diff options
| author | tv <tv@krebsco.de> | 2017-10-26 18:43:33 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2017-10-26 18:43:33 +0200 |
| commit | d5fd5107e6cd8e4d1cd0e63420d35a9df5279e7f (patch) | |
| tree | 05731b063ed6243632b6c3a61a329618da6a6951 | |
| parent | 1993cbc42114c759a47fed8de1e73980d3df57d9 (diff) | |
| parent | 458bd5f6bda5b5718959613ceb989862a530ed7b (diff) | |
Merge remote-tracking branch 'prism/master'
26 files changed, 204 insertions, 43 deletions
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 56395c166..2628c7986 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -16,6 +16,7 @@ vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news weechat|http://dev.weechat.org/feed/atom|#news xkcd|https://xkcd.com/rss.xml|#news + painload|https://github.com/krebscode/painload/commits/master.atom|#news ''; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 534eac716..3e03e71cb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -437,8 +437,14 @@ with import <stockholm/lib>; ip4.addr = "129.215.90.4"; aliases = [ "eddie.i" ]; }; - retiolum = { + retiolum = rec { via = internet; + addrs = [ + # edinburgh university + "129.215.0.0/16" + ip4.addr + ip6.addr + ]; ip4.addr = "10.243.29.170"; ip6.addr = "42:4992:6a6d:700::1"; aliases = [ "eddie.r" ]; diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index c611d7471..518e80d0e 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -144,7 +144,8 @@ rec { ''; }; wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" { - script = pkgs.writeDash "wiki-todo-add" '' + pattern = "^wiki-show$"; + script = pkgs.writeDash "wiki-show" '' ${pkgs.coreutils}/bin/cat wiki-todo ''; }; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 6db6f8fd1..70aa3832d 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -115,4 +115,6 @@ with import <stockholm/lib>; (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) ]; + + lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 30d5c8dab..a0bc1b900 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -168,6 +168,14 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" ]; }; + users.users.hellrazor = { + uid = genid "hellrazor"; + isNormalUser = true; + extraGroups = [ + "download" + ]; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; + }; } { #hotdog diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9d4ad8c6a..a8bb8693f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -6,7 +6,6 @@ in { imports = [ ./mpv.nix ./power-action.nix - ./screenlock.nix ./copyq.nix ./xresources.nix ./livestream.nix @@ -31,15 +30,15 @@ in { options.lass.fonts = { regular = mkOption { type = types.str; - default = "xft:Hack-Regular:pixelsize=11,xft:Symbola"; + default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; bold = mkOption { type = types.str; - default = "xft:Hack-Bold:pixelsize=11,xft:Symbola"; + default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; italic = mkOption { type = types.str; - default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol"; + default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; }; }; } @@ -136,4 +135,5 @@ in { }; services.urxvtd.enable = true; + lass.screenlock.enable = true; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f745dc4a1..10d14e151 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -50,7 +50,7 @@ with import <stockholm/lib>; NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; }; } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in { environment.variables = { CURL_CA_BUNDLE = ca-bundle; GIT_SSL_CAINFO = ca-bundle; diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix index e305145f5..411b07503 100644 --- a/lass/2configs/dns-stuff.nix +++ b/lass/2configs/dns-stuff.nix @@ -13,6 +13,7 @@ with import <stockholm/lib>; }; services.dnsmasq = { enable = true; + resolveLocalQueries = false; extraConfig = '' server=127.1.0.1 #no-resolv diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix deleted file mode 100644 index b5bc4ee2a..000000000 --- a/lass/2configs/screenlock.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, config, ... }: - -{ - systemd.services.screenlock = { - before = [ "sleep.target" ]; - wantedBy = [ "sleep.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "screenlock"; - ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; - Type = "forking"; - User = "lass"; - }; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index e7744395d..e14e39bc2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,6 +8,7 @@ _: ./mysql-backup.nix ./news.nix ./pyload.nix + ./screenlock.nix ./umts.nix ./usershadow.nix ./xresources.nix diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix new file mode 100644 index 000000000..cf38f8357 --- /dev/null +++ b/lass/3modules/screenlock.nix @@ -0,0 +1,37 @@ +{ pkgs, config, ... }: + +with import <stockholm/lib>; + +let + cfg = config.lass.screenlock; + + out = { + options.lass.screenlock = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "news"; + command = mkOption { + type = types.str; + default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + }; + }; + + imp = { + systemd.services.screenlock = { + before = [ "sleep.target" ]; + wantedBy = [ "sleep.