diff options
author | jeschli <jeschli@gmail.com> | 2018-08-21 19:52:30 +0200 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2018-08-21 19:52:30 +0200 |
commit | 8cfc4f5eda10b1025a4ad3b9725deb9ad7a32338 (patch) | |
tree | 4a9626e685bc076461f5e63c55e29e3689d2eedd | |
parent | f2dadea808323f69531c51b12ed5cb872ac933a0 (diff) | |
parent | 89951ebd816248bc4e62b2dad78b5db906c3cefe (diff) |
Merge remote-tracking branch 'origin/master'
51 files changed, 500 insertions, 413 deletions
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 6842bfaab..91a998de7 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -1,11 +1,8 @@ with import <stockholm/lib>; let pkgs = import <nixpkgs> {}; - nixpkgs = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "nixos-unstable"; # only binary cache for unstable arm6 - sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; + nixpkgs = builtins.fetchTarball { + url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; }; in import <stockholm/krebs/source.nix> { name = "onebutton"; diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index a3f39b40e..88b7e1072 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -7,7 +7,6 @@ [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews [SPAM]antirez|http://antirez.com/rss|#snews - [SPAM]arbor|http://feeds2.feedburner.com/asert/|#snews [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews [SPAM]augustl|http://augustl.com/atom.xml|#snews @@ -131,7 +130,6 @@ [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews [SPAM]slate|http://feeds.slate.com/slate|#snews [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - [SPAM]spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#snews [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews @@ -146,7 +144,6 @@ [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews [SPAM]tigsource|http://www.tigsource.com/feed/|#snews [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews - [SPAM]topix_b|http://www.topix.com/rss/wire/de/berlin|#snews [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews @@ -160,7 +157,6 @@ [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews - [SPAM]wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#snews [SPAM]xkcd|https://xkcd.com/rss.xml|#snews [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews ''; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 6311e88ab..5ae24b40b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -8,21 +8,6 @@ with import <stockholm/lib>; let - defaultBool = o: mkOption { - type = types.bool; - default = option; - }; - - defaultUint = o: mkOption { - type = types.uint; - default = o; - }; - - defaultAbsolutpath = o: mkOption { - type = types.absolute-pathname; - default = o; - }; - cfg = config.krebs.git; out = { @@ -136,15 +121,42 @@ let cgit-settings = types.submodule { # A setting's value of `null` means cgit's default should be used. options = { - cache-root = defaultAbsolutpath("/tmp/cgit"); - cache-size = defaultUint(1000); - css = defaultAbsolutpath("/static/cgit.css"); - enable-commit-graph = defaultBool(true); - enable-index-links = defaultBool(true); - enable-index-owner = defaultBool(false); - enable-log-filecount = defaultBool(true); - enable-log-linecount = defaultBool(true); - enable-remote-branches = defaultBool(true); + cache-root = mkOption { + type = types.absolute-pathname; + default = "/tmp/cgit"; + }; + cache-size = mkOption { + type = types.uint; + default = 1000; + }; + css = mkOption { + type = types.absolute-pathname; + default = "/static/cgit.css"; + }; + enable-commit-graph = mkOption { + type = types.bool; + default = true; + }; + enable-index-links = mkOption { + type = types.bool; + default = true; + }; + enable-index-owner = mkOption { + type = types.bool; + default = false; + }; + enable-log-filecount = mkOption { + type = types.bool; + default = true; + }; + enable-log-linecount = mkOption { + type = types.bool; + default = true; + }; + enable-remote-branches = mkOption { + type = types.bool; + default = true; + }; logo = mkOption { type = types.absolute-pathname; default = "/static/cgit.png"; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e2322e171..c4a5bbb0d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -301,37 +301,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; }; - helios = { - cores = 8; - nets = { - retiolum = { - ip4.addr = "10.243.133.117"; - ip6.addr = "42:0:0:0:0:0:3:7105"; - aliases = [ - "helios.r" - "cgit.helios.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAp+SRmP5MoCSYInx4Dm5MLZzNyXVgfo/CDoeUlUT35X0yE7WHGWsG - wHPCu+3RWfBUjuqNdb0qiGtRi3Q/LwznwBROPOX8gMXia/DgCLbIjn5Rx081pTIo - 3epbUCFtNgyDWg8IHF87ZnVBXTYAy5g4tz9u8kw82D8mR18o595TuZ9t5pDc/Kvi - fPHZenT6cd6FtL9uankX/jan1PRP9xTrhpE8dAQ6g+7XH7knMK3cno/Ztis5YzHt - Ith0bsIjk5of7hhITj0MXtTikjDqWxkpF5mfOK1cG/rC1goTmB9AfcENUBnu9iAM - I/alzqk3CEczznLyaOckfx2fRuar912LAdiJ5v7VPztfvN1p3gIxq5M0Rgkq+98B - H/s32xNRBPvqoIleKnhwE9gfrCLaAVqpaMkgKRvgsTkSDNYNhh4smQ3eAKKwwDH/ - QG3sfP8xyNyDFhBtCiDGkf9hNqBBMaKjZoh8DasZNtcfOop3fGw7jmUUbB6cG8cp - +EfYbcb5mVpmrIyXgOTwwYcp7tn+zkd4Wa8C9Q98eFTs0HGVGxGX9Hj6PM/kXK4C - aIqIQVNpnJ/9cOwT8JFIriG1MWTOXbamUusKTLs8SRp3ZkyM7XUEcLL5HMh09rUw - rzEAmE7TywXVhd7j2IaEy+bx2dfGQH2bFoh6Drm6Olo+ySi1utB5dGkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; - }; littleT = { cores = 2; nets = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index c5404f96d..9630d7a7f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -336,7 +336,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; }; @@ -522,6 +521,13 @@ with import <stockholm/lib>; }; nextgum = rec { ci = true; + extraZones = { + "krebsco.de" = '' + cache.euer IN A ${nets.internet.ip4.addr} + cache.gum IN A ${nets.internet.ip4.addr} + gold IN A ${nets.internet.ip4.addr} + ''; + }; cores = 8; nets = rec { internet = { @@ -537,6 +543,7 @@ with import <stockholm/lib>; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" + "cache.