summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--krebs/3modules/buildbot/master.nix10
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/lass/default.nix9
-rw-r--r--krebs/3modules/miefda/default.nix39
-rw-r--r--krebs/3modules/mv/default.nix39
-rw-r--r--krebs/3modules/repo-sync.nix135
-rw-r--r--krebs/3modules/tv/default.nix212
-rw-r--r--krebs/3modules/tv/pgp/CBF89B0B.asc51
-rw-r--r--krebs/4lib/default.nix4
-rw-r--r--krebs/4lib/types.nix23
-rw-r--r--krebs/5pkgs/Reaktor/default.nix3
-rw-r--r--krebs/5pkgs/builders.nix77
-rw-r--r--krebs/5pkgs/default.nix8
-rw-r--r--krebs/5pkgs/get/default.nix6
-rw-r--r--krebs/5pkgs/git-hooks/default.nix9
-rw-r--r--krebs/5pkgs/go/default.nix2
-rw-r--r--lass/1systems/cloudkrebs.nix1
-rw-r--r--lass/1systems/echelon.nix2
-rw-r--r--lass/1systems/helios.nix3
-rw-r--r--lass/1systems/mors.nix50
-rw-r--r--lass/1systems/prism.nix55
-rw-r--r--lass/1systems/shodan.nix26
-rw-r--r--lass/1systems/uriel.nix10
-rw-r--r--lass/2configs/binary-cache/client.nix9
-rw-r--r--lass/2configs/binary-cache/server.nix30
-rw-r--r--lass/2configs/binary-caches.nix13
-rw-r--r--lass/2configs/buildbot-standalone.nix34
-rw-r--r--lass/2configs/default.nix13
-rw-r--r--lass/2configs/gc.nix8
-rw-r--r--lass/2configs/git.nix15
-rw-r--r--lass/2configs/hw/tp-x220.nix54
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/realwallpaper-server.nix32
-rw-r--r--lass/2configs/realwallpaper.nix29
-rw-r--r--lass/2configs/repo-sync.nix106
-rw-r--r--lass/2configs/websites/domsen.nix31
-rw-r--r--lass/2configs/wordpress.nix59
-rw-r--r--lass/2configs/xserver/default.nix3
-rw-r--r--lass/2configs/zsh.nix8
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/ejabberd/config.nix4
-rw-r--r--lass/3modules/ejabberd/default.nix18
-rw-r--r--lass/3modules/power-action.nix12
-rw-r--r--lass/3modules/umts.nix (renamed from lass/2configs/umts.nix)51
-rw-r--r--lass/5pkgs/default.nix4
-rw-r--r--lass/5pkgs/ejabberd/default.nix28
-rw-r--r--lass/5pkgs/q/default.nix185
-rw-r--r--lass/5pkgs/xmonad-lass.nix12
-rw-r--r--miefda/1systems/bobby.nix102
-rw-r--r--miefda/2configs/git.nix91
-rw-r--r--miefda/2configs/hardware-configuration.nix23
-rw-r--r--miefda/2configs/miefda.nix8
-rw-r--r--miefda/2configs/tinc-basic-retiolum.nix14
-rw-r--r--miefda/2configs/tlp.nix25
-rw-r--r--miefda/2configs/x220t.nix27
-rw-r--r--miefda/default.nix6
-rw-r--r--mv/2configs/bash_completion.sh779
-rw-r--r--mv/2configs/default.nix197
-rw-r--r--mv/2configs/git.nix62
-rw-r--r--mv/2configs/hw/x220.nix77
-rw-r--r--mv/2configs/mail-client.nix13
-rw-r--r--mv/2configs/smartd.nix17
-rw-r--r--mv/2configs/vim.nix123
-rw-r--r--mv/2configs/xserver/Xresources.nix215
-rw-r--r--mv/2configs/xserver/default.nix153
-rw-r--r--mv/2configs/xserver/xserver.conf.nix40
-rw-r--r--mv/3modules/default.nix7
-rw-r--r--mv/3modules/iptables.nix125
-rw-r--r--mv/5pkgs/default.nix24
-rw-r--r--mv/5pkgs/xmonad-tv/.gitignore1
-rw-r--r--mv/5pkgs/xmonad-tv/Main.hs277
-rw-r--r--mv/5pkgs/xmonad-tv/Makefile6
-rw-r--r--mv/5pkgs/xmonad-tv/xmonad.cabal17
-rw-r--r--tv/1systems/caxi.nix25
-rw-r--r--tv/1systems/cd.nix64
-rw-r--r--tv/1systems/mkdir.nix76
-rw-r--r--tv/1systems/mu.nix7
-rw-r--r--tv/1systems/nomic.nix1
-rw-r--r--tv/1systems/rmdir.nix76
-rw-r--r--tv/1systems/wu.nix10
-rw-r--r--tv/1systems/xu.nix10
-rw-r--r--tv/1systems/zu.nix (renamed from mv/1systems/stro.nix)136
-rw-r--r--tv/2configs/audit.nix9
-rw-r--r--tv/2configs/default.nix13
-rw-r--r--tv/2configs/exim-retiolum.nix2
-rw-r--r--tv/2configs/exim-smarthost.nix2
-rw-r--r--tv/2configs/nginx/default.nix2
-rw-r--r--tv/2configs/nginx/public_html.nix2
-rw-r--r--tv/2configs/retiolum.nix6
-rw-r--r--tv/2configs/vim.nix365
-rw-r--r--tv/3modules/iptables.nix24
-rw-r--r--tv/5pkgs/default.nix4
93 files changed, 1389 insertions, 3413 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index c365798f3..bd17c3765 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -2,7 +2,15 @@
with config.krebs.lib;
let
- buildbot = pkgs.buildbot;
+
+ # https://github.com/NixOS/nixpkgs/issues/14026
+ nixpkgs-fix = import (pkgs.fetchgit {
+ url = https://github.com/nixos/nixpkgs;
+ rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
+ sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632";
