Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-08-05 12:01:07 +02:00
commit f1124bd208
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
29 changed files with 165 additions and 448 deletions

View File

@ -70,6 +70,12 @@ let
type = types.hostname; type = types.hostname;
default = "r"; default = "r";
}; };
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
};
zone-head-config = mkOption { zone-head-config = mkOption {
type = with types; attrsOf str; type = with types; attrsOf str;
description = '' description = ''

View File

@ -96,8 +96,8 @@ with import <stockholm/lib>;
ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab";
aliases = [ aliases = [
"prism.r" "prism.r"
"build.prism.r"
"cache.prism.r" "cache.prism.r"
"cgit.prism.r"
"paste.r" "paste.r"
"p.r" "p.r"
]; ];

View File

@ -323,6 +323,7 @@ with import <stockholm/lib>;
aliases = [ aliases = [
"xu.r" "xu.r"
"cgit.xu.r" "cgit.xu.r"
"krebs.xu.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -374,6 +375,14 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu"; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
}; };
}; };
sitemap = {
"http://cgit.krebsco.de" = {
desc = "Git repositories";
};
"http://krebs.xu.r" = {
desc = "krebs-pages mirror";
};
};
users = { users = {
dv = { dv = {
mail = "dv@alnus.r"; mail = "dv@alnus.r";

View File

@ -1,21 +0,0 @@
{ stdenv, fetchgit, cmake, ncurses, openssl, readline, ... }:
stdenv.mkDerivation rec {
name = "tarantool-1.7.1-164-g0fd0239";
src = fetchgit {
url = https://github.com/tarantool/tarantool;
rev = builtins.elemAt (builtins.match ".*-g([0-9a-f]+)" name) 0;
sha256 = "1jnaiizbl9j4a8vsihqx75iqa9bkh1kpwsyrgmim8ikiyzfw54dz";
fetchSubmodules = true;
};
buildInputs = [
cmake
ncurses
openssl
readline
];
preConfigure = ''
echo ${(builtins.parseDrvName name).version} > VERSION
sed -i 's/NAMES termcap/NAMES ncurses/' cmake/FindTermcap.cmake
'';
}

View File

@ -29,10 +29,11 @@ with import <stockholm/lib>;
execveBin = name: cfg: execveBin = name: cfg:
pkgs.execve name (cfg // { destination = "/bin/${name}"; }); pkgs.execve name (cfg // { destination = "/bin/${name}"; });
makeScriptWriter = interpreter: name: text: makeScriptWriter = { interpreter, check ? null }: name: text:
assert (with types; either absolute-pathname filename).check name; assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) { pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = { ${optionalString (types.absolute-pathname.check name) name} = {
inherit check;
executable = true; executable = true;
text = "#! ${interpreter}\n${text}"; text = "#! ${interpreter}\n${text}";
}; };
@ -69,7 +70,9 @@ with import <stockholm/lib>;
strip --strip-unneeded "$exe" strip --strip-unneeded "$exe"
''; '';
writeDash = pkgs.makeScriptWriter "${pkgs.dash}/bin/dash"; writeDash = pkgs.makeScriptWriter {
interpreter = "${pkgs.dash}/bin/dash";
};
writeDashBin = name: writeDashBin = name:
assert types.filename.check name; assert types.filename.check name;
@ -305,5 +308,7 @@ with import <stockholm/lib>;
}; };
}; };
writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f"; writeSed = pkgs.makeScriptWriter {
interpreter = "${pkgs.gnused}/bin/sed -f";
};
} }

View File

@ -15,6 +15,10 @@ let
${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@" ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
''; '';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput;
'';
muttrc = pkgs.writeText "muttrc" '' muttrc = pkgs.writeText "muttrc" ''
# gpg # gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -37,6 +41,9 @@ let
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \ <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
'Verify PGP signature' 'Verify PGP signature'
# read html mails
auto_view text/html
set mailcap_path = ${mailcap}
# notmuch # notmuch
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
@ -59,7 +66,7 @@ let
recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')"
# output to mutt # output to mutt
# V # V
echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%"
# args to mutt-index dash script # args to mutt-index dash script
# V # V
''} %r |" ''} %r |"
@ -119,6 +126,8 @@ let
bind pager t noop bind pager t noop
macro index t "<modify-labels>+TODO\n" # tag as Archived macro index t "<modify-labels>+TODO\n" # tag as Archived
# top index bar in email view
set pager_index_lines=7
# sidebar # sidebar
set sidebar_width = 20 set sidebar_width = 20

