTtl = 900;
|
||||
maxCacheTtl = 7200;
|
||||
defaultCacheTtlSsh = 3600;
|
||||
maxCacheTtlSsh = 86400;
|
||||
enableSshSupport = true;
|
||||
enableScDaemon = true;
|
||||
};
|
||||
programs.fzf.enable = true; # alt-c
|
||||
};
|
||||
services.udev.packages = [
|
||||
pkgs.libu2f-host
|
||||
pkgs.yubikey-personalization
|
||||
];
|
||||
}
|
||||
|
@ -4,4 +4,7 @@
|
||||
];
|
||||
home-manager.users.makefu = {
|
||||
};
|
||||
environment.variables = {
|
||||
GTK_DATA_PREFIX = "/run/current-system/sw";
|
||||
};
|
||||
}
|
||||
|
@ -1,13 +1,27 @@
|
||||
{pkgs, ... }: {
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
home-manager.users.makefu = {
|
||||
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
|
||||
programs.firefox.enable = true;
|
||||
services.network-manager-applet.enable = true;
|
||||
systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
|
||||
services.blueman-applet.enable = true;
|
||||
services.pasystray.enable = true;
|
||||
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
|
||||
programs.chromium = {
|
||||
enable = true;
|
||||
extensions = [
|
||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
|
||||
# "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
|
||||
"fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine
|
||||
"gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy
|
||||
"abkfbakhjpmblaafnpgjppbmioombali" # memex
|
||||
"kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
|
||||
];
|
||||
};
|
||||
|
||||
systemd.user.services.network-manager-applet.Service.Environment = ''
|
||||
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
|
||||
'';
|
||||
systemd.user.services.clipit = {
|
||||
Unit = {
|
||||
Description = "clipboard manager";
|
||||
@ -20,9 +34,7 @@
|
||||
};
|
||||
|
||||
Service = {
|
||||
Environment = ''
|
||||
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
|
||||
'';
|
||||
Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
|
||||
ExecStart = "${pkgs.clipit}/bin/clipit";
|
||||
Restart = "on-abort";
|
||||
};
|
||||
|
@ -1,5 +1,6 @@
|
||||
{
|
||||
home-manager.users.makefu = {
|
||||
accounts.email.maildirBasePath = "/home/makefu/Mail";
|
||||
accounts.email.accounts.syntaxfehler = {
|
||||
address = "felix.richter@syntax-fehler.de";
|
||||
userName = "Felix.Richter@syntax-fehler.de";
|
||||
@ -27,7 +28,7 @@
|
||||
};
|
||||
primary = true;
|
||||
realName = "Felix Richter";
|
||||
passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
|
||||
passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg";
|
||||
};
|
||||
programs.offlineimap.enable = true;
|
||||
programs.offlineimap.extraConfig = {
|
||||
|
@ -1,9 +1,7 @@
|
||||
{ pkgs, ... }:
|
||||
{ # bluetooth+pulse config
|
||||
# for blueman-applet
|
||||
users.users.makefu.packages = [
|
||||
pkgs.blueman
|
||||
];
|
||||
users.users.makefu.packages = [ pkgs.blueman ];
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
package = pkgs.pulseaudioFull;
|
||||
@ -39,4 +37,5 @@
|
||||
Enable=Source,Sink,Media,Socket
|
||||
'';
|
||||
};
|
||||
services.dbus.packages = [ pkgs.blueman ];
|
||||
}
|
||||
|
@ -27,4 +27,7 @@
|
||||
powersave = true;
|
||||
scanRandMacAddress = true;
|
||||
};
|
||||
state = [
|
||||
"/etc/NetworkManager/system-connections" #NM stateful config files
|
||||
];
|
||||
}
|
||||
|
10
makefu/2configs/hw/switch.nix
Normal file
10
makefu/2configs/hw/switch.nix
Normal file
@ -0,0 +1,10 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "plugdev" ];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
|
||||
'';
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
{config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
systemd.user.services.duply-secrets = {
|
||||
description = "run daily secrets backup";
|
||||
startAt = "daily";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
|
||||
};
|
||||
};
|
||||
}
|
@ -39,4 +39,5 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
state = [ base-dir ];
|
||||
}
|
||||
|
@ -21,6 +21,7 @@ let
|
||||
tw-pass-file = "${sec}/tw-pass.ini";
|
||||
|
||||
in {
|
||||
state = [ base-dir ];
|
||||
services.phpfpm = {
|
||||
# phpfpm does not have an enable option
|
||||
poolConfigs = {
|
||||
|
@ -5,11 +5,11 @@ let
|
||||
in {
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [
|
||||
pkgs.samsungUnifiedLinuxDriver
|
||||
pkgs.cups-dymo # dymo labelwriter
|
||||
pkgs.foo2zjs # magicolor 1690mf
|
||||
pkgs.zj-58
|
||||
drivers = with pkgs; [
|
||||
samsungUnifiedLinuxDriver
|
||||
cups-dymo # dymo labelwriter
|
||||
foo2zjs # magicolor 1690mf
|
||||
cups-zj-58
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -1,19 +0,0 @@
|
||||
_:
|
||||
let
|
||||
listenPort = 60123;
|
||||
xml-port = 5000;
|
||||
authfile = <torrent-secrets/authfile>;
|
||||
in {
|
||||
makefu.rtorrent = {
|
||||
enable = true;
|
||||
web = {
|
||||
enable = true;
|
||||
enableAuth = true;
|
||||
inherit authfile;
|
||||
};
|
||||
rutorrent.enable = true;
|
||||
enableXMLRPC = true;
|
||||
logLevel = "debug";
|
||||
inherit listenPort;
|
||||
};
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
shack-announce = pkgs.callPackage (builtins.fetchTarball {
|
||||
url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz";
|
||||
sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav";
|
||||
url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz";
|
||||
sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd";
|
||||
}) {} ;
|
||||
home = "/var/lib/shackannounce";
|
||||
user = "shackannounce";
|
31
makefu/2configs/shack/gitlab-runner/default.nix
Normal file
31
makefu/2configs/shack/gitlab-runner/default.nix
Normal file
@ -0,0 +1,31 @@
|
||||
|
||||
{
|
||||
systemd.services.gitlab-runner.path = [
|
||||
"/run/wrappers" # /run/wrappers/bin/su
|
||||
"/" # /bin/sh
|
||||
];
|
||||
services.gitlab-runner = {
|
||||
enable = true;
|
||||
configOptions =
|
||||
{ concurrent = 1;
|
||||
runners = [
|
||||
{ builds_dir = "";
|
||||
#docker =
|
||||
#{ cache_dir = "";
|
||||
# disable_cache = true;
|
||||
# host = ""; image = "nixos/nix:2.1.3";
|
||||
# privileged = true;
|
||||
#};
|
||||
#executor = "docker";
|
||||
# name = "docker-nix";
|
||||
name = "gum-shell";
|
||||
executor = "shell";
|
||||
environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
|
||||
# generate via `gitlab-runner register`
|