+ }) {};
+
+ buildbot = nixpkgs-fix.buildbot;
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c114b74df..a38d2b227 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -91,8 +91,6 @@ let
imp = lib.mkMerge [
{ krebs = import ./lass { inherit config lib; }; }
{ krebs = import ./makefu { inherit config lib; }; }
- { krebs = import ./miefda { inherit config lib; }; }
- { krebs = import ./mv { inherit config lib; }; }
{ krebs = import ./shared { inherit config lib; }; }
{ krebs = import ./tv { inherit config lib; }; }
{
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index dccc11b3f..b610ff3d1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,4 +1,4 @@
-arg@{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
inherit (pkgs) writeText;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 760c2d69d..08e8995fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cgit.prism.r"
"cache.prism.r"
];
tinc.pubkey = ''
@@ -296,5 +297,13 @@ with config.krebs.lib;
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
+ prism-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
+ mail = "lass@prism.r";
+ };
+ mors-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
+ mail = "lass@mors.r";
+ };
};
}
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
deleted file mode 100644
index a03f7ff4d..000000000
--- a/krebs/3modules/miefda/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, ... }:
-
-with config.krebs.lib;
-
-{
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.miefda) {
- bobby = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.111.112";
- ip6.addr = "42:0:0:0:0:0:111:112";
- aliases = [
- "bobby.retiolum"
- "cgit.bobby.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
- uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
- Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
- 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
- jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
- cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- #ssh.privkey.path = <secrets/ssh.ed25519>;
- #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- miefda = {
- mail = "miefda@miefda.de";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
- };
- };
-}
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
deleted file mode 100644
index 20118c61f..000000000
--- a/krebs/3modules/mv/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, ... }:
-
-with config.krebs.lib;
-
-{
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) {
- stro = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.111.111";
- ip6.addr = "42:0:0:0:0:0:111:111";
- aliases = [
- "stro.retiolum"
- "cgit.stro.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
- vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
- FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
- ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
- oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
- XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- mv-stro = {
- mail = "mv@stro.retiolum";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro";
- };
- };
-}
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index c5c806cdf..0317d1eca 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -11,38 +11,39 @@ let
api = {
enable = mkEnableOption "repo-sync";
- config = mkOption {
- type = with types;attrsOf (attrsOf (attrsOf str));
+ repos = mkOption {
+ type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
example = literalExample ''
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
# attrset will be converted to json and be used as config
- {
+ { repo = {
makefu = {
- origin = {
- url = http://github.com/makefu/repo ;
- ref = "heads/dev" ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- ref = "heads/github-mirror-dev" ;
- };
+ origin = {
+ url = http://github.com/makefu/repo ;
+ ref = "heads/dev" ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ ref = "heads/github-mirror-dev" ;
+ };
};
lass = {
- origin = {
- url = http://github.com/lass/repo ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- };
+ origin = {
+ url = http://github.com/lass/repo ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ };
};
