diff options
| -rw-r--r-- | krebs/1systems/onebutton/source.nix | 7 | ||||
| -rw-r--r-- | krebs/2configs/news-spam.nix | 4 | ||||
| -rw-r--r-- | krebs/krops.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/helios/config.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/blue.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/dcso-dev.nix | 12 | ||||
| -rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
| -rw-r--r-- | lass/5pkgs/custom/xmonad-lass/default.nix | 2 | ||||
| -rw-r--r-- | lass/5pkgs/knav/default.nix | 26 | ||||
| -rw-r--r-- | makefu/1systems/wbob/config.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/deployment/owncloud.nix | 10 | ||||
| -rw-r--r-- | makefu/2configs/hw/mceusb.nix | 18 | ||||
| -rw-r--r-- | makefu/2configs/stats/client.nix | 1 |
14 files changed, 72 insertions, 23 deletions
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 6842bfaab..91a998de7 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -1,11 +1,8 @@ with import <stockholm/lib>; let pkgs = import <nixpkgs> {}; - nixpkgs = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "nixos-unstable"; # only binary cache for unstable arm6 - sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; + nixpkgs = builtins.fetchTarball { + url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; }; in import <stockholm/krebs/source.nix> { name = "onebutton"; diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index a3f39b40e..88b7e1072 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -7,7 +7,6 @@ [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews [SPAM]antirez|http://antirez.com/rss|#snews - [SPAM]arbor|http://feeds2.feedburner.com/asert/|#snews [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews [SPAM]augustl|http://augustl.com/atom.xml|#snews @@ -131,7 +130,6 @@ [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews [SPAM]slate|http://feeds.slate.com/slate|#snews [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - [SPAM]spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#snews [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews @@ -146,7 +144,6 @@ [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews [SPAM]tigsource|http://www.tigsource.com/feed/|#snews [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews - [SPAM]topix_b|http://www.topix.com/rss/wire/de/berlin|#snews [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews @@ -160,7 +157,6 @@ [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews - [SPAM]wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#snews [SPAM]xkcd|https://xkcd.com/rss.xml|#snews [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews ''; diff --git a/krebs/krops.nix b/krebs/krops.nix index 861f2d323..91b27f17d 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "56fad146a12a6f934d1d5ef875eb729be1b19129"; + ref = "d6c6c7fcec6dbd2b8ab14f0b35d56c7733872baa"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 5657742a6..40150b80e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -98,7 +98,7 @@ with import <stockholm/lib>; ]; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; + users.users.mainUser.extraGroups = [ "adbusers" ]; services.printing.drivers = [ pkgs.postscript-lexmark ]; @@ -106,5 +106,4 @@ with import <stockholm/lib>; HandleLidSwitch=ignore ''; - virtualisation.docker.enable = true; } diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 363705edc..16c63ff38 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -12,6 +12,7 @@ with (import <stockholm/lib>); environment.systemPackages = with pkgs; [ ag nmap + git-preview ]; services.tor.enable = true; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 272169e92..64fa6573a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -66,6 +66,7 @@ in { extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold ]; }; diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index 4d8d308fb..830acb2e1 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -9,7 +9,7 @@ in { dev = { name = "dev"; uid = genid "dev"; - extraGroups = [ "docker" "vboxusers" ]; + extraGroups = [ "vboxusers" ]; description = "user for collaborative development"; home = "/home/dev"; useDefaultShell = true; @@ -52,6 +52,10 @@ in { { predicate = "-p tcp --dport 9000"; target = "ACCEPT";} ]; + krebs.iptables.tables.filter.OUTPUT.rules = [ + { predicate = "-p tcp --dport 21"; target = "REJECT";} + ]; + krebs.per-user.dev.packages = [ pkgs.go ]; @@ -64,12 +68,6 @@ in { networking.interfaces.et0.ipv4.addresses = [ { address = "10.99.23.1"; prefixLength = 24; } ]; - virtualisation.docker.enable = true; - environment.etc."docker/daemon.json".source = pkgs.writeText "daemon.json" '' - { - "bip": "172.25.0.1/16" - } - ''; services.rabbitmq.enable = true; services.postgresql.enable = true; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index db6bda005..30757964c 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -84,6 +84,7 @@ with import <stockholm/lib>; { from = "boardgamegeek@lassul.us"; to = lass.mail; } { from = "qwertee@lassul.us"; to = lass.mail; } { from = "zazzle@lassul.us"; to = lass.mail; } + { from = "hackbeach@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 694f3c033..8b508ae6a 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -160,6 +160,8 @@ myKeyMap = , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") + , ("M4-s", spawn "${pkgs.knav}/bin/knav") + --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView)) --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView)) --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView)) diff --git a/lass/5pkgs/knav/default.nix b/lass/5pkgs/knav/default.nix new file mode 100644 index 000000000..30d49a1b3 --- /dev/null +++ b/lass/5pkgs/knav/default.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: let + + keynavrc = pkgs.writeText "keynavrc" '' + clear + Escape quit + q record ~/.keynav_macros + shift+at playback + u history-back + a cut-left + s cut-down + w cut-up + d cut-right + shift+a move-left + shift+s move-down + shift+w move-up + shift+d move-right + t windowzoom + c cursorzoom 300 300 + e warp + 1 click 1 + 2 click 2 + 3 click 3 + ''; +in pkgs.writeScriptBin "knav" '' + ${pkgs.keynav}/bin/keynav "loadconfig ${keynavrc}, start" +'' diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index df317a016..7c81a2015 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -43,16 +43,18 @@ in { <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> + <stockholm/makefu/2configs/hw/mceusb.nix> <stockholm/makefu/2configs/deployment/bureautomation> (let collectd-port = 25826; influx-port = 8086; + admin-port = 8083; grafana-port = 3000; # TODO nginx forward db = "collectd_db"; logging-interface = "enp0s25"; in { - networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -61,7 +63,7 @@ in { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":8083"; + admin.bind-address = ":${toString admin-port}"; collectd = [{ enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; @@ -125,7 +127,6 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping - 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index e9d4b18e0..cfde0aba8 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -108,7 +108,6 @@ let # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Optional: Don't log access to assets @@ -144,6 +143,8 @@ let opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 + opcache.file_cache = .opcache + zend_extension=${pkgs.php}/lib/php/extensions/opcache.so display_errors = on display_startup_errors = on @@ -155,6 +156,13 @@ let extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so ''; + systemd.services."nextcloud-cron-${domain}" = { + serviceConfig = { + User = "nginx"; + ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php"; + }; + startAt = "*:0/15"; + }; }; in { imports = [ diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix new file mode 100644 index 000000000..c1d6f5651 --- /dev/null +++ b/makefu/2configs/hw/mceusb.nix @@ -0,0 +1,18 @@ +{pkgs,...}:{ + # Disable the MCE remote from acting like a keyboard. (We use lirc instead.) + services.xserver.inputClassSections = ['' + Identifier "MCE USB Keyboard mimic blacklist" + Driver "mceusb" + MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)" + Option "Ignore" "on" + '']; + boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16; + nixpkgs.config.packageOverrides = pkgs: { + linux_4_16 = pkgs.linux_4_16.override { + extraConfig = '' + LIRC y + ''; + }; + }; + +} diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix index dd6ddddaf..cfb5e3fd2 100644 --- a/makefu/2configs/stats/client.nix +++ b/makefu/2configs/stats/client.nix @@ -31,6 +31,7 @@ FSType "tmpfs" FSType "binfmt_misc" FSType "debugfs" + FSType "tracefs" FSType "mqueue" FSType "hugetlbfs" FSType "systemd-1" |