||||
token = import <secrets/shackspace-gitlab-ci-token.nix>;
|
||||
url = "https://git.shackspace.de/";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -27,12 +27,14 @@ in {
|
||||
systemd.services.arafetch = {
|
||||
startAt = "Mon,Wed,Fri 09:15:00";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
environment = {
|
||||
OUTDIR = home;
|
||||
};
|
||||
path = [ pkg pkgs.git pkgs.wget ];
|
||||
serviceConfig = {
|
||||
User = "arafetch";
|
||||
Restart = "always";
|
||||
WorkingDirectory = home;
|
||||
PrivateTmp = true;
|
||||
ExecStart = pkgs.writeDash "start-weekrun" ''
|
||||
|
11
makefu/2configs/taskd.nix
Normal file
11
makefu/2configs/taskd.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{config, ... }:
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
services.taskserver.listenHost = "::";
|
||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
'';
|
||||
}
|
@ -9,7 +9,7 @@
|
||||
dex2jar
|
||||
apktool
|
||||
jd-gui
|
||||
android-studio
|
||||
# android-studio
|
||||
jdk
|
||||
jre
|
||||
openssl
|
||||
|
@ -3,7 +3,7 @@
|
||||
{
|
||||
users.users.makefu.packages = with pkgs; [
|
||||
taskwarrior
|
||||
pass
|
||||
(pass.withExtensions (ext: [ ext.pass-otp ]))
|
||||
gopass
|
||||
mutt
|
||||
weechat
|
||||
|
@ -6,7 +6,6 @@
|
||||
gimp
|
||||
inkscape
|
||||
libreoffice
|
||||
quodlibet
|
||||
# skype
|
||||
synergy
|
||||
tdesktop
|
||||
|
@ -7,10 +7,12 @@
|
||||
vlc
|
||||
mumble
|
||||
mplayer
|
||||
quodlibet
|
||||
quodlibet # exfalso
|
||||
|
||||
plowshare
|
||||
streamripper
|
||||
youtube-dl
|
||||
|
||||
pulseeffects
|
||||
];
|
||||
}
|
||||
|
@ -7,6 +7,8 @@
|
||||
rclone
|
||||
exfat
|
||||
(pkgs.callPackage ./secrets.nix {})
|
||||
|
||||
opensc pcsctools libu2f-host
|
||||
];
|
||||
|
||||
# boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ pass, write, writeDash, ... }:
|
||||
|
||||
write "secrets" {
|
||||
"/bin/secrets".link = writeDash "brain" ''
|
||||
"/bin/secrets".link = writeDash "secrets" ''
|
||||
PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
|
||||
exec ${pass}/bin/pass $@
|
||||
'';
|
||||
|
@ -3,12 +3,11 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
daemon-user = "tor";
|
||||
basicAuth = import <torrent-secrets/auth.nix>;
|
||||
peer-port = 51412;
|
||||
web-port = 8112;
|
||||
daemon-port = 58846;
|
||||
base-dir = config.makefu.dl-dir;
|
||||
base-dir = config.krebs.rtorrent.workDir;
|
||||
in {
|
||||
|
||||
users.users = {
|
||||
@ -23,17 +22,6 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
# todo: race condition, do this after download user has been created
|
||||
system.activationScripts."download-dir-chmod" = ''
|
||||
for i in finished watch; do
|
||||
if test ! -d $i;then
|
||||
mkdir -p "${base-dir}/$i"
|
||||
chown rtorrent:download "${base-dir}/$i"
|
||||
chmod 775 "${base-dir}/$i"
|
||||
fi
|
||||
done
|
||||
'';
|
||||
|
||||
users.extraGroups = {
|
||||
download = {
|
||||
gid = lib.mkDefault (genid "download");
|
||||
@ -57,15 +45,17 @@ in {
|
||||
rutorrent.enable = true;
|
||||
enableXMLRPC = true;
|
||||
listenPort = peer-port;
|
||||
downloadDir = base-dir + "/finished";
|
||||
watchDir = base-dir + "/watch";
|
||||
downloadDir = config.makefu.dl-dir;
|
||||
# dump old torrents into watch folder to have them re-added
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
|
||||
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
|
||||
'';
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ peer-port ];
|
||||
networking.firewall.allowedUDPPorts = [ peer-port ];
|
||||
state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
|
||||
}
|
||||
|
@ -1,26 +1,9 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.krebs.build.user;
|
||||
vboxguestpkg = lib.stdenv.mkDerivation rec {
|
||||
name = "Virtualbox-Extensions-${version}-${rev}";
|
||||
version = "5.0.20";
|
||||
rev = "106931";
|
||||
src = pkgs.fetchurl {
|
||||
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
|
||||
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
|
||||
};
|
||||
};
|
||||
in {
|
||||
{
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
nixpkgs.config.virtualbox.enableExtensionPack = true;
|
||||
virtualisation.virtualbox.host.enableHardening = false;
|
||||
|
||||
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override {
|
||||
buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
|
||||
++ [ vboxguestpkg ];
|
||||
};
|
||||
};
|
||||
users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ];
|
||||
}
|
||||
|
@ -1,33 +1,31 @@
|
||||
{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }:
|
||||
{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }:
|
||||
let
|
||||
|
||||
mymbedtls = lib.overrideDerivation mbedtls (old: rec {
|
||||
name = "mbedtls-${version}";
|
||||
version = "2.13.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "ARMmbed";
|
||||
repo = "mbedtls";
|
||||
rev = name;
|
||||
sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
|
||||
};
|
||||
buildInputs = old.buildInputs ++ [ python2 ];
|
||||
postConfigure = ''
|
||||
perl scripts/config.pl set MBEDTLS_CMAC_C
|
||||
'';
|
||||
doCheck = false;
|
||||
|
||||
});
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "4nxci-${version}";
|
||||
version = "1.30";
|
||||
|
||||
version = "1.35";
|
||||
src = fetchFromGitHub {
|
||||
owner = "The-4n";
|
||||
repo = "4NXCI";
|
||||
rev = "v${version}";
|
||||
sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh";
|
||||
sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6";
|
||||
};
|
||||
|
||||
mymbedtls = stdenv.mkDerivation {
|
||||
name = "mbedtls-${version}";
|
||||
version = "2.6.1";
|
||||
doCheck = false;
|
||||
inherit src;
|
||||
buildInputs = [ perl ];
|
||||
phases = [ "unpackPhase" "buildPhase" "installPhase" ];
|
||||
makeFlags = [ "DESTDIR=$(out)" ];
|
||||
buildPhase = ''
|
||||
cp config.mk.template config.mk
|
||||
cd mbedtls
|
||||
make
|
||||
'';
|
||||
};
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "4nxci-${version}";
|
||||
|
||||
inherit src version;
|
||||
buildPhase = ''
|
||||
cp config.mk.template config.mk
|
||||
sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile
|
@ -572,9 +572,9 @@ local os = {
|
||||
do
|
||||
local cmds =
|
||||
{
|
||||
"@networkmanagerapplet@/bin/nm-applet",