"@latest" = {
- mirror = {
- url = "git@internal:mirror";
- ref = "heads/master";
- };
+ mirror = {
+ url = "git@internal:mirror";
+ ref = "heads/master";
+ };
};
+ };
};
'';
};
@@ -56,53 +57,75 @@ let
type = types.str;
default = "/var/lib/repo-sync";
};
+
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "repo-sync";
+ home = cfg.stateDir;
+ };
+ };
+
privateKeyFile = mkOption {
- type = types.str;
- description = ''
- used by repo-sync to identify with ssh service
+ type = types.secret-file;
+ default = {
+ path = "${cfg.stateDir}/ssh.priv";
+ owner = cfg.user;
+ source-path = toString <secrets> + "/repo-sync.ssh.key";
+ };
+ };
+
+ unitConfig = mkOption {
+ type = types.attrsOf types.str;
+ description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
+ example = literalExample ''
+ # do not start when running on umts
+ { ConditionPathExists = "!/var/run/ppp0.pid"; }
'';
- default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+ default = {};
};
+
};
- repo-sync-config = pkgs.writeText "repo-sync-config.json"
- (builtins.toJSON cfg.config);
imp = {
- users.users.repo-sync = {
- name = "repo-sync";
- uid = genid "repo-sync";
- description = "repo-sync user";
- home = cfg.stateDir;
+ krebs.secret.files.repo-sync-key = cfg.privateKeyFile;
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
createHome = true;
+ description = "repo-sync user";
};
- systemd.timers.repo-sync = {
- description = "repo-sync timer";
- wantedBy = [ "timers.target" ];
+ systemd.timers = mapAttrs' (name: repo:
+ nameValuePair "repo-sync-${name}" {
+ description = "repo-sync timer";
+ wantedBy = [ "timers.target" ];
- timerConfig = cfg.timerConfig;
- };
- systemd.services.repo-sync = {
- description = "repo-sync";
- after = [ "network.target" ];
+ timerConfig = cfg.timerConfig;
+ }
+ ) cfg.repos;
- path = with pkgs; [ ];
+ systemd.services = mapAttrs' (name: repo:
+ let
+ repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
+ (builtins.toJSON repo);
+ in nameValuePair "repo-sync-${name}" {
+ description = "repo-sync";
+ after = [ "network.target" "secret.service" ];
- environment = {
- GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
- };
+ environment = {
+ GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+ REPONAME = "${name}.git";
+ };
- serviceConfig = {
- Type = "simple";
- PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
- cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
- chown repo-sync ${cfg.stateDir}/ssh.priv
- '';
- ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
- WorkingDirectory = cfg.stateDir;
- User = "repo-sync";
- };
- };
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+ WorkingDirectory = cfg.stateDir;
+ User = "repo-sync";
+ };
+ unitConfig = cfg.unitConfig;
+ }
+ ) cfg.repos;
};
in out
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 12aa91ba8..075066961 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -7,19 +7,61 @@ with config.krebs.lib;
"viljetic.de" = "regfish";
};
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
- cd = rec {
+ caxi = {
+ cores = 2;
+ extraZones = {
+ "krebsco.de" = ''
+ caxi 60 IN A ${config.krebs.hosts.caxi.nets.internet.ip4.addr}
+ '';
+ };
+ nets = {
+ internet = {
+ ip4 = {
+ addr = "104.233.124.70";
+ prefix = "104.233.124.0/24";
+ };
+ aliases = [
+ "caxi.i"
+ "caxi.krebsco.de"
+ ];
+ ssh.port = 11423;
+ };
+ retiolum = {
+ via = config.krebs.hosts.caxi.nets.internet;
+ ip4.addr = "10.243.113.226";
+ ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af6";
+ aliases = [
+ "caxi.r"
+ "caxi.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxNh1xhvCFzjUOmBq+F6NjUdntKh/7qo7LrsXjPVn92r1hGTVHJO1
+ E+XP5dabZ/mFWySY8GvG7XlZ27wsjkvHEyb16IhOqYrnaONf9LifAWQ3qBlHtp1T
+ eZeP6wcXLhR/pOPy0pT6EABmDHbOzErjYv4pdrXHuxlM10Ljtpp3mClNeXY9eby+
+ HekEE8LY8/zWqJ90lMaxPhLh1VqEvTVTnem5e1F8HDzNvRWa0kWUYG33zPQMyKgR
+ BCvp1DR7Y2LwDmGKnhzBm4JTcP+fcs+z/eGie/CEIgFM0BFJaTBAYZOtUlhBSe0y
+ UYE2W9CJkPN2Uepf53nPnshjKC64fgTr7wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdJ4xGi+qn4IfMZJ3Kv7AGZGbhlR+GrkD87z2tcyRZy";
+ };
+ cd = {
cores = 2;
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23
- mx23 60 IN A ${nets.internet.ip4.addr}
- cd 60 IN A ${nets.internet.ip4.addr}
