diff options
41 files changed, 211 insertions, 2849 deletions
diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix deleted file mode 100644 index b85e686..0000000 --- a/miefda/1systems/bobby.nix +++ /dev/null @@ -1,102 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ../. - ../2configs/miefda.nix - ../2configs/tlp.nix - ../2configs/x220t.nix - ../2configs/hardware-configuration.nix - ../2configs/tinc-basic-retiolum.nix - ../2configs/git.nix - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - i18n = { - # consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - }; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - wget chromium - ]; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable the KDE Desktop Environment. - #services.xserver.displayManager.kdm.enable = true; - services.xserver.desktopManager = { - xfce.enable = true; - xterm.enable= false; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.miefda = { - isNormalUser = true; - initialPassword= "welcome"; - uid = 1000; - extraGroups= [ - "wheel" - ]; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; - - - networking.hostName = config.krebs.build.host.name; - - krebs = { - enable = true; - search-domain = "retiolum"; - build = { - host = config.krebs.hosts.bobby; - user = config.krebs.users.miefda; - source = { - git.nixpkgs = { - url = https://github.com/Lassulus/nixpkgs; - rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; - target-path = "/var/src/nixpkgs"; - }; - dir.secrets = { - host = config.krebs.hosts.bobby; - path = "/home/miefda/secrets/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.hosts.bobby; - path = "/home/miefda/gits/stockholm"; - }; - }; - }; - }; -} diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix deleted file mode 100644 index 51679d2..0000000 --- a/miefda/2configs/git.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - - out = { - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = - public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - painload = {}; - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - #wai-middleware-time = {}; - #web-routes-wai-custom = {}; - #go = {}; - #newsbot-js = {}; - #kimsufi-check = {}; - #realwallpaper = {}; - }; - - restricted-repos = mapAttrs make-restricted-repo ( - { - brain = { - collaborators = with config.krebs.users; [ tv makefu ]; - }; - } // - import <secrets/repos.nix> { inherit config lib pkgs; } - ); - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "bobby"; - }; - }; - }; - - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; - public = false; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = miefda; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = [ lass tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix deleted file mode 100644 index 3eb1f43..0000000 --- a/miefda/2configs/hardware-configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = 4; -} diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix deleted file mode 100644 index f17e8aa..0000000 --- a/miefda/2configs/miefda.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - - #networking.wicd.enable = true; - -} diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix deleted file mode 100644 index f82fd6b..0000000 --- a/miefda/2configs/tinc-basic-retiolum.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - "prism" - "ire" - ]; - }; -} diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix deleted file mode 100644 index 32f4f2e..0000000 --- a/miefda/2configs/tlp.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - hardware.cpu.intel.updateMicrocode = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 220; - emulateWheel = true; - }; - - - services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - ''; -} diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix deleted file mode 100644 index 2d128e5..0000000 --- a/miefda/2configs/x220t.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - - services.xserver = { - xkbVariant = "altgr-intl"; - videoDriver = "intel"; - # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - deviceSection = '' - Option "AccelMethod" "sna" - ''; - }; - - - - services.xserver.displayManager.sessionCommands ='' - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 - ''; - - hardware.bluetooth.enable = true; - - -} diff --git a/miefda/default.nix b/miefda/default.nix deleted file mode 100644 index 7f275c2..0000000 --- a/miefda/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: -{ - imports = [ - ../krebs - ]; -} diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix deleted file mode 100644 index 520bf14..0000000 --- a/mv/1systems/stro.nix +++ /dev/null @@ -1,245 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -{ - krebs.build.host = config.krebs.hosts.stro; - - krebs.build.source.git.nixpkgs.rev = - "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; - - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/git.nix - ../2configs/mail-client.nix - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - - # stockholm - genid - gnumake - hashPassword - lentil - parallel - (pkgs.writeScriptBin "im" '' - #! ${pkgs.bash}/bin/bash - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - - # root - cryptsetup - ntp # ntpate - - # tv - bc - bind # dig - #cac - dic - file - gnupg21 - haskellPackages.hledger - htop - jq - manpages - mkpasswd - netcat - nix-repl - nmap - p7zip - pass - posix_man_pages - qrencode - texLive - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "http" - "tinc" - "smtp" - ]; - }; - } - { - krebs.exim-retiolum.enable = true; - } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "gum" - "wry" - ]; - }; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "xuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/xuvga-root"; - fsType = "btrfs"; - options = "defaults,noatime,ssd,compress=lzo"; - }; - "/home" = { - device = "/dev/mapper/xuvga-home"; - fsType = "btrfs"; - options = "defaults,noatime,ssd,compress=lzo"; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = "nosuid,nodev,noatime"; - }; - }; - - nixpkgs.config.chromium.enablePepperFlash = true; - - #nixpkgs.config.allowUnfreePredicate = pkg: - # pkgs.lib.hasPrefix "virtualbox" pkg.name; - - #nixpkgs.config.allowUnfree = true; - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - #hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.enable = true; - - environment.systemPackages = with pkgs; [ - #xlibs.fontschumachermisc - #slock - ethtool - #firefoxWrapper # with plugins - #chromiumDevWrapper - tinc - iptables - #jack2 - - gptfdisk - ]; - - security.setuidPrograms = [ - "sendmail" # for cron - ]; - - services.bitlbee.enable = true; - services.printing.enable = true; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - #virtualisation.libvirtd.enable = true; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - - #nixpkgs.config.virtualbox.enableExtensionPack = true; - - # XXX Enable for maximum slowness: - virtualisation.virtualbox.host.enable = true; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/mv/2configs/bash_completion.sh b/mv/2configs/bash_completion.sh deleted file mode 100644 index 537484f..0000000 --- a/mv/2configs/bash_completion.sh +++ /dev/null @@ -1,779 +0,0 @@ - -# Expand variable starting with tilde (~) -# We want to expand ~foo/... to /home/foo/... to avoid problems when -# word-to-complete starting with a tilde is fed to commands and ending up -# quoted instead of expanded. -# Only the first portion of the variable from the tilde up to the first slash -# (~../) is expanded. The remainder of the variable, containing for example -# a dollar sign variable ($) or asterisk (*) is not expanded. -# Example usage: -# -# $ v="~"; __expand_tilde_by_ref v; echo "$v" -# -# Example output: -# -# v output -# -------- ---------------- -# ~ /home/user -# ~foo/bar /home/foo/bar -# ~foo/$HOME /home/foo/$HOME -# ~foo/a b /home/foo/a b -# ~foo/* /home/foo/* -# -# @param $1 Name of variable (not the value of the variable) to expand -__expand_tilde_by_ref() -{ - # Does $1 start with tilde (~)? - if [[ ${!1} == \~* ]]; then - # Does $1 contain slash (/)? - if [[ ${!1} == */* ]]; then - # Yes, $1 contains slash; - # 1: Remove * including and after first slash (/), i.e. "~a/b" - # becomes "~a". Double quotes allow eval. - # 2: Remove * before the first slash (/), i.e. "~a/b" - # becomes "b". Single quotes prevent eval. - # +-----1----+ +---2----+ - eval $1="${!1/%\/*}"/'${!1#*/}' - else - # No, $1 doesn't contain slash - eval $1="${!1}" - fi - fi -} # __expand_tilde_by_ref() - - -# Get the word to complete. -# This is nicer than ${COMP_WORDS[$COMP_CWORD]}, since it handles cases -# where the user is completing in the middle of a word. -# (For example, if the line is "ls foobar", -# and the cursor is here --------> ^ -# @param $1 string Characters out of $COMP_WORDBREAKS which should NOT be -# considered word breaks. This is useful for things like scp where -# we want to return host:path and not only path, so we would pass the -# colon (:) as $1 in this case. -# @param $2 integer Index number of word to return, negatively offset to the -# current word (default is 0, previous is 1), respecting the exclusions -# given at $1. For example, `_get_cword "=:" 1' returns the word left of -# the current word, respecting the exclusions "=:". -# @deprecated Use `_get_comp_words_by_ref cur' instead -# @see _get_comp_words_by_ref() -_get_cword() -{ - local LC_CTYPE=C - local cword words - __reassemble_comp_words_by_ref "$1" words cword - - # return previous word offset by $2 - if [[ ${2//[^0-9]/} ]]; then - printf "%s" "${words[cword-$2]}" - elif [[ "${#words[cword]}" -eq 0 || "$COMP_POINT" == "${#COMP_LINE}" ]]; then - printf "%s" "${words[cword]}" - else - local i - local cur="$COMP_LINE" - local index="$COMP_POINT" - for (( i = 0; i <= cword; ++i )); do - while [[ - # Current word fits in $cur? - "${#cur}" -ge ${#words[i]} && - # $cur doesn't match cword? - "${cur:0:${#words[i]}}" != "${words[i]}" - ]]; do - # Strip first character - cur="${cur:1}" - # Decrease cursor position - ((index--)) - done - - # Does found word matches cword? - if [[ "$i" -lt "$cword" ]]; then - # No, cword lies further; - local old_size="${#cur}" - cur="${cur#${words[i]}}" - local new_size="${#cur}" - index=$(( index - old_size + new_size )) - fi - done - - if [[ "${words[cword]:0:${#cur}}" != "$cur" ]]; then - # We messed up! At least return the whole word so things - # keep working - printf "%s" "${words[cword]}" - else - printf "%s" "${cur:0:$index}" - fi - fi -} # _get_cword() - - -# Get word previous to the current word. -# This is a good alternative to `prev=${COMP_WORDS[COMP_CWORD-1]}' because bash4 -# will properly return the previous word with respect to any given exclusions to -# COMP_WORDBREAKS. -# @deprecated Use `_get_comp_words_by_ref cur prev' instead -# @see _get_comp_words_by_ref() -# -_get_pword() -{ - if [[ $COMP_CWORD -ge 1 ]]; then - _get_cword "${@:-}" 1 - fi -} - - - -# Complete variables. -# @return True (0) if variables were completed, -# False (> 0) if not. -_variables() -{ - if [[ $cur =~ ^(\$\{?)([A-Za-z0-9_]*)$ ]]; then - [[ $cur == *{* ]] && local suffix=} || local suffix= - COMPREPLY+=( $( compgen -P ${BASH_REMATCH[1]} -S "$suffix" -v -- \ - "${BASH_REMATCH[2]}" ) ) - return 0 - fi - return 1 -} - -# Assign variable one scope above the caller -# Usage: local "$1" && _upvar $1 "value(s)" -# Param: $1 Variable name to assign value to -# Param: $* Value(s) to assign. If multiple values, an array is -# assigned, otherwise a single value is assigned. -# NOTE: For assigning multiple variables, use '_upvars'. Do NOT -# use multiple '_upvar' calls, since one '_upvar' call might -# reassign a variable to be used by another '_upvar' call. -# See: http://fvue.nl/wiki/Bash:_Passing_variables_by_reference -_upvar() -{ - if unset -v "$1"; then # Unset & validate varname - if (( $# == 2 )); then - eval $1=\"\$2\" # Return single value - else - eval $1=\(\"\${@:2}\"\) # Return array - fi - fi -} - -# Assign variables one scope above the caller -# Usage: local varname [varname ...] && -# _upvars [-v varname value] | [-aN varname [value ...]] ... -# Available OPTIONS: -# -aN Assign next N values to varname as array -# -v Assign single value to varname -# Return: 1 if error occurs -# See: http://fvue.nl/wiki/Bash:_Passing_variables_by_reference -_upvars() -{ - if ! (( $# )); then - echo "${FUNCNAME[0]}: usage: ${FUNCNAME[0]} [-v varname"\ - "value] | [-aN varname [value ...]] ..." 1>&2 - return 2 - fi - while (( $# )); do - case $1 in - -a*) - # Error checking - [[ ${1#-a} ]] || { echo "bash: ${FUNCNAME[0]}: \`$1': missing"\ - "number specifier" 1>&2; return 1; } - printf %d "${1#-a}" &> /dev/null || { echo "bash:"\ - "${FUNCNAME[0]}: \`$1': invalid number specifier" 1>&2 - return 1; } - # Assign array of -aN elements - [[ "$2" ]] && unset -v "$2" && eval $2=\(\"\${@:3:${1#-a}}\"\) && - shift $((${1#-a} + 2)) || { echo "bash: ${FUNCNAME[0]}:"\ - "\`$1${2+ }$2': missing argument(s)" 1>&2; return 1; } - ;; - -v) - # Assign single value - [[ "$2" ]] && unset -v "$2" && eval $2=\"\$3\" && - shift 3 || { echo "bash: ${FUNCNAME[0]}: $1: missing"\ - "argument(s)" 1>&2; return 1; } - ;; - *) - echo "bash: ${FUNCNAME[0]}: $1: invalid option" 1>&2 - return 1 ;; - esac - done -} - -# @param $1 exclude Characters out of $COMP_WORDBREAKS which should NOT be -# considered word breaks. This is useful for things like scp where -# we want to return host:path and not only path, so we would pass the -# colon (:) as $1 in this case. -# @param $2 words Name of variable to return words to -# @param $3 cword Name of variable to return cword to -# @param $4 cur Name of variable to return current word to complete to -# @see __reassemble_comp_words_by_ref() -__get_cword_at_cursor_by_ref() -{ - local cword words=() - __reassemble_comp_words_by_ref "$1" words cword - - local i cur index=$COMP_POINT lead=${COMP_LINE:0:$COMP_POINT} - # Cursor not at position 0 and not leaded by just space(s)? - if [[ $index -gt 0 && ( $lead && ${lead//[[:space:]]} ) ]]; then - cur=$COMP_LINE - for (( i = 0; i <= cword; ++i )); do - while [[ - # Current word fits in $cur? - ${#cur} -ge ${#words[i]} && - # $cur doesn't match cword? - "${cur:0:${#words[i]}}" != "${words[i]}" - ]]; do - # Strip first character - cur="${cur:1}" - # Decrease cursor position - ((index--)) - done - - # Does found word match cword? - if [[ $i -lt $cword ]]; then - # No, cword lies further; - local old_size=${#cur} - cur="${cur#"${words[i]}"}" - local new_size=${#cur} - index=$(( index - old_size + new_size )) - fi - done - # Clear $cur if just space(s) - [[ $cur && ! ${cur//[[:space:]]} ]] && cur= - # Zero $index if negative - [[ $index -lt 0 ]] && index=0 - fi - - local "$2" "$3" "$4" && _upvars -a${#words[@]} $2 "${words[@]}" \ |