|
||||
"@blueman@/bin/blueman-applet",
|
||||
"@clipit@/bin/clipit"
|
||||
-- "@networkmanagerapplet@/bin/nm-applet",
|
||||
-- "@blueman@/bin/blueman-applet",
|
||||
-- "@clipit@/bin/clipit"
|
||||
}
|
||||
|
||||
for _,i in pairs(cmds) do
|
||||
|
@ -1,95 +0,0 @@
|
||||
{ stdenv, fetchFromGitHub
|
||||
, ninja
|
||||
, boost
|
||||
, meson
|
||||
, pkgconfig
|
||||
, wrapGAppsHook
|
||||
, appstream-glib
|
||||
, desktop-file-utils
|
||||
, gtk3
|
||||
, glib
|
||||
, gst_all_1
|
||||
, gobjectIntrospection
|
||||
, python3Packages
|
||||
, file
|
||||
, cairo , sqlite , gettext
|
||||
, gnome3
|
||||
}:
|
||||
|
||||
let
|
||||
peewee = with python3Packages; buildPythonPackage rec {
|
||||
# https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee
|
||||
pname = "peewee";
|
||||
version = "3.6.4";
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak";
|
||||
};
|
||||
doCheck = false;
|
||||
|
||||
checkPhase = ''
|
||||
python runtests.py
|
||||
'';
|
||||
|
||||
buildInputs = [
|
||||
cython
|
||||
sqlite
|
||||
# psycopg2
|
||||
# mysql-connector
|
||||
];
|
||||
meta.license = stdenv.lib.licenses.mit;
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "cozy-${version}";
|
||||
version = "0.6.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "geigi";
|
||||
repo = "cozy";
|
||||
rev = version;
|
||||
sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
chmod +x data/meson_post_install.py
|
||||
patchShebangs data/meson_post_install.py
|
||||
substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
|
||||
'';
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/com.github.geigi.cozy \
|
||||
--prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
|
||||
|
||||
'';
|
||||
wrapPrefixVariables = [ "PYTHONPATH" ];
|
||||
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson ninja pkgconfig
|
||||
wrapGAppsHook
|
||||
appstream-glib
|
||||
desktop-file-utils
|
||||
gobjectIntrospection
|
||||
|
||||
];
|
||||
buildInputs = with gst_all_1; [ gtk3 glib
|
||||
gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext
|
||||
gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas
|
||||
]
|
||||
++ (with python3Packages; [
|
||||
python gst-python pygobject3 dbus-python mutagen peewee magic
|
||||
|
||||
]);
|
||||
|
||||
checkPhase = ''
|
||||
ninja test
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = ''
|
||||
A modern audio book player for Linux using GTK+ 3
|
||||
'';
|
||||
maintainers = [ maintainers.makefu ];
|
||||
license = licenses.mit;
|
||||
};
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
--- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200
|
||||
+++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200
|
||||
@@ -341,7 +341,7 @@
|
||||
if not scale:
|
||||
scale = 25.4/96 # if no scale is specified, assume inch as baseunit
|
||||
scale /= self.unittouu('1px')
|
||||
- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
|
||||
+ h = self.unittouu(self.documentHeight())
|
||||
self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
|
||||
doc = self.document.getroot()
|
||||
self.process_group(doc)
|
||||
|
@ -30,9 +30,6 @@ in {
|
||||
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
|
||||
inherit (callPackage ./devpi {}) devpi-web ;
|
||||
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
|
||||
inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
|
||||
patches = [ ./custom/inkscape/dxf_fix.patch ];
|
||||
});
|
||||
}
|
||||
|
||||
// (mapAttrs (_: flip callPackage {})
|
||||
|
@ -1,32 +0,0 @@
|
||||
{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "${pname}-2-35-0";
|
||||
pname = "esniper";
|
||||
version = "2.35.0";
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/${pname}/${name}.tgz";
|
||||
sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9";
|
||||
};
|
||||
|
||||
|
||||
buildInputs = [ openssl curl ];
|
||||
|
||||
# Add support for CURL_CA_BUNDLE variable.
|
||||
# Fix <http://sourceforge.net/p/esniper/bugs/648/>.
|
||||
patches = [ ./find-ca-bundle.patch ];
|
||||
|
||||
postInstall = ''
|
||||
sed <"frontends/snipe" >"$out/bin/snipe" \
|
||||
-e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\""
|
||||
chmod 555 "$out/bin/snipe"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Simple, lightweight tool for sniping eBay auctions";
|
||||
homepage = http://esniper.sourceforge.net;
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ lovek323 peti ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
@ -1,26 +0,0 @@
|
||||
diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c
|
||||
--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100
|
||||
+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200
|
||||
@@ -200,6 +200,9 @@
|
||||
int
|
||||
initCurlStuff(void)
|
||||
{
|
||||
+ /* Path to OpenSSL bundle file. */
|
||||
+ const char *ssl_capath=NULL;
|
||||
+
|
||||
/* list for custom headers */
|
||||
struct curl_slist *slist=NULL;
|
||||
|
||||
@@ -241,6 +244,12 @@
|
||||
if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, "")))
|
||||
return initCurlStuffFailed();
|
||||
|
||||
+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its
|
||||
+ * contents to curl. */
|
||||
+ if ((ssl_capath = getenv("CURL_CA_BUNDLE")))
|
||||
+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath)))
|
||||
+ return initCurlStuffFailed();
|
||||
+
|
||||
slist = curl_slist_append(slist, "Accept: text/*");
|
||||
slist = curl_slist_append(slist, "Accept-Language: en");
|
||||
slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8");
|
@ -1,45 +0,0 @@
|
||||
{ stdenv, fetchFromGitHub , pkgconfig
|
||||
, pcsclite
|
||||
, autoreconfHook
|
||||
, libnfc
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ifdnfc-${version}";
|
||||
version = "2016-03-01";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nfc-tools";
|
||||
repo = "ifdnfc";
|
||||
rev = "0e48e8e";
|
||||
sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg";
|
||||
};
|
||||
nativeBuildInputs = [ pkgconfig autoreconfHook ];
|
||||
buildInputs = [ pcsclite libnfc ];
|
||||
|
||||
configureFlags = [ "--prefix=$(out)" ];
|
||||
makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "PC/SC IFD Handler based on libnfc";
|
||||
long_description =
|
||||
'' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>.