View File

@ -0,0 +1,26 @@
{ config, lib, ... }:
with import <stockholm/lib>;
{
services.nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts._http = {
default = true;
extraConfig = ''
return 404;
'';
};
virtualHosts.default = {
locations."= /etc/os-release".extraConfig = ''
default_type text/plain;
alias /etc/os-release;
'';
};
};
}

View File

@ -23,6 +23,7 @@ let
in { in {
imports = [ imports = [
./default.nix
./sqlBackup.nix ./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ (servePage [

View File

@ -26,6 +26,7 @@ in {
services.nginx.enable = true; services.nginx.enable = true;
imports = [ imports = [
./default.nix
./sqlBackup.nix ./sqlBackup.nix
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])

View File

@ -8,6 +8,7 @@ let
in { in {
imports = [ imports = [
./default.nix
../git.nix ../git.nix
]; ];

View File

@ -1,78 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.staticPage;
out = {
options.lass.staticPage = api;
config = imp;
};
api = mkOption {
type = with types; attrsOf (submodule ({ config, ... }: {
options = {
domain = mkOption {
type = str;
default = config._module.args.name;
};
folder = mkOption {
type = str;
default = "/srv/http/${config.domain}";
};
#sslEnable = mkEnableOption "ssl";
#certificate = mkOption {
# type = str;
#};
#certificate_key = mkOption {
# type = str;
#};
#ciphers = mkOption {
# type = str;
# default = "AES128+EECDH:AES128+EDH";
#};
ssl = mkOption {
type = with types; submodule ({
options = {
enable = mkEnableOption "ssl";
certificate = mkOption {
type = str;
};
certificate_key = mkOption {
type = str;
};
};
});
default = {};
};
};
}));
default = {};
};
user = config.services.nginx.user;
group = config.services.nginx.group;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
imp = {
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
];
locations = [
(nameValuePair "/" ''
root ${folder};
'')
(nameValuePair "~ /\\." ''
deny all;
'')
];
inherit ssl;
});
};
in out

View File

@ -20,10 +20,6 @@ let
then lib.lpad n c (c + s) then lib.lpad n c (c + s)
else s; else s;
subdirsOf = path:
lib.mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
genAttrs' = names: f: listToAttrs (map f names); genAttrs' = names: f: listToAttrs (map f names);
getAttrs = names: set: getAttrs = names: set:

View File

@ -5,7 +5,7 @@ let
all any concatMapStringsSep concatStringsSep const filter flip all any concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test typeOf; stringLength substring test testString typeOf;
inherit (lib.types) inherit (lib.types)
attrsOf bool either enum int listOf nullOr path str string submodule; attrsOf bool either enum int listOf nullOr path str string submodule;
in in
@ -357,6 +357,20 @@ rec {
pgp-pubkey = str; pgp-pubkey = str;
sitemap.entry = submodule ({ config, ... }: {
options = {
desc = mkOption {
default = null;
type = nullOr str;
};
href = mkOption {
${if testString "https?://.*" config._module.args.name
then "default" else null} = config._module.args.name;
type = nullOr str; # TODO nullOr uri?
};
};
});
ssh-pubkey = str; ssh-pubkey = str;
ssh-privkey = submodule { ssh-privkey = submodule {
options = { options = {

View File

@ -15,6 +15,10 @@ self: super: let
override override
else override; else override;
subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
in { in {
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
@ -27,7 +31,6 @@ in {
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
}; };
}; };
} }
// mapAttrs (_: flip callPackage {}) // mapAttrs (_: flip callPackage {})

View File

@ -143,10 +143,6 @@ with import <stockholm/lib>;
}; };
}; };
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT" Defaults env_keep+="SSH_CLIENT"
Defaults mailto="${config.krebs.users.mv.mail}" Defaults mailto="${config.krebs.users.mv.mail}"

View File

@ -1,8 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
imports = [ imports = [
<stockholm/tv> <stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/hw/x220.nix>
@ -81,8 +79,6 @@ with import <stockholm/lib>;
}; };
}; };
swapDevices =[ ];
users.users.dv = { users.users.dv = {
inherit (config.krebs.users.dv) home uid; inherit (config.krebs.users.dv) home uid;
isNormalUser = true; isNormalUser = true;

