diff options
36 files changed, 437 insertions, 157 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 1220143a7..d44c322aa 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -85,7 +85,7 @@ with import <stockholm/lib>; }; nets = { internet = { - ip4.addr = "64.137.177.226"; + ip4.addr = "45.62.237.203"; aliases = [ "cd.i" "cd.krebsco.de" diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 0fabf6d93..e143d0046 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -3,7 +3,7 @@ let byid = dev: "/dev/disk/by-id/" + dev; part1 = disk: disk + "-part1"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; - primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc + primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc # N54L Chassis: # ____________________ # |______FRONT_______| diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 08da92068..9666f50ff 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -8,7 +8,7 @@ [ # base ../. ../2configs/main-laptop.nix - ../2configs/laptop-utils.nix + ../2configs/tools/all.nix ../2configs/laptop-backup.nix ../2configs/dnscrypt.nix @@ -46,7 +46,7 @@ ../2configs/mail-client.nix ../2configs/printer.nix ../2configs/virtualization.nix - ../2configs/virtualization-virtualbox.nix + # ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix ../2configs/rad1o.nix @@ -64,8 +64,10 @@ ../2configs/fs/sda-crypto-root-home.nix ]; - makefu.server.primary-itf = "wlp2s0"; + + makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; + makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; krebs.nginx = { @@ -74,6 +76,7 @@ servers.default.server-names = [ "_" ]; }; + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; virtualisation.docker.enable = true; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 95ebabc44..43b37cd8c 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -82,7 +82,7 @@ in URxvt.perl-ext: default,url-select URxvt.keysym.M-u: perl:url-select:select_next - URxvt.url-select.launcher: chromium + URxvt.url-select.launcher: firefox -new-tab URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s ''; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 45f7315b0..1ad7f0710 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "f66d782"; # unstable @ 2017-02-04 + ref = "53a2baa"; # unstable @ 2017-02-28 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { @@ -145,21 +145,21 @@ with import <stockholm/lib>; tinc = pkgs.tinc_pre; }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - services.timesyncd.enable = true; - services.ntp.servers = [ + networking.timeServers = [ "pool.ntp.org" "time.windows.com" "time.apple.com" "time.nist.gov" ]; + nix.extraOptions = '' auto-optimise-store = true ''; - security.setuidPrograms = [ "sendmail" ]; + security.wrappers.sendmail = { + source = "${pkgs.exim}/bin/sendmail"; + setuid = true; + }; services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index d692ef72d..c6fb9c8e5 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -131,11 +131,15 @@ in { ( serveCloud [ "o.euer.krebsco.de" ] ) ]; - services.mysql = { - enable = true; + services.mysql = { # TODO: currently nextcloud uses sqlite + enable = false; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; + services.mysqlBackup = { + enable = false; + databases = [ "nextcloud" ]; + }; krebs.secret.files.mysql_rootPassword = { path = "${config.services.mysql.dataDir}/mysql_rootPassword"; diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 99563a771..2de32dd94 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -9,20 +9,28 @@ with import <stockholm/lib>; kernelModules = [ "kvm-intel" "thinkpad_ec" - # "acpi_call" + "acpi_call" # "thinkpad_acpi" # "tpm-rng" ]; extraModulePackages = [ - # config.boot.kernelPackages.acpi_call + config.boot.kernelPackages.acpi_call ]; + # support backlight adjustment + kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; }; + + # configured media keys inside awesomerc + # sound.mediaKeys.enable = true; + hardware.bluetooth.enable = true; + services.acpid.enable = true; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; services.xserver = { videoDriver = "intel"; deviceSection = '' Option "AccelMethod" "sna" + Option "Backlight" "intel_backlight" ''; }; # no entropy source working diff --git a/makefu/2configs/laptop-utils.nix b/makefu/2configs/laptop-utils.nix deleted file mode 100644 index ec6d4adec..000000000 --- a/makefu/2configs/laptop-utils.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, ... }: - -# tools i use when actually working with the host. -# package version will now be maintained by nix-rebuild -# -# essentially `nix-env -q` of the main user -# TODO: split gui and non-gui -{ - nixpkgs.config.firefox = { - enableAdobeFlash = true; - }; - - krebs.per-user.makefu.packages = with pkgs; [ - # core - at_spi2_core - acpi - bc - exif - file - ntfs3g - pv - proot - sshpass - unzip - unrar - usbutils - zip - - # dev - python35Packages.virtualenv - - - # gui - chromium - clipit - feh - firefox - keepassx - pcmanfm - skype - mirage - tightvnc - gnome3.dconf - vlc - virtmanager - wireshark - xdotool - - # sectools - aria2 - pythonPackages.binwalk-full - dnsmasq - iodine - mtr - nmap - - - # stuff - cac-api - cac-panel - krebspaste - ledger - pass - ]; -} diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix index 8151d4939..30ad63879 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/logging/central-stats-server.nix @@ -5,10 +5,9 @@ let collectd-port = 25826; influx-port = 8086; grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = config.makefu.server.primary-itf; in { - imports = [ - ../../../lass/3modules/kapacitor.nix - ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -27,11 +26,11 @@ in { collectd = [{ enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = "collectd_db"; + database = db; port = collectd-port; }]; }; - lass.kapacitor = + krebs.kapacitor = let echoToIrc = pkgs.writeDash "echo_irc" '' set -euf @@ -43,7 +42,8 @@ in { in { enable = true; alarms = { - cpu_deadman = '' + cpu_deadman.database = db; + cpu_deadman.text = '' var data = batch |query(${"'''"} SELECT mean("value") AS mean @@ -68,5 +68,8 @@ in { iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; } diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index e1c3d20ff..eaf6dec97 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -14,7 +14,8 @@ in { ./base-gui.nix ./fetchWallpaper.nix ./zsh-user.nix - ./laptop-utils.nix + ./tools/core.nix + ./tools/core-gui.nix ]; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; @@ -60,7 +61,7 @@ in { sleep 1 '') [ 5 4 3 2 1 ]} - /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend + /var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend ''; }; }; diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 8a3eab98a..7d7a4ec57 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -48,15 +48,8 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - crypt0-rw = { - path = "/media/crypt0/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "makefu"; - }; - crypt1-rw = { - path = "/media/crypt1/"; + media-rw = { + path = "/media/"; "read only" = "no"; browseable = "yes"; "guest ok" = "no"; diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index d288748f9..7c7b00abc 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,6 +5,7 @@ enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver + pkgs.dymo-cups-drivers ]; }; diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix new file mode 100644 index 000000000..e64e216e0 --- /dev/null +++ b/makefu/2configs/tools/all.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./core.nix + ./core-gui.nix + ./dev.nix + ./extra-gui.nix + ./games.nix + ./media.nix + ./sec.nix + ]; +} diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix new file mode 100644 index 000000000..6d62e92c0 --- /dev/null +++ b/makefu/2configs/tools/core-gui.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: + +{ + nixpkgs.config.firefox = { + enableAdobeFlash = true; + }; + + krebs.per-user.makefu.packages = with pkgs; [ + chromium + clipit + feh + firefox + keepassx + pcmanfm + skype + mirage + tightvnc + gnome3.dconf + wireshark + xdotool + xorg.xbacklight + scrot + ]; +} diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix new file mode 100644 index 000000000..86d72c662 --- /dev/null +++ b/makefu/2configs/tools/core.nix @@ -0,0 +1,46 @@ +{ pkgs, ... }: + +# tools i use when actually working with the host. +# package version will now be maintained by nix-rebuild +# +# essentially `nix-env -q` of the main user +{ + krebs.per-user.makefu.packages = with pkgs; [ + at_spi2_core + acpi + bc + rsync + exif + file + ntfs3g + pv + proot + sshpass + populate + usbutils + p7zip + hdparm + inetutils + ncftp + mutt + tcpdump + sysstat + which + weechat + curl + wget + wol + tmux + smartmontools + cifs-utils + iftop + taskwarrior + mplayer + + cac-api + cac-panel + krebspaste + ledger + pass + ]; +} diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix new file mode 100644 index 000000000..8acc25fcc --- /dev/null +++ b/makefu/2configs/tools/dev.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs;[ + nodemcu-uploader + esptool + python35Packages.virtualenv + flashrom + ]; +} diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix new file mode 100644 index 000000000..9cfacf408 --- /dev/null +++ b/makefu/2configs/tools/extra-gui.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs;[ + inkscape + gimp + skype + virtmanager + synergy + saleae-logic + ]; +} diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix new file mode 100644 index 000000000..34c686451 --- /dev/null +++ b/makefu/2configs/tools/games.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs; [ + steam + ]; +} diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix new file mode 100644 index 000000000..4fc3413e8 --- /dev/null +++ b/makefu/2configs/tools/media.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs; [ + kodi + streamripper + youtube-dl + calibre + vlc + mumble + ]; +} diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix new file mode 100644 index 000000000..5ab699f35 --- /dev/null +++ b/makefu/2configs/tools/sec.