|
||||
It provides support for all readers which are not supported by ccid but by libnfc.
|
||||
|
||||
For activating your reader you need to run
|
||||
<code>ifdnfc-activate yes<code> with this package in your
|
||||
<code>environment.systemPackages</code>
|
||||
|
||||
To use your reader you may need to blacklist your reader kernel modules:
|
||||
<code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code>
|
||||
|
||||
Supports the pn533 smart-card reader chip which is for example used in
|
||||
the SCM SCL3711.
|
||||
'';
|
||||
homepage = https://github.com/nfc-tools/ifdnfc;
|
||||
license = licenses.gpl3;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ makefu ];
|
||||
};
|
||||
}
|
||||
|
@ -1,36 +0,0 @@
|
||||
{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "${packageName}-${version}";
|
||||
packageName = "jd-gui";
|
||||
version = "1.4.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar";
|
||||
sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper unzip ];
|
||||
|
||||
phases = [ "installPhase" ];
|
||||
|
||||
installPhase = ''
|
||||
f=$out/lib/jd-gui/
|
||||
bin=$out/bin
|
||||
name=$(basename $src)
|
||||
mkdir -p $f $bin
|
||||
|
||||
# fixup path to java
|
||||
cp $src $f
|
||||
cat > $bin/jd-gui <<EOF
|
||||
#!/bin/sh
|
||||
exec ${pkgs.jre}/bin/java -jar $f/$name \$@
|
||||
EOF
|
||||
chmod +x $bin/jd-gui
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/java-decompiler/jd-gui;
|
||||
description = "A standalone Java Decompiler GUI";
|
||||
license = lib.licenses.gpl3;
|
||||
};
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
{ pkgs, lib ,python2Packages, fetchurl, gtk3}:
|
||||
python2Packages.buildPythonPackage rec {
|
||||
name = "mcomix-${version}";
|
||||
version = "1.2.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/mcomix/${name}.tar.bz2";
|
||||
sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python2Packages;
|
||||
[ python2Packages.pygtk gtk3 python2Packages.pillow ];
|
||||
|
||||
# for module in sys.modules.itervalues():
|
||||
# RuntimeError: dictionary changed size during iteration
|
||||
doCheck = false;
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/pyload/pyload;
|
||||
description = "Free and Open Source download manager written in Python";
|
||||
license = lib.licenses.gpl3;
|
||||
maintainers = with lib.maintainers; [ makefu ];
|
||||
};
|
||||
}
|
36
makefu/5pkgs/ns-atmosphere-programmer/default.nix
Normal file
36
makefu/5pkgs/ns-atmosphere-programmer/default.nix
Normal file
@ -0,0 +1,36 @@
|
||||
{ stdenv, fetchzip
|
||||
, makeWrapper
|
||||
, autoPatchelfHook
|
||||
, xlibs
|
||||
, gnome3
|
||||
, libpng12
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ns-atmosphere-programmer-${version}";
|
||||
version = "0.1";
|
||||
|
||||
src = fetchzip {
|
||||
url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
|
||||
sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
|
||||
};
|
||||
|
||||
buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
|
||||
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
|
||||
|
||||
installPhase = ''
|
||||
install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
|
||||
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
|
||||
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
|
||||
'';
|
||||
|
||||
dontStrip = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Payload programmer for ns-atmosphere injector";
|
||||
homepage = http://www.ns-atmosphere.com;
|
||||
maintainers = [ maintainers.makefu ];
|
||||
platforms = platforms.linux;
|
||||
license = with licenses; [ unfree ];
|
||||
};
|
||||
|
||||
}
|
24
makefu/5pkgs/switch-launcher/default.nix
Normal file
24
makefu/5pkgs/switch-launcher/default.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ lib, pkgs, python3Packages, ... }:
|
||||
|
||||
with python3Packages; buildPythonPackage rec {
|
||||
name = "nodemcu-uploader-${version}";
|
||||
version = "0.1.0";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ksmit799";
|
||||
repo = "switch-launcher";
|
||||
rev = version;
|
||||
sha256 = "0j24dwiqqjiks59s8gilnplsls130mp1jssg2rpjrvj0jg0w52zz";
|
||||
};
|
||||
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pyusb
|
||||
];
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/ksmit799/switch-launcher;
|
||||
description = "Desktop switch payload launcher based on a modified reswitched injector";
|
||||
license = lib.licenses.bsd3;
|
||||
};
|
||||
}
|
64
makefu/5pkgs/targetcli/default.nix
Normal file
64
makefu/5pkgs/targetcli/default.nix
Normal file
@ -0,0 +1,64 @@
|
||||
{ pkgs, fetchFromGitHub, ... }:
|
||||
with pkgs.python2Packages;
|
||||
let
|
||||
version = "2.1";
|
||||
rtslib = buildPythonPackage rec {
|
||||
pname = "rtslib";
|
||||
inherit version;
|
||||
src = fetchFromGitHub {
|
||||
owner = "datera";
|
||||
repo = "rtslib";
|
||||
rev = version;
|
||||
sha256 = "1d58k9i4xigfqgycyismsqzkz65ssjdri2v9fg0wpica1klyyv22";
|
||||
};
|
||||
propagatedBuildInputs = [ ipaddr netifaces configobj ];
|
||||
};
|
||||
configshell = buildPythonPackage rec {
|
||||
pname = "configshell";
|
||||
version = "1.6";
|
||||
src = fetchFromGitHub {
|
||||
owner = "datera";
|
||||
repo = "configshell";
|
||||
rev = version;
|
||||
sha256 = "14n7xbcaicsvwajv1aihz727dlkn6zfaqjbnn7mcpns83c2hms7y";
|
||||
};
|
||||
propagatedBuildInputs = [ pyparsing ];
|
||||
};
|
||||
|
||||
tcm-py = buildPythonPackage rec {
|
||||
pname = "tcm-py";
|
||||
version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
|
||||
src = fetchFromGitHub {
|
||||
owner = "datera";
|
||||
repo = "lio-utils";
|
||||
rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
|
||||
sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
|
||||
} + "/tcm-py";
|
||||
propagatedBuildInputs = [ ];
|
||||
};
|
||||
|
||||
lio-py = buildPythonPackage rec {
|
||||
pname = "lio-py";
|
||||
version = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
|
||||
src = fetchFromGitHub {
|
||||
owner = "datera";
|
||||
repo = "lio-utils";
|
||||
rev = "0ac9091c1ff7a52d5435a4f4449e82637142e06e";
|
||||
sha256 = "0fc922kxvgr7rwg1y875vqvkipcrixmlafsp5g8mipmq90i8zcq0";
|
||||
} + "/lio-py";
|
||||
propagatedBuildInputs = [ ];
|