View File

@ -1,8 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
imports = [ imports = [
<stockholm/krebs> <stockholm/krebs>
<stockholm/tv/2configs> <stockholm/tv/2configs>
@ -14,15 +12,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.mu; krebs.build.host = config.krebs.hosts.mu;
krebs.build.user = mkForce config.krebs.users.vv; krebs.build.user = mkForce config.krebs.users.vv;
services.udev.extraRules = '' tv.x0vncserver.enable = true;
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
# for jack
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
# hardware configuration # hardware configuration
boot.initrd.luks.devices = [ boot.initrd.luks.devices = [
@ -33,10 +23,6 @@ with import <stockholm/lib>;
boot.kernelModules = [ "fbcon" "kvm-intel" ]; boot.kernelModules = [ "fbcon" "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
'';
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/vgmu1/nixroot"; device = "/dev/vgmu1/nixroot";
@ -50,15 +36,8 @@ with import <stockholm/lib>;
"/boot" = { "/boot" = {
device = "/dev/sda1"; device = "/dev/sda1";
}; };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "nosuid" "nodev" "noatime" ];
};
}; };
swapDevices =[ ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
hardware.opengl.driSupport32Bit = true; hardware.opengl.driSupport32Bit = true;
@ -66,8 +45,8 @@ with import <stockholm/lib>;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
boot.loader.gummiboot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
@ -97,7 +76,6 @@ with import <stockholm/lib>;
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
security.wrappers = { security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
slock.source = "${pkgs.slock}/bin/slock"; slock.source = "${pkgs.slock}/bin/slock";
}; };
@ -152,9 +130,4 @@ with import <stockholm/lib>;
"networkmanager" "networkmanager"
]; ];
}; };
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
} }

View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.nomic; krebs.build.host = config.krebs.hosts.nomic;
imports = [ imports = [
@ -50,11 +48,6 @@ with import <stockholm/lib>;
fsType = "btrfs"; fsType = "btrfs";
}; };
swapDevices = [ ];
# TODO base
boot.tmpOnTmpfs = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(writeDashBin "play" '' (writeDashBin "play" ''
set -euf set -euf

View File

@ -1,3 +0,0 @@
import <stockholm/tv/source.nix> {
name = "test";
}

View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.wu; krebs.build.host = config.krebs.hosts.wu;
imports = [ imports = [
@ -17,91 +15,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/xserver> <stockholm/tv/2configs/xserver>
{
environment.systemPackages = with pkgs; [
# root
cryptsetup
# tv
bc
bind # dig
cac-api
dic
file
get
gnupg1compat
haskellPackages.hledger
jq
mkpasswd
netcat
nix-repl
nmap
p7zip
push
qrencode
tmux
#ack
#apache-httpd
#ascii
#emacs
#es
#esniper
#gcc
#gptfdisk
#graphviz
#haskellPackages.cabal2nix
#haskellPackages.ghc
#haskellPackages.shake
#hdparm
#i7z
#iftop
#imagemagick
#inotifyTools
#iodine
#iotop
#lshw
#lsof
#minicom
#mtools
#ncmpc
#neovim
#nethogs
#nix-prefetch-scripts #cvs bug
#openssl
#openswan
#parted
#perl
#powertop
#ppp
#proot
#pythonPackages.arandr
#pythonPackages.youtube-dl
#racket
#rxvt_unicode-with-plugins
#scrot
#sec
#silver-searcher
#sloccount
#smartmontools
#socat
#sshpass
#strongswan
#sysdig
#sysstat
#tcpdump
#tlsdate
#unetbootin
#utillinuxCurses
#wvdial
#xdotool
#xkill
#xl2tpd
#xsel
unison
];
}
]; ];
boot.initrd.luks = { boot.initrd.luks = {
@ -130,11 +43,6 @@ with import <stockholm/lib>;
"/boot" = { "/boot" = {
device = "/dev/sda1"; device = "/dev/sda1";
}; };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}; };
krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
@ -143,24 +51,8 @@ with import <stockholm/lib>;
hardware.enableRedistributableFirmware= true; hardware.enableRedistributableFirmware= true;
hardware.opengl.driSupport32Bit = true; hardware.opengl.driSupport32Bit = true;
environment.systemPackages = with pkgs; [
ethtool
tinc_pre
iptables
#jack2
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true; services.printing.enable = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
@ -169,6 +61,4 @@ with import <stockholm/lib>;
KERNEL=="rtc0", GROUP="audio" KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio" KERNEL=="hpet", GROUP="audio"
''; '';
virtualisation.virtualbox.host.enable = true;
} }