- cgit 60 IN A ${nets.internet.ip4.addr}
- cgit.cd 60 IN A ${nets.internet.ip4.addr}
+ mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cgit 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cgit.cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
- nets = rec {
+ nets = {
internet = {
ip4.addr = "45.62.237.203";
aliases = [
@@ -33,7 +75,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
- via = internet;
+ via = config.krebs.hosts.cd.nets.internet;
ip4.addr = "10.243.113.222";
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
aliases = [
@@ -62,49 +104,48 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
};
- mkdir = rec {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "104.167.114.142";
+ ju = {
+ nets = {
+ gg23 = {
+ ip4.addr = "10.23.1.144";
aliases = [
- "mkdir.i"
- "mkdir.internet"
+ "ju.gg23"
];
};
retiolum = {
- via = internet;
- ip4.addr = "10.243.113.223";
- ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4";
+ ip4.addr = "10.243.13.39";
+ ip6.addr = "42:0:0:0:0:0:0:1339";
aliases = [
- "mkdir.r"
- "mkdir.retiolum"
- "cgit.mkdir.r"
- "cgit.mkdir.retiolum"
+ "ju.r"
+ "ju.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
+ MIICCgKCAgEAy2xyuOJ/G7uuXz8SfL8mkeX/YwAqnty98/h4BGHwd4ENLt2cUtim
+ BUjVFIWdIMRds+4H8UtveGSeuYgRs3CpQeNuAeq20YlwoxeZgsc8mA+FP/zeN10n
+ OAaP/+BTLKAHQ3Ixq41vLrFXU4Ah53YhOw1LqxQG80Tcr4J8Yehx+mrdGhcDnp2p
+ 4QpMLtMoAn0dQ3K5muZUQzGMHamLIril8hDKkJPqBVN0DRQ2lAVcK70AcqyuFIUM
+ rWkG8gI7AT1bhZ3viIMX9wjpuA3BaitqIEyUCjWv2ZLy2HmTDGGfhEqNYdx/pXKt
+ HToZk1XPnNfopFFtOHiSh1P06VqPex6MIHpbgEf7cVlxxNUOH2qssPGbo6ulzGyo
+ YLeJZNP+1GxPLtyBBSiFApGdJBH8aMlQlz0vjFIdmJbIbUhSSi1TOtbQuB1SCvYO
+ rp9Hm9Ah0508kxLfGlmKdQ3zO3wKbmPqCjwqSGsgtHn3KZzhgr+pTwgHIKdur1VU
+ yW0vvj2ofyajgAb53cM77ScIHwbimkZ0/CbAVeM1z7OXOQ5ruXW/FVCZPe+clY2F
+ ah6UOM5FdI+AYWOhkbP1EP0DGugHs5YUgTxOMMwot1TkxD/y4CZ/ctukoWZrIHHR
+ vKpLhs9nWcnVXRP/trLtVl2okhs1vTYqgArgH6C0jbSXoNQbnZ+a860CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu";
};
- ire = rec {
+ ire = {
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
- ire 60 IN A ${nets.internet.ip4.addr}
+ ire 60 IN A ${config.krebs.hosts.ire.nets.internet.ip4.addr}
'';
};
- nets = rec {
+ nets = {
internet = {
ip4.addr = "198.147.22.115";
aliases = [
@@ -115,7 +156,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
- via = internet;
+ via = config.krebs.hosts.ire.nets.internet;
ip4.addr = "10.243.231.66";
ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c";
aliases = [
@@ -195,7 +236,7 @@ with config.krebs.lib;
};
nomic = {
cores = 2;
- nets = rec {
+ nets = {
gg23 = {
ip4.addr = "10.23.1.110";
aliases = ["nomic.gg23"];
@@ -234,41 +275,6 @@ with config.krebs.lib;
};
};
};
- rmdir = rec {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "167.88.34.182";
- aliases = [
- "rmdir.i"
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.113.224";
- ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
- aliases = [
- "rmdir.r"
- "rmdir.retiolum"
- "cgit.rmdir.r"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLuhLRmt8M5s2Edwwl9XY0KAAivzmPCEweesH5/KhR4";
- };
schnabeldrucker = {
nets = {
gg23 = {
@@ -352,53 +358,55 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
+ zu = {
+ cores = 4;
+ nets = {
+ #gg23 = {
+ # ip4.addr = "";
+ # aliases = ["zu.gg23"];
+ # ssh.port = 11423;
+ #};
+ retiolum = {
+ ip4.addr = "10.243.13.40";
+ ip6.addr = "42:0:0:0:0:0:0:1340";
+ aliases = [
+ "zu.r"
+ "zu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAti6y+Qkz80oay6H2+ANROWdH4aJS54ST8VhFxRB3WdnlDFG/9t6d
+ idU87uxW5Xmfm6nvpO0OPhG4E3+UI7KtWP71nnducpLV6gfob4f2xNGVG435CJ6u
+ BgorbneUbJEfr4Bb0xd46X2BtLqi5/vUY3M5KMGE2sMdyL2/7oujEI8zQJCse95a
+ OhDZdF2bCDEixCHahNprkQrD8t1lNYoLR2qtDZ5psIh5vgdp0WOOMGvUkCDkNjWj
+ /NKaRXPhUVRDLRFEzMZhtFtSHzaofzrhGFoU1rGZwc/XopqpiFi0D7L++TiNqKAk
+ b9cXwDAI50f8dJagPYtIupjN5bmo+QhXcQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_rsa>;
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
+ };
};
- users = rec {
+ users = {
mv = {
mail = "mv@cd.r";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
};
tv = {
mail = "tv@nomic.r";
- pgp.pubkeys.default = ''
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mQINBFbJ/B0BEADZx8l5gRurzhEHcc3PbBepdZqDJQZ2cGHixi8VEk9iN25qJO5y