||||
};
|
||||
|
||||
in buildPythonApplication rec {
|
||||
pname = "targetcli";
|
||||
inherit version;
|
||||
|
||||
propagatedBuildInputs = [ rtslib configshell lio-py tcm-py ];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "datera";
|
||||
repo = "targetcli";
|
||||
rev = version;
|
||||
sha256 = "10nax7761g93qzky01y3hra8i4s11cgyy9w5w6l8781lj21lgi3d";
|
||||
};
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
{stdenv, fetchFromGitHub, cups}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "cups-zj58-2018-02-22";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "klirichek";
|
||||
repo = "zj-58";
|
||||
rev = "e4212cd";
|
||||
sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi";
|
||||
};
|
||||
|
||||
buildInputs = [cups];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib/cups/filter
|
||||
|
||||
cp rastertozj $out/lib/cups/filter
|
||||
|
||||
|
||||
mkdir -p $out/share/cups/model/zjiang
|
||||
cp ZJ-58.ppd $out/share/cups/model/zjiang/
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "CUPS filter for thermal printer Zjiang ZJ-58";
|
||||
homepage = https://github.com/klirichek/zj-58;
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
};
|
||||
}
|
@ -69,7 +69,7 @@
|
||||
(lib.mkIf ( host-src.home-manager ) {
|
||||
home-manager.git = {
|
||||
url = https://github.com/rycee/home-manager;
|
||||
ref = "6eea2a4";
|
||||
ref = "f947faf";
|
||||
};
|
||||
})
|
||||
];
|
||||
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/makefu/nixpkgs",
|
||||
"rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8",
|
||||
"date": "2018-08-06T14:29:01+02:00",
|
||||
"sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6",
|
||||
"rev": "86fb1e9ae6ba6dfedc814b82abd8db5cfa4f4687",
|
||||
"date": "2018-10-07T23:33:42+02:00",
|
||||
"sha256": "015yxs3qj299mgqfmz5vgszj2gxqwazifsdsjw6xadris3ri41d3",
|
||||
"fetchSubmodules": true
|
||||
}
|
||||
|
@ -1 +0,0 @@
|
||||
{}
|
@ -1,132 +0,0 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/nin>
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
#../2configs/copyq.nix
|
||||
<stockholm/nin/2configs/ableton.nix>
|
||||
<stockholm/nin/2configs/games.nix>
|
||||
<stockholm/nin/2configs/git.nix>
|
||||
<stockholm/nin/2configs/retiolum.nix>
|
||||
<stockholm/nin/2configs/termite.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.axon;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/pool/root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/tmp" =
|
||||
{ device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sda1";
|
||||
fsType = "ext2";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices.crypted.device = "/dev/sda2";
|
||||
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# nin config
|
||||
time.timeZone = "Europe/Berlin";
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
displayManager.lightdm.enable = true;
|
||||
};
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
#networking.wireless.enable = true;
|
||||
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
#nixpkgs.config.steam.java = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
atom
|
||||
chromium
|
||||
firefox
|
||||
git
|
||||
htop
|
||||
keepassx
|
||||
lmms
|
||||
networkmanagerapplet
|
||||
openvpn
|
||||
python
|
||||
ruby
|
||||
steam
|
||||
taskwarrior
|
||||
thunderbird
|
||||
vim
|
||||
virtmanager
|
||||
];
|
||||
|
||||
nixpkgs.config = {
|
||||
|
||||
allowUnfree = true;
|
||||
|
||||
};
|
||||
|
||||
#services.logind.extraConfig = "HandleLidSwitch=ignore";
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
${pkgs.xorg.xhost}/bin/xhost + local:
|
||||
'';
|
||||
|
||||
services.xserver.desktopManager.xfce = let
|
||||
xbindConfig = pkgs.writeText "xbindkeysrc" ''
|
||||
"${pkgs.pass}/bin/passmenu --type"
|
||||
Control + p
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
extraSessionCommands = ''
|
||||
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "17.03";
|
||||
|
||||
}
|
@ -1,126 +0,0 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/nin>
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
#../2configs/copyq.nix
|
||||
<stockholm/nin/2configs/games.nix>
|
||||
<stockholm/nin/2configs/git.nix>
|
||||
<stockholm/nin/2configs/retiolum.nix>
|
||||
<stockholm/nin/2configs/termite.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hiawatha;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/tmp" =
|
||||
{ device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/fam/home";
|
||||
};
|
||||
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
|
||||
fsType = "ext2";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
fileSystems."/home/nin/.local/share/Steam" = {
|
||||
device = "/dev/fam/steam";
|
||||
};
|
||||
|
||||
# nin config
|
||||
time.timeZone = "Europe/Berlin";
|
||||
services.xserver.enable = true;
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
#networking.wireless.enable = true;
|
||||
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
#nixpkgs.config.steam.java = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
firefox
|
||||
git
|
||||
lmms
|
||||
networkmanagerapplet
|
||||
python
|
||||
steam
|
||||
thunderbird
|
||||
vim
|
||||
virtmanager
|
||||
];
|
||||
|
||||
nixpkgs.config = {
|
||||
|
||||
allowUnfree = true;
|
||||
|
||||
};
|
||||
|
||||
#services.logind.extraConfig = "HandleLidSwitch=ignore";
|
||||
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
|
||||
services.xserver.desktopManager.xfce = let
|
||||
xbindConfig = pkgs.writeText "xbindkeysrc" ''
|
||||
"${pkgs.pass}/bin/passmenu --type"
|
||||
Control + p
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
extraSessionCommands = ''
|
||||
${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "17.03";
|
||||
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/nin>
|
||||
<stockholm/nin/2configs/retiolum.nix>
|
||||
<stockholm/nin/2configs/weechat.nix>
|
||||
<stockholm/nin/2configs/git.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.onondaga;
|
||||
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
services.openssh.enable = true;
|
||||
}
|
@ -1,20 +0,0 @@
|
||||
{ config, pkgs, ... }: let
|
||||
mainUser = config.users.extraUsers.nin;
|
||||
in {
|
||||