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index b7ef824b5..09e552010 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -29,7 +29,7 @@ let ''} ${optionalString (cfg.watchDir != null) '' - schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent + directory.watch.added = "${cfg.watchDir}", load.start_verbose ''} directory = ${cfg.downloadDir} diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 954cfd76a..7f6bb299d 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,16 +1,16 @@ -{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape +{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape , xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.1.1"; + version = "1.2.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; rev = "refs/tags/v${version}"; - sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585"; + sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis"; }; libraryHaskellDepends = [ - base containers X11 X11-xshape xmonad xmonad-contrib + base containers X11 X11-xft X11-xshape xmonad xmonad-contrib ]; license = stdenv.lib.licenses.mit; } diff --git a/krebs/krops.nix b/krebs/krops.nix index 861f2d323..0e80aec0e 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "56fad146a12a6f934d1d5ef875eb729be1b19129"; + ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 5657742a6..257e51ee3 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -8,16 +8,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/pass.nix> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/otp-ssh.nix> - # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined - #<stockholm/lass/2configs/git.nix> - #<stockholm/lass/2configs/dcso-vpn.nix> - <stockholm/lass/2configs/virtualbox.nix> - <stockholm/lass/2configs/dcso-dev.nix> - <stockholm/lass/2configs/steam.nix> - <stockholm/lass/2configs/rtl-sdr.nix> - <stockholm/lass/2configs/backup.nix> { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; @@ -25,44 +15,9 @@ with import <stockholm/lib>; lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; } - { #TAPIR, AGATIS, sentral, a3 - foo - services.redis.enable = true; - } - { - krebs.fetchWallpaper = { - enable = true; - url = "http://i.imgur.com/0ktqxSg.png"; - maxTime = 9001; - }; - } - { - #urban terror port - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 27960"; target = "ACCEPT"; } - { predicate = "-p udp --dport 27960"; target = "ACCEPT"; } - ]; - } ]; krebs.build.host = config.krebs.hosts.helios; - krebs.git.rules = [ - { - user = [ config.krebs.users.lass-helios ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; - } - { - lass.umts = { - enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; - initstrings = '' - Init1 = AT+CFUN=1 - Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - ''; - }; - } - ]; - environment.systemPackages = with pkgs; [ ag vim @@ -84,27 +39,10 @@ with import <stockholm/lib>; services.tlp.enable = true; - networking.hostName = lib.mkForce "BLN02NB0162"; - - security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) - ]; - - programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; - services.printing.drivers = [ pkgs.postscript-lexmark ]; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; - virtualisation.docker.enable = true; } diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix deleted file mode 100644 index a5212454f..000000000 --- a/lass/1systems/helios/physical.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./config.nix - { # automatic hardware detection - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - } - { # crypto stuff - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; - }; - } - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" - ''; - - services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.xrandrHeads = [ - { output = "DP-2"; primary = true; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } - { output = "DP-0"; } - ]; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ''; -} diff --git a/lass/1systems/helios/source.nix b/lass/1systems/helios/source.nix deleted file mode 100644 index bfe4dca4c..000000000 --- a/lass/1systems/helios/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "helios"; - secure = true; -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index ad4f8a504..90e04cad1 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/backup.nix> + <stockholm/lass/2configs/print.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6be45d38d..b9fda2949 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -175,7 +175,6 @@ with import <stockholm/lib>; alias /var/realwallpaper/realwallpaper.png; ''; } - <stockholm/lass/2configs/dcso-dev.nix> { users.users.jeschli = { uid = genid "jeschli"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 7d04827f0..95aac2d18 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,7 +8,6 @@ in { ./mpv.nix ./power-action.nix ./copyq.nix - ./livestream.nix ./urxvt.nix ./network-manager.nix { @@ -58,30 +57,18 @@ in { programs.ssh.startAgent = true; services.openssh.forwardX11 = true; - services.printing = { - enable = true; - drivers = [ - pkgs.foomatic_filters - pkgs.gutenprint - ]; - }; - environment.systemPackages = with pkgs; [ acpi ag - bank cabal2nix cholerab dic dmenu font-size - gi gitAndTools.qgit git-preview gnome3.dconf lm_sensors - mpv-poll - much ncdu nix-index nix-repl @@ -90,18 +77,14 @@ in { powertop push rxvt_unicode_with-plugins - slock sxiv taskwarrior termite - timewarrior xclip xephyrify xorg.xbacklight xorg.xhost xsel - youtube-tools - yt-next zathura ]; @@ -112,7 +95,6 @@ in { xlibs.fontschumachermisc ]; - #lass.xserver.enable = true; services.xserver = { enable = true; layout = "us"; diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 363705edc..16c63ff38 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -12,6 +12,7 @@ with (import <stockholm/lib>); environment.systemPackages = with pkgs; [ ag nmap + git-preview ]; services.tor.enable = true; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 272169e92..425e0ee13 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -29,7 +29,7 @@ let environment.systemPackages = [ config.lass.xjail-bins.${name} (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip + DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip '') ]; lass.browser.paths.${name} = { @@ -66,6 +66,7 @@ in { extensions = [ "cjpalhdlnbpafiame |