- HB0q5sQRsh7oNCbzKp6qRhaG9kXmEda+Uu+qbHWxE32QcT76+W8npH73qthaFwC/
- 5RA8KcSE8/XFxVBnVb14PNVHyAVxPHawawbhsOeaiZcHrq5IF6sVzcsc2KN87sIE
- SthR4E01LBK4AFeFuKxga9OKFQV5WJNrihu+6H4wZwUfMpbE552N1rggxT4CouqZ
- RocSg+el/aPRj3Jk9jDe/JFv4HU7KfioOD+NO8xLAkyw3aLsu/bv9nfUvcvTGeRp
- z31UOjpNYpT3PS0+lNCUKQKUadAmhwU95V/0GdhadgxCFcS65qNO7ZZYDJqMIT2y
- YH1d9MaVPDQD9W2v0ITCJcrks9p47o+C8zzDlcVr2VEGrTSngRDkWVNYjKwd3L8w
- HuaTarqOprLzeZ6yblcLVOrW8tGTmxum0jB4Fn3enpTyJNzCfp6c0CoYp/ZziQ82
- 2jgLWuqKv3EKhX9aCUUgbeDFhnsM3GzdT5qYupX7UyWTLfiUlAEUQUgtyM7yBUNN
- PsD5OeYeRQ/xFzUO30kglbjXOOUQpm7kyX38OJA01JdOOhXNI7BTvkFZsJzBLoVM
- AdK3LvF4Rjau3HzYqL1Cr0ai1Y9jZVXP3vimcvUcI9bTRg9pMfD8LekiQQARAQAB
- tAl0diA8dHZAcj6JAj0EEwEIACcFAlbJ/B0CGwMFCQHhM4AFCwkIBwIGFQgJCgsC
- BBYCAwECHgECF4AACgkQJdgKWiyu47Xwow//ZS6Y1UcTDxHa066AQxL5UWL86Jj4
- pIw3k630384VrUlStP+OcwOSwa4igvyIUPrOhVLynkijNsutg6KAVi8BrtSZ8ZcP
- 58gnyCPCQG4Ir0cSanp/GxMxfHKdEMyfMOopTLusLBa55VPr7sYrNi7WY20aojjJ
- 05bviSrFv0+u9dEJGmCChLDv+IhHJDe4zXHbmwspGDMwlhy/E/clSZG7a1yoJjLf
- DpqRVn8KmICqMX0lvBP6fsS51pSD0n82kCpedLZmnwYEHCp+Bkx/Cla7aS33N1+n
- 5CUAR6HQvPT91LsLK/h/BKZ+SHAg4j7hANSfMFO+/0A5pby3JBo6Fck0LvrEMyog
- 6oGedzszZztO1eSJ5h0UQlowD4g0Y7wlWrR8znvdO1gBxQpGIjZXKqGRcuIPNZpu
- lgqIXw/pX6b0CWh2GsbHGE0FfIkBkgW2A2akA8cGEiKqOdp/kP4o7VGCLI5iZXZA
- ZY405gOo3ePTTRJ3zxF7YFRzjMhTlc6KtLiA9/Wps67lrOU0w/O8Dd+zYxmZoani
- lnXaqOj32/UCW76fZ+ovUzKP2lav5wf3tpJeekjV5Zs5dNpAYmrK6EuW7LvUg5lm
- 7i5yz8yuD/xU6R3o1FycogDU6H0JtdFDYTJI9gd5EzNe3UNUEzBJF1yqQFwiW6xY
- 3yFvks3C6e58YNE=
- =Sqyp
- -----END PGP PUBLIC KEY BLOCK-----
- '';
+ pgp.pubkeys.default = readFile ./pgp/CBF89B0B.asc;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
uid = 1337; # TODO use default and document what has to be done (for vv)
};
tv-nomic = {
- inherit (tv) mail;
+ inherit (config.krebs.users.tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
};
tv-xu = {
- inherit (tv) mail;
+ inherit (config.krebs.users.tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
vv = {
diff --git a/krebs/3modules/tv/pgp/CBF89B0B.asc b/krebs/3modules/tv/pgp/CBF89B0B.asc
new file mode 100644
index 000000000..e059116ae
--- /dev/null
+++ b/krebs/3modules/tv/pgp/CBF89B0B.asc
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBExit7IBEADGZ3O0lTSYchBVzY+zEgnpeFwGNvSII3yGmB23iNbJdC150gFl
+qYyrFLmuaR7gKBI96h9LH0zIT0bkeonymfJ08TgtCbjB5GAeyJJWWICLltyqYagi
+Fm0Fj/9WaxLEPP4DibFKMY0i7iAkoG9K7CKvNQuz10IP2xU1nIWx42xd+/ALEPxM
+EcB5BwFa+d2gSU5epu5J+lQ1qy1x28yoHsX30xGXgkLdLWYNtFdKqtpX7CJnCvDu
+JcKK17qHZkBBxnuhFG9DoJXR1+adsFPqkmqSTEh4P2HjkIqEPYK/i2nHtkj5oPCt
+I5kPFuvAd+mXum/25QAa2kla8pGkicTgG1JAtCe6uwcbg77b+d1YzV5WvMIEUDIU
+brSzKZCGNe5hqs4kE+yxetkWUR0jbxnfJ19AICfvQMLrz8CfiIC8ifw9QkQuvCI0
+1fs+lp0zsdOTOkuOpVOsxYRaBWoOlHGfSbwG2BRBlmOlejq3Y7QsNhdbXn8KNQaC
+dW0wz/FjXQGxWmsW+s1PlLB48Tl/sUlLkVPAwt1r+l6O5a5cWjWD9IEijtRfz1RF
+X2cI9udwMFDNZNE0yWUeZ0azZCinPnB/myTZM4o3QVinSKP+PQmBBkJLlZIRvS0N
+UME8FqtEsGWGAj9KsnujlGRnqZ5px5EA6BfIwe045XFYxvzpukb3Cg40KwARAQAB
+tClUb21pc2xhdiBWaWxqZXRpxIcgPHRvbWlzbGF2QHZpbGpldGljLmRlPokCNwQT
+AQgAIQUCTGK3sgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCV4pbny/ib
+C2v8EAC3dw38733IyqZQR11/vzR1OuTCKIQDSxHr5JxrRAHOyMPGKgEbr9Ls4BsP
+mcTM0+bXC/3bI7WNIEvOc3naMiqhX2ZfHH7dAYDAdq4mc9H9kdYINin1nqh9LyGg
+8mlrorEIFQHVzAW0/D7xLxc4oKM35h7WZWzXXvENFtEIiE0/UwIRnY0hU2ARO7Yk
+oK3V6eW0cyFxzSFDuv3bcv4eEUhgl5D7ag7VuMWtiMMnlr0owJqFNCAHjplTuoLK
+o5hHKpLSOMDTSCe17vP7kzW8BkxifA9fnoARrAdXxoCeL1/IwIn7xS+pS3t7ISb5
+9XrIRdECdnPfY4NqoYzkeX0UfVxmq5UvX065gx2Ky6kNEa34kV/EWoyARwx3cApz
+Z9SBwa8ehetIUN4jnnzCx1Jb71gaODljr5Jv7TPPKBy65XMc6j0dAmWerFJgVlI7
+bSngdM7UmICcPNoXBDURpJC3CgJxLzSv0pPD1bHV6wtEepTGEFp1gNfvxhAVSFz0
+yRy99TRgqcjLNIEnT49G8Z1K3xN03UAUDAbw9fEzqxaeE9zaAe9ru8aFZXu1gG07
+oDwrQyDT4ZnsKhzOXTNWGkoTAyqwWZzeEGZzdQJohugHKTRPYs0XXZd+9zELjn8A
+i5TX6QpPBYrFB4kwZ7zPWaI0PlQGxUFtq5yH50PiO/ICUCjQ07kCDQRMYreyARAA
+sWfy98raOfpV7pheRVKkS1YbU0u2Ha+lciflhr+o0HXoWiPwl54hiferwQ5/OQTB
+M7kxqxboadGNu4qU+NIYsQoapmsF/olVxVdm/GL7Ykfwa/gpQEIKgZrRXKgIpUNH
+mWs+NnApEDt0lx31x4Ur+wynPFhlhha7Ag/7g2pigGGuxKcC41rTUT6wHXXvuTiI
+5uL9b2yjq+3STRI2ncgYHn9q2MTegGBS14uxvbpMVp4/xnnJAJ0lhexIFe3t/tnx
+qdq3o5fHkGU3ATvug8Tyg1hOoF2c4WeaC+8Oc8n/W03oxP1LrbuDdLgE4bYcPRRd