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs; [ + aria2 + # mitmproxy + pythonPackages.binwalk-full + dnsmasq + iodine + mtr + nmap + msf + thc-hydra + ]; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index d575d18bc..20eb031a1 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -16,6 +16,9 @@ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://github.com/amadvance/snapraid/releases.atom https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack + https://api.github.com/repos/embray/d2to1/tags + https://api.github.com/repos/dorimanx/exfat-nofuse/commits + https://api.github.com/repos/dorimanx/exfat-nofuse/tags ]; }; } diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix index 91ac13755..86669945a 100644 --- a/makefu/3modules/umts.nix +++ b/makefu/3modules/umts.nix @@ -26,7 +26,7 @@ let Dial Command = ATDT Modem = ${cfg.modem-device} Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0 Init2 = ATZ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ISDN = 0 @@ -54,6 +54,13 @@ let to avoid race conditions. ''; }; + apn = mkOption { + default = "pinternet.interkom.de"; + type = types.str; + description = '' + apn to use for dailing + ''; + }; }; imp = { diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 8036e5765..e43341d25 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -364,6 +364,10 @@ globalkeys = awful.util.table.join( end, {description = "restore minimized", group = "client"}), + awful.key({ }, "XF86MonBrightnessUp", function () + awful.util.spawn("xbacklight -inc 5", false) end), + awful.key({ }, "XF86MonBrightnessDown", function () + awful.util.spawn("xbacklight -dec 5", false) end), awful.key({ }, "XF86AudioRaiseVolume", function () awful.util.spawn("amixer set Master 5%+", false) end), diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 71354a015..25ae2fe4b 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -1,38 +1,35 @@ { pkgs, ... }: -let - inherit (pkgs) callPackage; -in +with import <stockholm/lib>; { - nixpkgs.config.packageOverrides = rec { - acdcli = callPackage ./acdcli {}; + nixpkgs.config.packageOverrides = oldpkgs: let + + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = pkgs.callPackage path args; + upstream = optionalAttrs (override ? "name") + (oldpkgs.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override + else override; + + in {} + // mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) + // { alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; - awesomecfg = callPackage ./awesomecfg {}; - bintray-upload = callPackage ./bintray-upload {}; - debmirror = callPackage ./debmirror {}; inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; - elchhub = callPackage ./elchhub {}; - f3 = callPackage ./f3 {}; - farpd = callPackage ./farpd {}; - git-xlsx-textconv = callPackage ./git-xlsx-textconv {}; - mergerfs = callPackage ./mergerfs {}; - mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; - ps3netsrv = callPackage ./ps3netsrv {}; pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils { wordset-file = pkgs.fetchurl { url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; - qcma = pkgs.qt5.callPackage ./qcma {}; - tw-upload-plugin = callPackage ./tw-upload-plugin {}; - skytraq-logger = callPackage ./skytraq-logger {}; - taskserver = callPackage ./taskserver {}; - udpt = callPackage ./udpt {}; - wol = callPackage ./wol {}; - snapraid = callPackage ./snapraid {}; }; } diff --git a/makefu/5pkgs/dymo-cups-drivers/default.nix b/makefu/5pkgs/dymo-cups-drivers/default.nix new file mode 100644 index 000000000..d47bae6dd --- /dev/null +++ b/makefu/5pkgs/dymo-cups-drivers/default.nix @@ -0,0 +1,17 @@ +{ stdenv, lib, pkgs, fetchurl, cups, ... }: + +stdenv.mkDerivation rec { + name = "dymo-cups-drivers-${version}"; + version = "1.4.0"; + src = fetchurl { + url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz"; + sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6"; + }; + buildInputs = [ cups ]; + makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ]; + + # acd_cli gets dumped in bin and gets overwritten by fixupPhase + meta = { + description = "Dymo printer drivers"; + }; +} diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix new file mode 100644 index 000000000..84bb232cd --- /dev/null +++ b/makefu/5pkgs/esptool/default.nix @@ -0,0 +1,32 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python2Packages; +let + pyaes = buildPythonPackage rec { + name = "pyaes-${version}"; + version = "1.6.0"; + src = fetchFromGitHub { + owner = "ricmoo"; + repo = "pyaes"; + rev = "v${version}"; + sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb"; + }; + doCheck = false; + }; +in +buildPythonPackage rec { + name = "esptool-${version}"; + version = "2.0beta2"; + propagatedBuildInputs = [ + pyserial + flake8 + ecdsa + pyaes + ]; + src = fetchFromGitHub { + owner = "themadinventor"; + repo = "esptool"; + rev = "v${version}"; + sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i"; + }; + doCheck = false; +} diff --git a/makefu/5pkgs/wol/default.nix b/makefu/5pkgs/wol/default.nix deleted file mode 100644 index a6d54b8a2..000000000 --- a/makefu/5pkgs/wol/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - proj = "wake-on-lan"; - name = "wol-${version}"; - version = "0.7.1"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "mirror://sourceforge/${proj}/${name}.tar.gz"; - sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270"; - }; - - meta = { - description = "simple wake-on-lan client"; - homepage = https://sourceforge.net/projects/wake-on-lan/; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with s |