View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.xu; krebs.build.host = config.krebs.hosts.xu;
imports = [ imports = [
@ -13,6 +11,7 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/gitrepos.nix> <stockholm/tv/2configs/gitrepos.nix>
<stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/man.nix> <stockholm/tv/2configs/man.nix>
<stockholm/tv/2configs/nginx/krebs-pages.nix>
<stockholm/tv/2configs/nginx/public_html.nix> <stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/retiolum.nix>
@ -136,11 +135,6 @@ with import <stockholm/lib>;
"/boot" = { "/boot" = {
device = "/dev/sda1"; device = "/dev/sda1";
}; };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -152,23 +146,14 @@ with import <stockholm/lib>;
gptfdisk gptfdisk
]; ];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true; services.printing.enable = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
#services.bitlbee.enable = true; #services.bitlbee.enable = true;
#services.tor.client.enable = true; #services.tor.client.enable = true;
#services.tor.enable = true; #services.tor.enable = true;
#services.virtualboxHost.enable = true;
# The NixOS release to be compatible with for stateful data such as databases. # The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09"; system.stateVersion = "15.09";
virtualisation.virtualbox.host.enable = true;
} }

View File

@ -1,17 +1,9 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.zu; krebs.build.host = config.krebs.hosts.zu;
imports = [ imports = [
{
options.tv.test.sercret-file = mkOption {
type = types.secret-file;
default = {};
};
}
<stockholm/tv> <stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/exim-retiolum.nix> <stockholm/tv/2configs/exim-retiolum.nix>
@ -22,93 +14,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/xserver> <stockholm/tv/2configs/xserver>
{
environment.systemPackages = with pkgs; [
# root
cryptsetup
# tv
bc
bind # dig
cac-api
dic
file
gnupg1compat
haskellPackages.hledger
jq
mkpasswd
netcat
nix-repl
nmap
p7zip
pass
q
qrencode
# XXX fails at systemd.services.dbus.unitConfig
#texlive
tmux
#ack
#apache-httpd
#ascii
#emacs
#es
#esniper
#gcc
#gptfdisk
#graphviz
#haskellPackages.cabal2nix
#haskellPackages.ghc
#haskellPackages.shake
#hdparm
#i7z
#iftop
#imagemagick
#inotifyTools
#iodine
#iotop
#lshw
#lsof
#minicom
#mtools
#ncmpc
#nethogs
#nix-prefetch-scripts #cvs bug
#openssl
#openswan
#parted
#perl
#powertop
#ppp
#proot
#pythonPackages.arandr
#pythonPackages.youtube-dl
#racket
#rxvt_unicode-with-plugins
#scrot
#sec
#silver-searcher
#sloccount
#smartmontools
#socat
#sshpass
#strongswan
#sysdig
#sysstat
#tcpdump
#tlsdate
#unetbootin
#utillinuxCurses
#wvdial
#xdotool
#xkill
#xl2tpd
#xsel
unison
];
}
]; ];
boot.initrd.luks = { boot.initrd.luks = {
@ -124,6 +29,11 @@ with import <stockholm/lib>;
fsType = "btrfs"; fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"]; options = ["defaults" "noatime" "ssd" "compress=lzo"];
}; };
"/bku" = {
device = "/dev/mapper/zuvga-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = { "/home" = {
device = "/dev/mapper/zuvga-home"; device = "/dev/mapper/zuvga-home";
fsType = "btrfs"; fsType = "btrfs";
@ -132,38 +42,13 @@ with import <stockholm/lib>;
"/boot" = { "/boot" = {
device = "/dev/sda1"; device = "/dev/sda1";
}; };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
environment.systemPackages = with pkgs; [
ethtool
tinc_pre
iptables
#jack2
gptfdisk
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
}; };
services.printing.enable = true; services.printing.enable = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
#services.bitlbee.enable = true; #services.bitlbee.enable = true;
#services.tor.client.enable = true; #services.tor.client.enable = true;
#services.tor.enable = true; #services.tor.enable = true;
#services.virtualboxHost.enable = true;
# The NixOS release to be compatible with for stateful data such as databases. # The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09"; system.stateVersion = "15.09";

View File

@ -1,9 +1,8 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, lib, pkgs, ... }: let { config, pkgs, ... }: {
builder = if getEnv "dummy_secrets" == "true"
then "buildbot" boot.tmpOnTmpfs = true;
else "tv";
in {
krebs.enable = true; krebs.enable = true;
krebs.build.user = config.krebs.users.tv; krebs.build.user = config.krebs.users.tv;
@ -21,16 +20,6 @@ in {
./sshd.nix ./sshd.nix
./vim.nix ./vim.nix
./xdg.nix ./xdg.nix
{
# stockholm dependencies
environment.systemPackages = with pkgs; [
git
gnumake
hashPassword
populate
whatsupnix
];
}
{ {
users = { users = {
defaultUserShell = "/run/current-system/sw/bin/bash"; defaultUserShell = "/run/current-system/sw/bin/bash";
@ -47,7 +36,7 @@ in {
{ {
security.hideProcessInformation = true; security.hideProcessInformation = true;
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT" Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE"
Defaults mailto="${config.krebs.users.tv.mail}" Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture Defaults !lecture
''; '';
@ -142,6 +131,8 @@ in {
{ {
environment.systemPackages = [ environment.systemPackages = [
pkgs.get pkgs.get
pkgs.git
pkgs.hashPassword
pkgs.htop pkgs.htop
pkgs.kpaste pkgs.kpaste
pkgs.krebspaste pkgs.krebspaste