+NmsZCrc37zc6QiBll4CqjeKo/2qzAV1JU0KBZGMTTlbB2YZ41luzhCtWn0CR0JJQ
+8Aap724Xo8LOsbERGRpBwtWsKEUa2YqAa3UlOQaiuBFGF+N2Pl/gh4F8RW4Qz1Qd
+vnGiczi69d2Nmh6GUTINIrrENbYCpU/rtBT//2WZqniH3Wj/CcugKDgZussLlzYB
+IEvGujQZtdjOjSQHXl4WeuHF2apYehVQyhPVgRcsdd2qlopr2ZsqjWCSSPuqD8kn
+HFYZ9IBgC6YwEpD+P+/P4OZ5fqS1/4AfR4XiXkPoMn/qXha8yvxhPQUATcJsUlYh
+uY6ZRHeckp6BhyfhicauOCu8d8AAtTuWzs9IB1yX1AEAEQEAAYkCHwQYAQgACQUC
+TGK3sgIbDAAKCRCV4pbny/ibC67SD/9lkPTGeG1EX4s8gOtNUbhY4RvkXN0mC7mE
+1BVG7KgqvDGMsuFvLcgRGzDlNuWC3XV74SU0P7rueCCijVv8f1PqD7LnfBaCob7C
+svR9RTrqRsyhC8Cj0G35mZ2DGpZ7xtcwX8Sd9AELyovPK1RzZcA771IINory8ZsM
+tPW2uRpOcDECl4wAuEXPjpBoFNFWifi8wnUPLvUnm0GBOhHaqXogUOiyUVJaaoJ8
+dAlSxX0/uYaLlHR5B499nEuqcY4Aa6tDQ0/Kx+qgwN7r+PqaJsnklQRUIkRwqXgx
+qvRe73w5ESD9BKyK//X5ZO0H1mbUBqGkVN9EdlcKrfCNeu6ZNkjWaGoblF0+DvfP
++xBjlwZkfh2ZVWoOhFkCADAcFkvu47Amo39rmL92K1H35YqWzflZfV8Z/DA/YhIm
+HE58C6uNFsY45pfE3zbv0IS4LXF7F4pKjH2bdqoe03hcdtHkGCCyyOaeYmvMV5e2
+UMBPBHdRl97g3fHwUmDlajcLb1+UZzbaD2xr+mVipRThD5aiq87s9ZTppMwyianY
+fWcjvTDBaA64fbrSA5rFb96kBwDVy0vlFxhi9dMDvnNe3UaVjriRsG/LUhAKLsIt
+gZMAaH20vsK+2hP6gVlYGU/wDxHYMUWNY8vEPWtay+zlWKC0I/p25du33YCKfO1G
+fkFTVQAlNA==
+=bamb
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index afff17296..296748333 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -58,6 +58,10 @@ let out = rec {
genAttrs' = names: f: listToAttrs (map f names);
+ getAttrs = names: set:
+ listToAttrs (map (name: nameValuePair name set.${name})
+ (filter (flip hasAttr set) names));
+
setAttr = name: value: set: set // { ${name} = value; };
optionalTrace = c: msg: x: if c then trace msg x else x;
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 0d5b51f76..aa7b7a9f5 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -76,7 +76,6 @@ types // rec {
default =
optional (config.ip4 != null) config.ip4.addr ++
optional (config.ip6 != null) config.ip6.addr;
- readOnly = true;
};
aliases = mkOption {
# TODO nonEmptyListOf hostname
@@ -162,11 +161,21 @@ types // rec {
secret-file = submodule ({ config, ... }: {
options = {
- path = mkOption { type = str; };
- mode = mkOption { type = file-mode; default = "0400"; };
+ name = mkOption {
+ type = filename;
+ default = config._module.args.name;
+ };
+ path = mkOption {
+ type = absolute-pathname;
+ default = "/run/keys/${config.name}";
+ };
+ mode = mkOption {
+ type = file-mode;
+ default = "0400";
+ };
owner = mkOption {
type = user;
- default = config.krebs.users.root;
+ default = users.root;
};
group-name = mkOption {
type = str;
@@ -174,7 +183,7 @@ types // rec {
};
source-path = mkOption {
type = str;
- default = toString <secrets> + "/${config._module.args.name}";
+ default = toString <secrets> + "/${config.name}";
};
};
});
@@ -342,7 +351,9 @@ types // rec {
absolute-pathname = mkOptionType {
name = "POSIX absolute pathname";
check = x: let xs = splitString "/" x; xa = head xs; in
- isString x && (xa == "/" || (xa == "" && all filename.check (tail xs)));
+ isString x
+ && stringLength x > 0
+ && (xa == "/" || (xa == "" && all filename.check (tail xs)));
merge = mergeOneOption;
};
diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix
index c4a362757..fc3710820 100644
--- a/krebs/5pkgs/Reaktor/default.nix
+++ b/krebs/5pkgs/Reaktor/default.nix
@@ -3,6 +3,9 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
version = "0.5.1";
+
+ doCheck = false;
+
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
python3Packages.requests2
diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix
index 924e0c086..da7052f38 100644
--- a/krebs/5pkgs/builders.nix
+++ b/krebs/5pkgs/builders.nix
@@ -74,33 +74,59 @@ rec {
writeOut = name: specs0:
let
- specs = mapAttrsToList (path0: spec0: rec {
- path = guard {
- type = types.pathname;
- value = path0;
- };
- var = "file_${hashString "sha1" path}";
- text = spec0.text;
- executable = guard {
- type = types.bool;
- value = spec0.executable or false;
+ writers.link =
+ { path
+ , link
+ }:
+ assert path == "" || types.absolute-pathname.check path;
+ assert types.package.check link;
+ {
+ install = /* sh */ ''
+ ${optionalString (dirOf path != "/") /* sh */ ''
+ ${pkgs.coreutils}/bin/mkdir -p $out${dirOf path}
+ ''}
+ ${pkgs.coreutils}/bin/ln -s ${link} $out${path}
