diff options
29 files changed, 392 insertions, 111 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 8a647012f..ca994e996 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -9,5 +9,6 @@ with import <stockholm/lib>; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); + krebs.ci.tests = [ "deploy" ]; } diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 44743b87d..90a1a111f 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -23,7 +23,7 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - security.rngd.enable = true; + security.rngd.enable = mkDefault true; services.xserver = { videoDriver = "intel"; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index b56f5c543..bb19f0602 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -24,6 +24,13 @@ in List of hosts that should be build ''; }; + tests = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of tests that should be build + ''; + }; }; config = mkIf cfg.enable { @@ -56,14 +63,14 @@ in ''; scheduler = { build-scheduler = '' - # build all hosts sched.append( schedulers.SingleBranchScheduler( change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=${toString cfg.treeStableTimer}*60, name="build-all-branches", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -73,7 +80,8 @@ in schedulers.ForceScheduler( name="force", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -91,7 +99,7 @@ in factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-hosts = '' + hosts = mkIf (cfg.hosts != []) '' f = util.BuildFactory() f.addStep(grab_repo) @@ -120,12 +128,42 @@ in bu.append( util.BuilderConfig( - name="build-hosts", + name="hosts", slavenames=slavenames, factory=f ) ) + ''; + tests = mkIf (cfg.tests != []) '' + f = util.BuildFactory() + f.addStep(grab_repo) + def run_test(test): + addShell(f, + name="{}".format(test), + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-build", "-I", "stockholm=.", "krebs/6tests", + "-A", "{}".format(test) + ], + timeout=90001 + ) + + ${concatMapStringsSep "\n" (test: + "run_test(\"${test}\")" + ) cfg.tests} + + bu.append( + util.BuilderConfig( + name="tests", + slavenames=slavenames, + factory=f + ) + ) ''; }; enable = true; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index d64ed86de..6298a05a5 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -61,6 +61,15 @@ let }; }; }))); + default = { + filter.INPUT.policy = "ACCEPT"; + filter.FORWARD.policy = "ACCEPT"; + filter.OUTPUT.policy = "ACCEPT"; + nat.PREROUTING.policy = "ACCEPT"; + nat.INPUT.policy = "ACCEPT"; + nat.OUTPUT.policy = "ACCEPT"; + nat.POSTROUTING.policy = "ACCEPT"; + }; }; }; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index aab568352..1a0999b8d 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -32,6 +32,47 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; }; + axon= { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.134.66"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; + aliases = [ + "axon.retiolum" + "axon.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo + glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj + KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH + L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j + VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY + PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN + X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh + m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp + OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT + LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H + /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK + MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w + 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm + ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 + 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF + 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt + 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj + FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl + buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p + hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG + yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi + ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; + }; onondaga = { cores = 1; nets = { @@ -63,6 +104,10 @@ with import <stockholm/lib>; }; users = { nin = { + mail = "nin@axon.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; + }; + nin_h = { mail = "nin@hiawatha.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; }; diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix new file mode 100644 index 000000000..c01b87d6b --- /dev/null +++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix @@ -0,0 +1,29 @@ +{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "bitlbee-discord-2017-12-27"; + + src = fetchFromGitHub { + rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; + owner = "sm00th"; + repo = "bitlbee-discord"; + sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ bitlbee glib ]; + + preConfigure = '' + export BITLBEE_PLUGINDIR=$out/lib/bitlbee + ./autogen.sh + ''; + + meta = { + description = "Bitlbee plugin for Discord"; + + homepage = https://github.com/sm00th/bitlbee-discord; + license = licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 6e67ed699..a48fc0f87 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -283,27 +283,33 @@ with import <stockholm/lib>; ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''); - writePython2 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2}/bin/python -m py_compile "$1" - ''; - inherit text; - }; - }; + writePython2 = deps: + let + py = pkgs.python2.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python2check.sh" '' + exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; - writePython3 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3}/bin/python -m py_compile "$textPath" - ''; - inherit text; - }; - }; + writePython2Bin = d: name: + pkgs.writePython2 d "/bin/${name}"; + + writePython3 = deps: + let + py = pkgs.python3.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python3check.sh" '' + exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; + + writePython3Bin = d: name: + pkgs.writePython3 d "/bin/${name}"; writeSed = pkgs.makeScriptWriter { interpreter = "${pkgs.gnused}/bin/sed -f"; diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix new file mode 100644 index 000000000..c0ca00296 --- /dev/null +++ b/krebs/6tests/default.nix @@ -0,0 +1,6 @@ +with import <stockholm/lib>; +{ ... }: + +{ + deploy = import ./deploy.nix; +} diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix index 842bbc22a..156e9239f 100644 --- a/krebs/6tests/deploy.nix +++ b/krebs/6tests/deploy.nix @@ -1,7 +1,8 @@ with import <stockholm/lib>; -import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }: +import <nixpkgs/nixos/tests/make-test.nix> ({ ... }: let + pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; }; test-config = <stockholm/krebs/6tests/data/test-config.nix>; privKey = '' -----BEGIN OPENSSH PRIVATE KEY----- @@ -41,15 +42,12 @@ let cd ${<stockholm>} export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH exec >&2 - : ${minimalSystem} source=${pkgs.writeJSON "source.json" populate-source} - cat > /tmp/derp <<EOF - builtins.fromJSON (builtins.readFile "$source") - EOF LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" + # TODO: make deploy work #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ # --force-populate \ - # --source=/tmp/derp \ + # --source=${./data/test-source.nix} \ # --system=server \ ''; minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> { @@ -70,22 +68,20 @@ in { imports = [ test-config ]; environment.variables = { NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}"; - #LOL = minimalSystem; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ pubKey ]; - #virtualisation.writableStore = true; virtualisation.pathsInNixDB = [ minimalSystem - pkgs.stockholm ]; + environment.systemPackages = [ pkgs.git ]; }; client = - { config, pkgs, ... }: { }; - + { config, pkgs, ... }: + { }; }; testScript = '' diff --git a/krebs/source.nix b/krebs/source.nix index 8fbdce284..b952aa2a2 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -17,6 +17,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13 + ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04 }; } diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 8bd9735a9..fc30a3478 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -120,8 +120,6 @@ with import <stockholm/lib>; ]; }; - programs.ssh.startAgent = lib.mkForce true; - services.tlp.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index ad133802f..8c7c39a6f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -30,6 +30,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/ableton.nix> { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1cca76331..593a1fc9c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -234,8 +234,7 @@ in { } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/weechat.nix> + <stockholm/lass/2configs/IM.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> <stockholm/lass/2configs/radio.nix> <stockholm/lass/2configs/repo-sync.nix> diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix new file mode 100644 index 000000000..b94cb0634 --- /dev/null +++ b/lass/2configs/IM.nix @@ -0,0 +1,57 @@ +with (import <stockholm/lib>); +{ config, lib, pkgs, ... }: + +let + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; +in { + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-android.pubkey + ]; + }; + + # mosh + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} + ]; + + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; +} diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix new file mode 100644 index 000000000..9d6f481b0 --- /dev/null +++ b/lass/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.mainUser; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 6f5533b0d..59ea0ecb7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,7 +53,7 @@ in { time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; + programs.ssh.startAgent = true; services.openssh.forwardX11 = true; services.printing = { diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix deleted file mode 100644 index b23628dc5..000000000 --- a/lass/2configs/bitlbee.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - ]; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 0e00dc2fd..c68aee330 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; +{ config, pkgs, ... }: { imports = [ ../2configs/binary-cache/client.nix @@ -78,7 +78,7 @@ with import <stockholm/lib>; users.mutableUsers = false; - services.timesyncd.enable = true; + services.timesyncd.enable = mkForce true; #why is this on in the first place? services.nscd.enable = false; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 2d848773f..94191fcb7 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -49,6 +49,11 @@ with import <stockholm/lib>; { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } { from = "payeer@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "bitwala@lassul.us"; to = lass.mail; } + { from = "bitstamp@lassul.us"; to = lass.mail; } + { from = "bitcoin.de@lassul.us"; to = lass.mail; } + { from = "ableton@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 61cc7cfe0..2541df3a6 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -21,6 +21,7 @@ with import <stockholm/lib>; -XFlexibleInstances -XMultiParamTypeClasses \ -XOverloadedStrings -XFunctionalDependencies \''; in [ + sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P<args>.*)$$"; @@ -64,8 +65,7 @@ with import <stockholm/lib>; }) (buildSimpleReaktorPlugin "random-unicorn-porn" { pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python + script = pkgs.writePython2 [] "rup" '' t1 = """ _. ;=',_ () diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f6c736fbc..5fe9e1450 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -103,7 +103,6 @@ let cnoreabbrev Ack Ack! " copy/paste from/to xclipboard - noremap x "_x set clipboard=unnamedplus ''; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix deleted file mode 100644 index d5496ac09..000000000 --- a/lass/2configs/weechat.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import <stockholm/lib>) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-android.pubkey - ]; - }; - - # mosh - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - - #systemd.services.chat = { - # description = "chat environment setup"; - # after = [ "network.target" ]; - # wantedBy = [ "multi-user.target" ]; - - # path = with pkgs; [ - # weechat - # tmux - # ]; - - # restartIfChanged = true; - - # serviceConfig = { - # User = "chat"; - # Restart = "always"; - # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat"; - # }; - #}; -} diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix index 06b80df8d..b6061736c 100644 --- a/lass/3modules/news.nix +++ b/lass/3modules/news.nix @@ -38,7 +38,7 @@ let }; ircServer = mkOption { type = types.str; - default = "echelon.r"; + default = "localhost"; description = "to which server the bot should connect"; }; }; diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index d3f76903d..2dd352bd4 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -66,7 +66,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -80,6 +80,14 @@ myLayoutHook = defLayout where defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) +floatHooks = composeAll . concat $ + [ [ title =? t --> doFloat | t <- myTitleFloats] + , [ className =? c --> doFloat | c <- myClassFloats ] ] + where + myTitleFloats = [] -- for the KDE "open link" popup from konsole + myClassFloats = ["Pinentry"] -- for gpg passphrase entry + + myKeyMap :: [([Char], X ())] myKeyMap = [ ("M4-<F11>", spawn "${config.lass.screenlock.command}") diff --git a/lass/source.nix b/lass/source.nix index 473dd2cf2..a6314694c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "3aec59c"; + ref = "0b30c1d"; }; secrets = getAttr builder { buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 000000000..c5f38c1f3 --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,117 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + <stockholm/nin> + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + #../2configs/copyq.nix + <stockholm/nin/2configs/games.nix> + <stockholm/nin/2configs/git.nix> + <stockholm/nin/2configs/retiolum.nix> + <stockholm/nin/2configs/termite.nix> + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha51 |