users.users= {
|
||||
ableton = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
];
|
||||
packages = [
|
||||
pkgs.wine
|
||||
pkgs.winetricks
|
||||
];
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(ableton) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
@ -1,38 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
copyqConfig = pkgs.writeDash "copyq-config" ''
|
||||
${pkgs.copyq}/bin/copyq config check_clipboard true
|
||||
${pkgs.copyq}/bin/copyq config check_selection true
|
||||
${pkgs.copyq}/bin/copyq config copy_clipboard true
|
||||
${pkgs.copyq}/bin/copyq config copy_selection true
|
||||
|
||||
${pkgs.copyq}/bin/copyq config activate_closes true
|
||||
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
|
||||
${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
|
||||
${pkgs.copyq}/bin/copyq config disable_tray true
|
||||
${pkgs.copyq}/bin/copyq config hide_tabs true
|
||||
${pkgs.copyq}/bin/copyq config hide_toolbar true
|
||||
${pkgs.copyq}/bin/copyq config item_popup_interval true
|
||||
${pkgs.copyq}/bin/copyq config maxitems 1000
|
||||
${pkgs.copyq}/bin/copyq config move true
|
||||
${pkgs.copyq}/bin/copyq config text_wrap true
|
||||
'';
|
||||
in {
|
||||
systemd.user.services.copyq = {
|
||||
after = [ "graphical.target" ];
|
||||
wants = [ "graphical.target" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "copyq";
|
||||
ExecStart = "${pkgs.copyq}/bin/copyq";
|
||||
ExecStartPost = copyqConfig;
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,173 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
../2configs/vim.nix
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
(import <secrets/hashedPasswords.nix>);
|
||||
}
|
||||
{
|
||||
users.users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
config.krebs.users.nin_h.pubkey
|
||||
];
|
||||
};
|
||||
nin = {
|
||||
name = "nin";
|
||||
uid = 1337;
|
||||
home = "/home/nin";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"fuse"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
config.krebs.users.nin_h.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
environment.variables = {
|
||||
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
|
||||
};
|
||||
}
|
||||
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
|
||||
environment.variables = {
|
||||
CURL_CA_BUNDLE = ca-bundle;
|
||||
GIT_SSL_CAINFO = ca-bundle;
|
||||
SSL_CERT_FILE = ca-bundle;
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
nix.maxJobs = config.krebs.build.host.cores;
|
||||
|
||||
krebs = {
|
||||
enable = true;
|
||||
search-domain = "r";
|
||||
build = {
|
||||
user = config.krebs.users.nin;
|
||||
};
|
||||
};
|
||||
|
||||
nix.useSandbox = true;
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
services.timesyncd.enable = true;
|
||||
|
||||
#why is this on in the first place?
|
||||
services.nscd.enable = false;
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
# see tmpfiles.d(5)
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /tmp 1777 root root - -"
|
||||
];
|
||||
|
||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
||||
environment.extraInit = ''
|
||||
EDITOR=vim
|
||||
'';
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.shellAliases = {
|
||||
gs = "git status";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
#stockholm
|
||||
git
|
||||
gnumake
|
||||
jq
|
||||
proot
|
||||
pavucontrol
|
||||
populate
|
||||
p7zip
|
||||
termite
|
||||
unzip
|
||||
unrar
|
||||
hashPassword
|
||||
];
|
||||
|
||||
programs.bash = {
|
||||
enableCompletion = true;
|
||||
interactiveShellInit = ''
|
||||
HISTCONTROL='erasedups:ignorespace'
|
||||
HISTSIZE=65536
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
|
||||
shopt -s checkhash
|
||||
shopt -s histappend histreedit histverify
|
||||
shopt -s no_empty_cmd_completion
|
||||
complete -d cd
|
||||
'';
|
||||
promptInit = ''
|
||||
if test $UID = 0; then
|
||||
PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
|
||||
elif test $UID = 1337; then
|
||||
PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
|
||||
else
|
||||
PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
|
||||
fi
|
||||
if test -n "$SSH_CLIENT"; then
|
||||
PS1='\[\033[35m\]\h'" $PS1"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
hostKeys = [
|
||||
# XXX bits here make no science
|
||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||
];
|
||||
};
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
nat.PREROUTING.rules = [
|
||||
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
||||
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
||||
];
|
||||
nat.OUTPUT.rules = [
|
||||
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
||||
];
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
||||
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
|
||||
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
||||
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.dhcpcd.extraConfig = ''
|
||||
noipv4ll
|
||||
'';
|
||||
}
|
@ -1,60 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
out = {
|
||||
services.nginx.enable = true;
|
||||
krebs.git = {
|
||||
enable = true;
|
||||
cgit = {
|
||||
settings = {
|
||||
root-title = "public repositories at ${config.krebs.build.host.name}";
|
||||
root-desc = "keep calm and engage";
|
||||
};
|
||||
};
|
||||
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
|
||||
rules = rules;
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
|
||||
repos = public-repos;
|
||||
|
||||
rules = concatMap make-rules (attrValues repos);
|
||||
|
||||
public-repos = mapAttrs make-public-repo {
|
||||
stockholm = {
|
||||
cgit.desc = "take all the computers hostage, they'll love you!";
|
||||
};
|
||||
};
|
||||
|
||||
make-public-repo = name: { cgit ? {}, ... }: {
|
||||
inherit cgit name;
|
||||
public = true;
|
||||
};
|
||||
|
||||
make-rules =
|
||||
with git // config.krebs.users;
|
||||
repo:
|
||||
singleton {
|
||||
user = [ nin nin_h ];
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
} ++
|
||||
optional repo.public {
|
||||
user = attrValues config.krebs.users;
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
} ++
|
||||