+ '';
};
- mode = guard {
- type = types.file-mode;
- value = spec0.mode or (if executable then "0755" else "0644");
+
+ writers.text =
+ { path
+ , executable ? false
+ , mode ? if executable then "0755" else "0644"
+ , text
+ }:
+ assert path == "" || types.absolute-pathname.check path;
+ assert types.bool.check executable;
+ assert types.file-mode.check mode;
+ rec {
+ var = "file_${hashString "sha1" path}";
+ val = text;
+ install = /* sh */ ''
+ ${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
+ '';
};
- }) specs0;
- filevars = genAttrs' specs (spec: nameValuePair spec.var spec.text);
+ write = spec: writers.${spec.type} (removeAttrs spec ["type"]);
+
+ specs =
+ mapAttrsToList
+ (path: spec: let
+ known-types = [ "link" "text" ];
+ found-types = attrNames (getAttrs known-types spec);
+ type = assert length found-types == 1; head found-types;
+ in spec // { inherit path type; })
+ specs0;
+
+ files = map write specs;
+
+ filevars = genAttrs' (filter (hasAttr "var") files)
+ (spec: nameValuePair spec.var spec.val);
env = filevars // { passAsFile = attrNames filevars; };
in
pkgs.runCommand name env /* sh */ ''
set -efu
- PATH=${makeBinPath [pkgs.coreutils]}
- ${concatMapStrings (spec: /* sh */ ''
- install -m ${spec.mode} -D ''$${spec.var}Path $out${spec.path}
- '') specs}
+ ${concatMapStringsSep "\n" (getAttr "install") files}
'';
writeHaskell =
@@ -205,6 +231,17 @@ rec {
'';
};
+ writeJq = name: src: pkgs.runCommand name {} /* sh */ ''
+ name=${assert types.filename.check name; name}
+ src=${shell.escape src}
+
+ # syntax check
+ printf '%s' "$src" > src.jq
+ ${pkgs.jq}/bin/jq -f src.jq < /dev/null
+
+ cp src.jq "$out"
+ '';
+
writeNixFromCabal =
trace (toString [
"The function `writeNixFromCabal` has been deprecated in favour of"
@@ -213,4 +250,6 @@ rec {
(name: path: pkgs.runCommand name {} /* sh */ ''
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
+
+ writeSed = makeScriptWriter "${pkgs.gnused}/bin/sed -f";
}
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index f2bbaf7f4..cdab64212 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -38,14 +38,6 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
- #buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
- # inherit (pkgs.pythonPackages) twisted jinja2;
- # dateutil = pkgs.pythonPackages.dateutil_1_5;
- # sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
- # doCheck = false;
- # });
- #};
-
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = pkgs.symlinkJoin args;
diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix
index f82c7e8b7..7dda86601 100644
--- a/krebs/5pkgs/get/default.nix
+++ b/krebs/5pkgs/get/default.nix
@@ -1,12 +1,12 @@
{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }:
stdenv.mkDerivation {
- name = "get-1.4.0";
+ name = "get-1.4.1";
src = fetchgit {
url = http://cgit.cd.krebsco.de/get;
- rev = "08757d47c480c130d69270855c6c0371f6b7d385";
- sha256 = "7c609e2cde7a071bbf62241a7bea60313fdbf076b9f7b3d97226417e13e5ba9d";
+ rev = "41c0c35805ec1708729f73d14650d8ebc94a405b";
+ sha256 = "0rx1qsbb4py14795yhhqwlvaibj2569fqm7x2671l868xi59h9f9";
};
phases = [
diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix
index c8e8c8f53..6f2cb8b6a 100644
--- a/krebs/5pkgs/git-hooks/default.nix
+++ b/krebs/5pkgs/git-hooks/default.nix
@@ -8,13 +8,14 @@ let
};
# TODO irc-announce should return a derivation
- irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: ''
+ irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
#! /bin/sh
set -euf
export PATH=${makeBinPath (with pkgs; [
coreutils
git
+ gnugrep
gnused
])}
@@ -54,6 +55,12 @@ let
h=$(echo $ref | sed 's:^refs/heads/::')
+ ${optionalString (branches != []) ''
+ if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then
+ echo "we are not serving this branch: $h"
+ exit 0
+ fi
+ ''}
# empty_tree=$(git hash-object -t tree /dev/null)
empty_tree=4b825dc6
diff --git a/krebs/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix
index 9dd166adc..fb8b65ea1 100644
--- a/krebs/5pkgs/go/default.nix
+++ b/krebs/5pkgs/go/default.nix
@@ -22,7 +22,7 @@ in nodePackages.buildNodePackage {
name = "go";
src = fetchgit {
- url = "http://cgit.echelon/go/";
+ url = "http://cgit.lassul.us/go/";