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "screenlock"; + ExecStart = cfg.command; + Type = "forking"; + User = "lass"; + }; + }; + }; + +in out diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 997b60b8f..12c078940 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -97,7 +97,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") + [ ("M4-<F11>", spawn "${config.lass.screenlock.command}") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") @@ -139,6 +139,8 @@ myKeyMap = , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + + , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () diff --git a/lass/source.nix b/lass/source.nix index e0af7d83c..910d70334 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "1987983"; + ref = "c99239b"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/lib/types.nix b/lib/types.nix index 70570a6b3..08dc0974e 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -92,7 +92,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf addr; + type = listOf cidr; default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -109,7 +109,7 @@ rec { type = addr4; }; prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) + type = cidr4; } // optionalAttrs (config.name == "retiolum") { default = "10.243.0.0/16"; }); @@ -125,7 +125,7 @@ rec { apply = lib.normalize-ip6-addr; }; prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) + type = cidr6; } // optionalAttrs (config.name == "retiolum") { default = "42::/16"; }); @@ -364,6 +364,26 @@ rec { merge = mergeOneOption; }; + cidr = either cidr4 cidr6; + cidr4 = mkOptionType { + name = "CIDRv4 address"; + check = let + CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in + concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?"; + in + test CIDRv4address; + merge = mergeOneOption; + }; + cidr6 = mkOptionType { + name = "CIDRv6 address"; + check = let + # TODO check IPv6 address harder + CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?"; + in + test CIDRv6address; + merge = mergeOneOption; + }; + binary-cache-pubkey = str; pgp-pubkey = str; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index e8438e50d..c287c28df 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -6,6 +6,9 @@ # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; krebs = { enable = true; tinc.retiolum.enable = true; diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index d532f216f..3b06660c6 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -26,6 +26,7 @@ in { <stockholm/makefu/2configs/zsh-user.nix> # Services <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/torrent.nix> ]; krebs = { diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix index d997fb3f0..d9600909a 100644 --- a/makefu/1systems/latte/source.nix +++ b/makefu/1systems/latte/source.nix @@ -1,3 +1,4 @@ import <stockholm/makefu/source.nix> { - name="latte"; + name = "latte"; + torrent = true; } diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix index 4813eeb0f..46b386e14 100644 --- a/makefu/2configs/binary-cache/lass.nix +++ b/makefu/2configs/binary-cache/lass.nix @@ -7,6 +7,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" ]; }; } diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 6681484fd..d3d50c433 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -16,5 +16,6 @@ whatsupnix brain gen-oath-safe + cdrtools ]; } diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 00df56bee..af0e81df5 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -15,6 +15,7 @@ _: ./torrent.nix ./udpt.nix ./umts.nix + ./wvdial.nix ]; } diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix new file mode 100644 index 000000000..1ed929ed4 --- /dev/null +++ b/makefu/3modules/wvdial.nix @@ -0,0 +1,71 @@ +# Global configuration for wvdial. + +{ config, lib, pkgs, ... }: + +with lib; + +let + + configFile = '' + [Dialer Defaults] + PPPD PATH = ${pkgs.ppp}/sbin/pppd + ${config.environment.wvdial.dialerDefaults} + ''; + + cfg = config.environment.wvdial; + +in +{ + ###### interface + + options = { + + environment.wvdial = { + + dialerDefaults = mkOption { + default = ""; + type = types.str; + example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; + description = '' + Contents of the "Dialer Defaults" section of + <filename>/etc/wvdial.conf</filename>. + ''; + }; + + pppDefaults = mkOption { + default = '' + noipdefault + usepeerdns + defaultroute + persist + noauth + ''; + type = types.str; + description = "Default ppp settings for wvdial."; + }; + + }; + + }; + + ###### implementation + + config = mkIf (cfg.dialerDefaults != "") { + + environment = { + + etc = + [ + { source = pkgs.writeText "wvdial.conf" configFile; + target = "wvdial.conf"; + } + { source = pkgs.writeText "wvdial" cfg.pppDefaults; + target = "ppp/peers/wvdial"; + } + ]; + + }; + + }; + +} diff --git a/makefu/source.nix b/makefu/source.nix index 013426195..8c880a8e2 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,8 +11,7 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "727a3a3"; # unstable @ 2017-10-07 - # + revert wvdial (76f4910) + ref = "809cf38"; # unstable @ 2017-10-07 # + ruby stuff (2f0b17e4be9,55a952be5b5) # + mitmproxy fix (360a5efd,ef52c95b) diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index 0e48b41c2..fdae354ff 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -15,6 +15,7 @@ with lib; <stockholm/nin/2configs/git.nix> <stockholm/nin/2configs/retiolum.nix> <stockholm/nin/2configs/termite.nix> + <stockholm/nin/2configs/skype.nix> ]; krebs.build.host = config.krebs.hosts.hiawatha; @@ -98,10 +99,6 @@ with lib; allowUnfree = true; - firefox = { - enableGoogleTalkPlugin = true; - enableAdobeFlash = true; - }; }; #services.logind.extraConfig = "HandleLidSwitch=ignore"; diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 212fd368e..0d2253c27 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; { imports = [ ../2configs/vim.nix + <stockholm/krebs/2configs/binary-cache/prism.nix> { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -45,12 +46,6 @@ with import <stockholm/lib>; SSL_CERT_FILE = ca-bundle; }; }) - { - nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; - }; - } ]; networking.hostName = config.krebs.build.host.name; @@ -96,6 +91,7 @@ with import <stockholm/lib>; gnumake jq proot + pavucontrol populate p7zip termite @@ -158,6 +154,7 @@ with import <stockholm/lib>; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 000000000..621dfae82 --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import <stockholm/lib>) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/source.nix b/nin/source.nix index 183c71bae..188ebafcc 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "799435b"; + ref = "c99239b"; }; } |