optional (length (repo.collaborators or []) > 0) {
|
||||
user = repo.collaborators;
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
};
|
||||
|
||||
in out
|
@ -1,19 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
(pkgs.writeDashBin "im" ''
|
||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
tmux
|
||||
gnugrep
|
||||
weechat
|
||||
])}
|
||||
ssh chat@onondaga
|
||||
if tmux list-sessions -F\#S | grep -q '^im''$'; then
|
||||
exec tmux attach -t im
|
||||
else
|
||||
exec tmux new -s im weechat
|
||||
fi
|
||||
'')
|
||||
];
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
krebs.tinc.retiolum = {
|
||||
enable = true;
|
||||
connectTo = [
|
||||
"prism"
|
||||
"pigstarter"
|
||||
"gum"
|
||||
"flap"
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
tinc = pkgs.tinc_pre;
|
||||
};
|
||||
}
|
@ -1,27 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.nin;
|
||||
inherit (import <stockholm/lib>) genid;
|
||||
|
||||
in {
|
||||
users.extraUsers = {
|
||||
skype = {
|
||||
name = "skype";
|
||||
uid = genid "skype";
|
||||
description = "user for running skype";
|
||||
home = "/home/skype";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" "video" ];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
krebs.per-user.skype.packages = [
|
||||
pkgs.skype
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(skype) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.termite
|
||||
];
|
||||
|
||||
krebs.per-user.nin.packages = let
|
||||
termitecfg = pkgs.writeTextFile {
|
||||
name = "termite-config";
|
||||
destination = "/etc/xdg/termite/config";
|
||||
text = ''
|
||||
[colors]
|
||||
foreground = #d0d7d0
|
||||
background = #000000
|
||||
'';
|
||||
};
|
||||
in [
|
||||
termitecfg
|
||||
];
|
||||
|
||||
}
|
@ -1,355 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
out = {
|
||||
environment.systemPackages = [
|
||||
vim
|
||||
pkgs.pythonPackages.flake8
|
||||
];
|
||||
|
||||
environment.etc.vimrc.source = vimrc;
|
||||
|
||||
environment.variables.EDITOR = mkForce "vim";
|
||||
environment.variables.VIMINIT = ":so /etc/vimrc";
|
||||
};
|
||||
|
||||
vimrc = pkgs.writeText "vimrc" ''
|
||||
set nocompatible
|
||||
|
||||
set autoindent
|
||||
set backspace=indent,eol,start
|
||||
set backup
|
||||
set backupdir=${dirs.backupdir}/
|
||||
set directory=${dirs.swapdir}//
|
||||
set hlsearch
|
||||
set incsearch
|
||||
set laststatus=2
|
||||
set mouse=a
|
||||
set noruler
|
||||
set pastetoggle=<INS>
|
||||
set runtimepath=${extra-runtimepath},$VIMRUNTIME
|
||||
set shortmess+=I
|
||||
set showcmd
|
||||
set showmatch
|
||||
set ttimeoutlen=0
|
||||
set undodir=${dirs.undodir}
|
||||
set undofile
|
||||
set undolevels=1000000
|
||||
set undoreload=1000000
|
||||
set viminfo='20,<1000,s100,h,n${files.viminfo}
|
||||
set visualbell
|
||||
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
|
||||
set wildmenu
|
||||
set wildmode=longest,full
|
||||
|
||||
set et ts=2 sts=2 sw=2
|
||||
|
||||
filetype plugin indent on
|
||||
|
||||
set t_Co=256
|
||||
colorscheme hack
|
||||
syntax on
|
||||
|
||||
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
||||
\ | syn match TabStop containedin=ALL /\t\+/
|
||||
\ | syn keyword Todo containedin=ALL TODO
|
||||
|
||||
au BufRead,BufNewFile *.hs so ${hs.vim}
|
||||
|
||||
au BufRead,BufNewFile *.nix so ${nix.vim}
|
||||
|
||||
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
|
||||
|
||||
"Syntastic config
|
||||
let g:syntastic_python_checkers=['flake8']
|
||||
|
||||
nmap <esc>q :buffer
|
||||
nmap <M-q> :buffer
|
||||
|
||||
cnoremap <C-A> <Home>
|
||||
|
||||
noremap <C-c> :q<cr>
|
||||
vnoremap < <gv
|
||||
vnoremap > >gv
|
||||
|
||||
nnoremap <esc>[5^ :tabp<cr>
|
||||
nnoremap <esc>[6^ :tabn<cr>
|
||||
nnoremap <esc>[5@ :tabm -1<cr>
|
||||
nnoremap <esc>[6@ :tabm +1<cr>
|
||||
|
||||
nnoremap <f1> :tabp<cr>
|
||||
nnoremap <f2> :tabn<cr>
|
||||
inoremap <f1> <esc>:tabp<cr>
|
||||
inoremap <f2> <esc>:tabn<cr>
|
||||
|
||||
" <C-{Up,Down,Right,Left>
|
||||
noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
|
||||
noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
|
||||
noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
|
||||
noremap <esc>Od <nop> | noremap! <esc>Od <nop>
|
||||
" <[C]S-{Up,Down,Right,Left>
|
||||
noremap <esc>[a <nop> | noremap! <esc>[a <nop>
|
||||
noremap <esc>[b <nop> | noremap! <esc>[b <nop>
|
||||
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
|
||||
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
|
||||
vnoremap u <nop>
|
||||
'';
|
||||
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.Syntastic
|
||||
pkgs.vimPlugins.undotree
|
||||
pkgs.vimPlugins.airline
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line-1.0";
|
||||
src = pkgs.fetchgit {
|
||||
url = git://github.com/bogado/file-line;
|
||||
rev = "refs/tags/1.0";
|
||||
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
|
||||
};
|
||||
})
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "hack";
|
||||
in {
|
||||
name = "vim-color-${name}-1.0.2";
|
||||
destination = "/colors/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
set background=dark
|
||||
hi clear
|
||||
if exists("syntax_on")
|
||||
syntax clear
|
||||
endif
|
||||
|
||||
let colors_name = ${toJSON name}
|
||||
|
||||
hi Normal ctermbg=235
|
||||
hi Comment ctermfg=242
|
||||
hi Constant ctermfg=062
|
||||
hi Identifier ctermfg=068
|
||||
hi Function ctermfg=041
|
||||
hi Statement ctermfg=167
|
||||
hi PreProc ctermfg=167
|
||||
hi Type ctermfg=041
|
||||
hi Delimiter ctermfg=251
|
||||
hi Special ctermfg=062
|
||||
|
||||
hi Garbage ctermbg=088
|
||||
hi TabStop ctermbg=016
|
||||
hi Todo ctermfg=174 ctermbg=NONE
|
||||
|
||||
hi NixCode ctermfg=148
|
||||
hi NixData ctermfg=149
|
||||
hi NixQuote ctermfg=150
|
||||
|
||||
hi diffNewFile ctermfg=207
|
||||
hi diffFile ctermfg=207
|
||||
hi diffLine ctermfg=207
|
||||
hi diffSubname ctermfg=207
|
||||
hi diffAdded ctermfg=010
|
||||
hi diffRemoved ctermfg=009
|
||||
'';
|
||||
})))
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "vim";
|
||||
in {
|
||||
name = "vim-syntax-${name}-1.0.0";
|
||||
destination = "/syntax/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