View File

@ -9,6 +9,7 @@ with import <stockholm/lib>;
serverAliases = [ serverAliases = [
"localhost" "localhost"
"${config.krebs.build.host.name}" "${config.krebs.build.host.name}"
"${config.krebs.build.host.name}.gg23"
"${config.krebs.build.host.name}.r" "${config.krebs.build.host.name}.r"
]; ];
locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' locations."~ ^/~(.+?)(/.*)?\$".extraConfig = ''

View File

@ -10,6 +10,9 @@ with import <stockholm/lib>;
"ni" "ni"
"prism" "prism"
]; ];
extraConfig = ''
LocalDiscovery = yes
'';
tincPackage = pkgs.tinc_pre; tincPackage = pkgs.tinc_pre;
}; };
tv.iptables.input-internet-accept-tcp = singleton "tinc"; tv.iptables.input-internet-accept-tcp = singleton "tinc";

View File

@ -70,6 +70,8 @@ let {
hi diffSubname ctermfg=207 hi diffSubname ctermfg=207
hi diffAdded ctermfg=010 hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009 hi diffRemoved ctermfg=009
hi Search cterm=NONE ctermbg=216
''; '';
}))) })))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
@ -227,7 +229,7 @@ let {
lua = {}; lua = {};
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep ''\|'' [ sh.extraStart = concatStringsSep ''\|'' [
''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'' ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
''[a-z]*Phase[ \t\r\n]*='' ''[a-z]*Phase[ \t\r\n]*=''
]; ];
yaml = {}; yaml = {};

View File

@ -6,5 +6,6 @@ _:
./ejabberd ./ejabberd
./hosts.nix ./hosts.nix
./iptables.nix ./iptables.nix
./x0vncserver.nix
]; ];
} }

View File

@ -0,0 +1,52 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: let
cfg = config.tv.x0vncserver;
in {
options.tv.x0vncserver = {
display = mkOption {
default = ":${toString config.services.xserver.display}";
type = types.str;
};
enable = mkEnableOption "tv.x0vncserver";
pwfile = mkOption {
default = {
owner = cfg.user;
path = "${cfg.user.home}/.vncpasswd";
source-path = toString <secrets> + "/vncpasswd";
};
description = ''
Use vncpasswd to edit pwfile.
See: nix-shell -p tigervnc --run 'man vncpasswd'
'';
type = types.secret-file;
};
rfbport = mkOption {
default = 5900;
type = types.int;
};
user = mkOption {
default = config.krebs.build.user;
type = types.user;
};
};
config = mkIf cfg.enable {
krebs.secret.files = {
x0vncserver-pwfile = cfg.pwfile;
};
systemd.services.x0vncserver = {
after = [ "graphical.target" "secret.service" ];
requires = [ "graphical.target" "secret.service" ];
serviceConfig = {
ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
"-display ${cfg.display}"
"-passwordfile ${cfg.pwfile.path}"
"-rfbport ${toString cfg.rfbport}"
]}";
User = cfg.user.name;
};
};
tv.iptables.input-retiolum-accept-tcp = singleton (toString cfg.rfbport);
};
}

View File

@ -1,20 +0,0 @@
{ coreutils, gawk, fetchurl, stdenv, ... }:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "djbdns-1.05";
src = fetchurl {
url = "http://cr.yp.to/djbdns/djbdns-1.05.tar.gz";
sha256 = "0j3baf92vkczr5fxww7rp1b7gmczxmmgrqc8w2dy7kgk09m85k9w";
};
configurePhase = ''
echo $out > conf-home
echo gcc -O2 -include errno.h > conf-cc
'';
patchPhase = ''
sed -i 's:c("/","etc","dnsroots.global",-1,-1,0644);:// &:' hier.c
sed -i '1s@^@PATH=${makeBinPath [ coreutils gawk ]}\n@' dnstracesort.sh
'';
installTargets = "setup check";
}