diff options
27 files changed, 497 insertions, 323 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9c491c8a1..8a3090a49 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -3,16 +3,17 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: - +# bln config file { imports = [ # Include the results of the hardware scan. <stockholm/jeschli> <stockholm/jeschli/2configs/virtualbox.nix> + <stockholm/jeschli/2configs/urxvt.nix> ./hardware-configuration.nix # ./dcso-vpn.nix ]; - + jeschliFontSize = 20; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; @@ -36,7 +37,15 @@ allowDiscards = true; } ]; - + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/markus/go/src/github.com"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' + ''; + }; networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. networking.networkmanager.enable = true; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -55,13 +64,9 @@ # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget nixpkgs.config.allowUnfree = true; - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ + termite # system helper ag copyq @@ -86,6 +91,7 @@ chromium google-chrome # programming languages + elmPackages.elm go gcc ghc diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 76e718699..470566a8b 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -40,6 +40,16 @@ }; }; } + { + services.taskserver = { + enable = true; + fqdn = "enklave.r"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "jeschli" ]; + }; + networking.firewall.allowedTCPPorts = [ 53589 ]; + } ]; krebs.build.host = config.krebs.hosts.enklave; diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix new file mode 100644 index 000000000..23b235d70 --- /dev/null +++ b/jeschli/1systems/enklave/taskserver.nix @@ -0,0 +1,10 @@ + { + services.taskserver = { + enable = true; + fqdn = "enklave.r"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "jeschli" ]; + }; + networking.firewall.allowedTCPPorts = [ 53589 ]; + } diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 0ac3708bb..5aaabe24b 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; imports = [ ./vim.nix ./retiolum.nix + ./zsh.nix <stockholm/lass/2configs/security-workarounds.nix> { environment.variables = { diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix index 69811eb0a..014918748 100644 --- a/jeschli/2configs/urxvt.nix +++ b/jeschli/2configs/urxvt.nix @@ -1,34 +1,39 @@ { config, pkgs, ... }: with import <stockholm/lib>; - { - services.urxvtd.enable = true; - krebs.xresources.enable = true; - krebs.xresources.resources.urxvt = '' - *foreground: rgb:a8/a8/a8 - *background: rgb:00/00/00 - *faceName: DejaVu Sans Mono - *faceSize: 12 - *color0: rgb:00/00/00 - *color1: rgb:a8/00/00 - *color2: rgb:00/a8/00 - *color3: rgb:a8/54/00 - *color4: rgb:00/00/a8 - *color5: rgb:a8/00/a8 - *color6: rgb:00/a8/a8 - *color7: rgb:a8/a8/a8 - *color8: rgb:54/54/54 - *color9: rgb:fc/54/54 - *color10: rgb:54/fc/54 - *color11: rgb:fc/fc/54 - *color12: rgb:54/54/fc - *color13: rgb:fc/54/fc - *color14: rgb:54/fc/fc - *color15: rgb:fc/fc/fc - - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=12 - URXvt*faceSize: 12 - ''; + options.jeschliFontSize = mkOption { + type = types.int; + default = 12; + }; + config = { + services.urxvtd.enable = true; + krebs.xresources.enable = true; + krebs.xresources.resources.urxvt = '' + *foreground: rgb:a8/a8/a8 + *background: rgb:00/00/00 + *faceName: DejaVu Sans Mono + *faceSize: ${toString config.jeschliFontSize} + *color0: rgb:00/00/00 + *color1: rgb:a8/00/00 + *color2: rgb:00/a8/00 + *color3: rgb:a8/54/00 + *color4: rgb:26/8b/d2 + *color5: rgb:a8/00/a8 + *color6: rgb:00/a8/a8 + *color7: rgb:a8/a8/a8 + *color8: rgb:54/54/54 + *color9: rgb:fc/54/54 + *color10: rgb:54/fc/54 + *color11: rgb:fc/fc/54 + *color12: rgb:54/54/fc + *color13: rgb:fc/54/fc + *color14: rgb:54/fc/fc + *color15: rgb:fc/fc/fc + + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize} + URXvt*faceSize: ${toString config.jeschliFontSize} + ''; + }; } diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 7721b1d40..c13113f1c 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -27,6 +27,9 @@ in { name = "vim"; vimrcConfig.customRC = let colorscheme = ''colorscheme molokai''; + highlightTrailingWhiteSpaces = '' + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + ''; setStatements = '' set autowrite set clipboard=unnamedplus @@ -42,6 +45,7 @@ in { remapStatements = '' imap jk <Esc> map gr :GoRun<Enter> " Map gr to execute go run + map tt :GoTest<Enter> " Map tt to execute go test map nf :NERDTreeToggle<CR> nnoremap <C-TAB> <c-w><c-w> nnoremap <S-TAB> :bnext<CR> @@ -74,11 +78,12 @@ in { ''; in '' ${colorscheme} + ${highlightTrailingWhiteSpaces} ${remapStatements} ${setStatements} ${settingsForElm} ${settingsForGo} - " I dont know what this line is about + " dont expand tabs in go files and show it with four whitespaces. autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix new file mode 100644 index 000000000..be5b661b4 --- /dev/null +++ b/jeschli/2configs/zsh.nix @@ -0,0 +1,138 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ pkgs.fzf ]; + programs.zsh = { + enable = true; + shellInit = '' + #disable config wizard + zsh-newuser-install() { :; } + ''; + interactiveShellInit = '' + setopt autocd extendedglob + bindkey -e + + #history magic + bindkey "[A" up-line-or-local-history + bindkey "[B" down-line-or-local-history + + up-line-or-local-history() { + zle set-local-history 1 + zle up-line-or-history + zle set-local-history 0 + } + zle -N up-line-or-local-history + down-line-or-local-history() { + zle set-local-history 1 + zle down-line-or-history + zle set-local-history 0 + } + zle -N down-line-or-local-history + + setopt share_history + setopt hist_ignore_dups + # setopt inc_append_history + bindkey '^R' history-incremental-search-backward + + #C-x C-e open line in editor + autoload -z edit-command-line + zle -N edit-command-line + bindkey "^X^E" edit-command-line + + #fzf inclusion + source ${pkgs.fzf}/share/fzf/completion.zsh + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + + #completion magic + autoload -Uz compinit + compinit + zstyle ':completion:*' menu select + + #enable automatic rehashing of $PATH + zstyle ':completion:*' rehash true + + eval $(dircolors -b ${pkgs.fetchFromGitHub { + owner = "trapd00r"; + repo = "LS_COLORS"; + rev = "master"; + sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + }}/LS_COLORS) + + #beautiful colors + alias ls='ls --color' + # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + + #emacs bindings + bindkey "[7~" beginning-of-line + bindkey "[8~" end-of-line + bindkey "Oc" emacs-forward-word + bindkey "Od" emacs-backward-word + + #aliases + alias ll='ls -l' + alias la='ls -la' + + #fancy window title magic + ''; + promptInit = '' + # TODO: figure out why we need to set this here + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + + autoload -U promptinit + promptinit + + p_error='%(?..%F{red}%?%f )' + t_error='%(?..%? )' + + case $UID in + 0) + p_username='%F{red}root%f' + t_username='root' + ;; + 1337) + p_username="" + t_username="" + ;; + *) + p_username='%F{blue}%n%f' + t_username='%n' + ;; + esac + + if test -n "$SSH_CLIENT"; then + p_hostname='@%F{magenta}%M%f ' + t_hostname='@%M ' + else + p_hostname="" + t_hostname="" + fi + + #check if in nix shell + if test -n "$buildInputs"; then + p_nixshell='%F{green}[s]%f ' + t_nixshell='[s] ' + else + p_nixshell="" + t_nixshell="" + fi + + PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " + TITLE="$t_error$t_username$t_hostname$t_nixshell%~" + case $TERM in + (*xterm* | *rxvt*) + function precmd { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED\007" + } + # This is seen while the shell waits for a command to complete. + function preexec { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + } + ;; + esac + ''; + }; + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; +} diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index b75233871..f4c1290c2 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -8,6 +8,7 @@ with import <stockholm/lib>; krebs.go = { enable = true; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; virtualHosts.go = { diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 90a1a111f..3780e0d7d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -14,7 +14,6 @@ with import <stockholm/lib>; boot = { kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; kernelParams = [ "acpi_backlight=none" ]; }; diff --git a/krebs/5pkgs/simple/exim/default.nix b/krebs/5pkgs/simple/exim/default.nix new file mode 100644 index 000000000..4911c1d9c --- /dev/null +++ b/krebs/5pkgs/simple/exim/default.nix @@ -0,0 +1,64 @@ +{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: + +stdenv.mkDerivation rec { + name = "exim-4.90.1"; + + src = fetchurl { + url = "http://ftp.exim.org/pub/exim/exim4/${name}.tar.xz"; + sha256 = "09ppq8l7cah6dcqwdvpa6r12i6fdcd9lvxlfp18mggj3438xz62w"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ coreutils db openssl pcre perl ]; + + preBuild = '' + sed ' + s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin: + s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf: + s:^\(EXIM_USER\)=.*:\1=ref\:nobody: + s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter: + s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes: + s:^EXIM_MONITOR=.*$:# &: + s:^\(FIXED_NEVER_USERS\)=root$:\1=0: + s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes: + s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes: + s:^# \(SUPPORT_TLS\)=.*:\1=yes: + s:^# \(USE_OPENSSL_PC=openssl\)$:\1: + s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(HAVE_IPV6=yes\)$:\1: + s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: + s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: + s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod: + s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv: + s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm: + s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch: + s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl: + #/^\s*#.*/d + #/^\s*$/d + ' < src/EDITME > Local/Makefile + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man8 + cp doc/exim.8 $out/share/man/man8 + + ( cd build-Linux-* + cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \ + exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \ + exinext exiqgrep exiwhat \ + $out/bin ) + + ( cd $out/bin + for i in mailq newaliases rmail rsmtp runq sendmail; do + ln -s exim $i + done ) + ''; + + meta = { + homepage = http://exim.org/; + description = "A mail transfer agent (MTA)"; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.tv ]; + }; +} diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix index 199c12b44..c2e83c9f4 100644 --- a/krebs/5pkgs/simple/ftb/default.nix +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, makeDesktopItem +{ stdenv, fetchurl , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , openjdk , mesa, openal @@ -7,23 +7,12 @@ with stdenv.lib; assert useAlsa -> alsaOss != null; -let - desktopItem = makeDesktopItem { - name = "minecraft"; - exec = "minecraft"; - icon = "minecraft"; - comment = "A sandbox-building game"; - desktopName = "Minecraft"; - genericName = "minecraft"; - categories = "Game;"; - }; - -in stdenv.mkDerivation { +stdenv.mkDerivation { name = "ftb"; src = fetchurl { url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar"; - sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v"; + sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj"; }; phases = "installPhase"; @@ -36,6 +25,7 @@ in stdenv.mkDerivation { cat > $out/bin/ftb << EOF #!${stdenv.shell} + export _JAVA_AWT_WM_NONREPARENTING=1 export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ ${jre}/bin/java -jar $out/ftb.jar @@ -43,9 +33,6 @@ in stdenv.mkDerivation { chmod +x $out/bin/ftb - mkdir -p $out/share/applications - ln -s ${desktopItem}/share/applications/* $out/share/applications/ - ${openjdk}/bin/jar xf $out/ftb.jar favicon.png ''; } diff --git a/krebs/source.nix b/krebs/source.nix index fcc7fb74f..27450c2a3 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 + ref = "2062ac5aa2dc0770322272e3d2b647cf431dd893"; # nixos-17.09 @ 2018-02-09 }; } override diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index ce3ffbcf3..1e087fef4 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -19,7 +19,7 @@ let # __FRONT_ # |* d0 | # | | - # |* d3 | + # |* d1 | # | | # |* d3 | # | | @@ -68,6 +68,7 @@ in { <stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/deployment/google-muell.nix> # security diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f44211b93..6434ba273 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -18,7 +18,7 @@ in { <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/mqtt.nix> - # <stockholm/makefu/2configs/gui/wbob-kiosk.nix> + <stockholm/makefu/2configs/gui/wbob-kiosk.nix> <stockholm/makefu/2configs/stats/client.nix> @@ -31,6 +31,63 @@ in { # Services <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/share/wbob.nix> + (let + musicDirectory = "/data/music"; + in { + services.mpd = { + enable = true; + inherit musicDirectory; + # dataDir = "/home/anders/.mpd"; + network.listenAddress = "any"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + anonymousClients.allowAll = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + }) # Sensors <stockholm/makefu/2configs/stats/telegraf> @@ -147,7 +204,10 @@ in { boot.loader.grub.device = rootdisk; hardware.cpu.intel.updateMicrocode = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + + boot.kernelModules = [ "kvm-intel" + "snd-seq" "snd-rawmidi" + ]; fileSystems = { "/" = { device = rootdisk + "-part1"; @@ -174,66 +234,4 @@ in { serverAddress = "x.r"; }; }; - security.wrappers.fping = { - source = "${pkgs.fping}/bin/fping"; - setuid = true; - }; - services.smokeping = { - enable = true; - targetConfig = '' - probe = FPing - menu = Top - title = Network Latency Grapher - remark = Welcome to this SmokePing website. - - + network - menu = Net latency - title = Network latency (ICMP pings) - - ++ google - probe = FPing - host = google.de - ++ webde - probe = FPing - host = web.de - - + services - menu = Service latency - title = Service latency (DNS, HTTP) - - ++ HTTP - menu = HTTP latency - title = Service latency (HTTP) - - +++ webdeping - probe = EchoPingHttp - host = web.de - - +++ googwebping - probe = EchoPingHttp - host = google.de - - #+++ webwww - #probe = Curl - #host = web.de - - #+++ googwebwww - #probe = Curl - #host = google.de - ''; - probeConfig = '' - + FPing - binary = /run/wrappers/bin/fping - + EchoPingHttp - pings = 5 - url = / - - #+ Curl - ## probe-specific variables - #binary = ${pkgs.curl}/bin/curl - #step = 60 - ## a default for this target-specific variable - #urlformat = http://%host%/ - ''; - }; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index a32db91e1..d5a9bdcfb 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -59,8 +59,9 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> + # <stockholm/makefu/2configs/hw/tpm.nix> <stockholm/makefu/2configs/hw/rtl8812au.nix> - <stockholm/makefu/2configs/hw/wwan.nix> + <stockholm/makefu/2configs/hw/network-manager.nix> <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> @@ -82,13 +83,9 @@ with import <stockholm/lib>; makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; - makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.passwdqc-utils ]; - - # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; @@ -100,8 +97,15 @@ with import <stockholm/lib>; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; networking.extraHosts = '' - 192.168.1.11 omo.local + 192.168.1.11 omo.local ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + + nix.package = pkgs.nixUnstable; + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + nixpkgs.overlays = [ (import <python/overlay.nix>) ]; + + # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; + } diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix new file mode 100644 index 000000000..f23789ee5 --- /dev/null +++ b/makefu/2configs/deployment/google-muell.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, buildPythonPackage, ... }: +with import <stockholm/lib>; +let + pkg = pkgs.ampel; + home = "/var/lib/ampel"; + sec = "${toString <secrets>}/google-muell.json"; + ampelsec = "${home}/google-muell.json"; + esp = "192.168.1.23"; + sleepval = "1800"; +in { + users.users.ampel = { + uid = genid "ampel"; + createHome = true; + isSystemUser = true; + inherit home; + }; + systemd.services.google-muell-ampel = { + description = "Send led change to rgb cubes"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "ampel"; + ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' + cp ${sec} ${ampelsec} + chown ampel ${ampelsec} + ''; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + PermissionsStartOnly = true; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} |