${concatMapStringsSep "\n" (s: /* vim */ ''
|
||||
syn keyword vimColor${s} ${s}
|
||||
\ containedin=ALLBUT,vimComment,vimLineComment
|
||||
hi vimColor${s} ctermfg=${s}
|
||||
'') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
|
||||
'';
|
||||
})))
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "showsyntax";
|
||||
in {
|
||||
name = "vim-plugin-${name}-1.0.0";
|
||||
destination = "/plugin/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
if exists('g:loaded_showsyntax')
|
||||
finish
|
||||
endif
|
||||
let g:loaded_showsyntax = 0
|
||||
|
||||
fu! ShowSyntax()
|
||||
let id = synID(line("."), col("."), 1)
|
||||
let name = synIDattr(id, "name")
|
||||
let transName = synIDattr(synIDtrans(id),"name")
|
||||
if name != transName
|
||||
let name .= " (" . transName . ")"
|
||||
endif
|
||||
echo "Syntax: " . name
|
||||
endfu
|
||||
|
||||
command! -n=0 -bar ShowSyntax :call ShowSyntax()
|
||||
'';
|
||||
})))
|
||||
];
|
||||
|
||||
dirs = {
|
||||
backupdir = "$HOME/.cache/vim/backup";
|
||||
swapdir = "$HOME/.cache/vim/swap";
|
||||
undodir = "$HOME/.cache/vim/undo";
|
||||
};
|
||||
files = {
|
||||
viminfo = "$HOME/.cache/vim/info";
|
||||
};
|
||||
|
||||
mkdirs = let
|
||||
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
|
||||
in assert out != ""; out;
|
||||
alldirs = attrValues dirs ++ map dirOf (attrValues files);
|
||||
in unique (sort lessThan alldirs);
|
||||
|
||||
vim = pkgs.writeDashBin "vim" ''
|
||||
set -efu
|
||||
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
|
||||
exec ${pkgs.vim}/bin/vim "$@"
|
||||
'';
|
||||
|
||||
|
||||
hs.vim = pkgs.writeText "hs.vim" ''
|
||||
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
|
||||
|
||||
hi link ConId Identifier
|
||||
hi link VarId Identifier
|
||||
hi link hsDelimiter Delimiter
|
||||
'';
|
||||
|
||||
nix.vim = pkgs.writeText "nix.vim" ''
|
||||
setf nix
|
||||
|
||||
" Ref <nix/src/libexpr/lexer.l>
|
||||
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
|
||||
syn match NixINT /\<[0-9]\+\>/
|
||||
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
|
||||
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
|
||||
syn region NixSTRING
|
||||
\ matchgroup=NixSTRING
|
||||
\ start='"'
|
||||
\ skip='\\"'
|
||||
\ end='"'
|
||||
syn region NixIND_STRING
|
||||
\ matchgroup=NixIND_STRING
|
||||
\ start="'''"
|
||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||
\ end="'''"
|
||||
|
||||
syn match NixOther /[():/;=.,?\[\]]/
|
||||
|
||||
syn match NixCommentMatch /\(^\|\s\)#.*/
|
||||
syn region NixCommentRegion start="/\*" end="\*/"
|
||||
|
||||
hi link NixCode Statement
|
||||
hi link NixData Constant
|
||||
hi link NixComment Comment
|
||||
|
||||
hi link NixCommentMatch NixComment
|
||||
hi link NixCommentRegion NixComment
|
||||
hi link NixID NixCode
|
||||
hi link NixINT NixData
|
||||
hi link NixPATH NixData
|
||||
hi link NixHPATH NixData
|
||||
hi link NixSPATH NixData
|
||||
hi link NixURI NixData
|
||||
hi link NixSTRING NixData
|
||||
hi link NixIND_STRING NixData
|
||||
|
||||
hi link NixEnter NixCode
|
||||
hi link NixOther NixCode
|
||||
hi link NixQuote NixData
|
||||
|
||||
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
|
||||
syn cluster nix_ind_strings contains=NixIND_STRING
|
||||
syn cluster nix_strings contains=NixSTRING
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
|
||||
startAlts = filter isString [
|
||||
''/\* ${lang} \*/''
|
||||
extraStart
|
||||
];
|
||||
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
|
||||
in /* vim */ ''
|
||||
syn include @nix_${lang}_syntax syntax/${lang}.vim
|
||||
unlet b:current_syntax
|
||||
|
||||
syn match nix_${lang}_sigil
|
||||
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
|
||||
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
|
||||
\ transparent
|
||||
|
||||
syn region nix_${lang}_region_STRING
|
||||
\ matchgroup=NixSTRING
|
||||
\ start='"'
|
||||
\ skip='\\"'
|
||||
\ end='"'
|
||||
\ contained
|
||||
\ contains=@nix_${lang}_syntax
|
||||
\ transparent
|
||||
|
||||
syn region nix_${lang}_region_IND_STRING
|
||||
\ matchgroup=NixIND_STRING
|
||||
\ start="'''"
|
||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||
\ end="'''"
|
||||
\ contained
|
||||
\ contains=@nix_${lang}_syntax
|
||||
\ transparent
|
||||
|
||||
syn cluster nix_ind_strings
|
||||
\ add=nix_${lang}_region_IND_STRING
|
||||
|
||||
syn cluster nix_strings
|
||||
\ add=nix_${lang}_region_STRING
|
||||
|
||||
syn cluster nix_has_dollar_curly
|
||||
\ add=@nix_${lang}_syntax
|
||||
'') {
|
||||
c = {};
|
||||
cabal = {};
|
||||
haskell = {};
|
||||
sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
|
||||
vim.extraStart =
|
||||
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
|
||||
})}
|
||||
|
||||
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
|
||||
syn clear shVarAssign
|
||||
|
||||
syn region nixINSIDE_DOLLAR_CURLY
|
||||
\ matchgroup=NixEnter
|
||||
\ start="[$]{"
|
||||
\ end="}"
|
||||
\ contains=TOP
|
||||
\ containedin=@nix_has_dollar_curly
|
||||
\ transparent
|
||||
|
||||
syn region nix_inside_curly
|
||||
\ matchgroup=NixEnter
|
||||
\ start="{"
|
||||
\ end="}"
|
||||
\ contains=TOP
|
||||
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
|
||||
\ transparent
|
||||
|
||||
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
|
||||
\ containedin=@nix_ind_strings
|
||||
\ contained
|
||||
|
||||
syn match NixQuote /\\./he=s+1
|
||||
\ containedin=@nix_strings
|
||||
\ contained
|
||||
|
||||
syn sync fromstart
|
||||
|
||||
let b:current_syntax = "nix"
|
||||
|
||||
set isk=@,48-57,_,192-255,-,'
|
||||
set bg=dark
|
||||
'';
|
||||
in
|
||||
out
|
@ -1,21 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (import <stockholm/lib>) genid;
|
||||
in {
|
||||
krebs.per-user.chat.packages = with pkgs; [
|
||||
mosh
|
||||
weechat
|
||||
tmux
|
||||
];
|
||||
|
||||
users.extraUsers.chat = {
|
||||
home = "/home/chat";
|
||||
uid = genid "chat";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
}
|
@ -1,7 +0,0 @@
|
||||
_:
|
||||
{
|
||||
imports = [
|
||||
../krebs
|
||||
./2configs
|
||||
];
|
||||
}
|
Loading…
Reference in New Issue
Block a user