rev = "05d02740e0adbb36cc461323647f0c1e7f493156";
sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f";
};
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index a3cc9d7b3..5aa35f5a7 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -13,7 +13,6 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
- ../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 97734a7bd..8d944ed40 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -11,7 +11,7 @@ in {
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
#../2configs/redis.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 10b00de47..51d2afe84 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -26,6 +26,9 @@ with builtins;
enable = true;
};
}
+ {
+ lass.power-action.battery = "BAT1";
+ }
];
krebs.build.host = config.krebs.hosts.helios;
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 062e4c29d..d065d4dfa 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -3,6 +3,7 @@
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/programs.nix
@@ -14,14 +15,9 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
- #../2configs/texlive.nix
- ../2configs/binary-caches.nix
- #../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
- #../2configs/wordpress.nix
../2configs/bitlbee.nix
- #../2configs/firefoxPatched.nix
../2configs/skype.nix
../2configs/teamviewer.nix
../2configs/libvirt.nix
@@ -29,7 +25,7 @@
../2configs/c-base.nix
../2configs/mail.nix
../2configs/krebs-pass.nix
- ../2configs/umts.nix
+ ../2configs/repo-sync.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -58,16 +54,19 @@
# };
#}
{
+ lass.umts = {
+ enable = true;
+ modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
+ initstrings = ''
+ Init1 = AT+CFUN=1
+ Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ '';
+ };
}
];
krebs.build.host = config.krebs.hosts.mors;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -77,7 +76,6 @@
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@@ -168,22 +166,6 @@
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
-
environment.systemPackages = with pkgs; [
acronym
cac-api
@@ -214,15 +196,11 @@
};
};
- services.mongodb = {
- enable = true;
+ krebs.repo-sync.timerConfig = {
+ OnCalendar = "00:37";
};
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
+ services.mongodb = {
+ enable = true;
};
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 9a9bd4730..1eb81cd0a 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }:
+with config.krebs.lib;
+
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
@@ -19,14 +21,27 @@ in {
../2configs/privoxy-retiolum.nix
../2configs/radio.nix
../2configs/buildbot-standalone.nix
+ ../2configs/repo-sync.nix
+ ../2configs/binary-cache/server.nix
{
imports = [
../2configs/git.nix
- ( manageCerts [ "cgit.lassul.us" ])
- ];
- krebs.nginx.servers.cgit.server-names = [
- "cgit.lassul.us"
];
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
}
{
users.extraGroups = {
@@ -66,8 +81,6 @@ in {
}
{
- #boot.loader.gummiboot.enable = true;
- #boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
devices = [
"/dev/sda"
@@ -110,10 +123,6 @@ in {
{
sound.enable = false;
}
- #{
- # #workaround for server dying after 6-7h
- # boot.kernelPackages = pkgs.linuxPackages_4_2;
- #}
{
nixpkgs.config.allowUnfree = true;
}
@@ -202,7 +211,7 @@ in {
}
{
imports = [
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
];
krebs.nginx.servers."lassul.us".locations = [
(lib.nameValuePair "/wallpaper.png" ''
@@ -210,30 +219,6 @@ in {
'')
];
}
- {
- services.nix-serve = {
- enable = true;
- secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
- };
- systemd.services.nix-serve = {
- requires = ["secret.service"];
- after = ["secret.service"];
- };
- krebs.secret.files.nix-serve-key = {
- path = "/run/secret/nix-serve.key";
- owner.name = "nix-serve";
- source-path = toString <secrets> + "/nix-serve.key";
- };
- krebs.nginx = {
- enable = true;
- servers.nix-serve = {
- server-names = [ "cache.prism.r" ];
- locations = lib.singleton (lib.nameValuePair "/" ''
- proxy_pass http://localhost:${toString config.services.nix-serve.port};
- '');
- };
- };
- }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 073d86790..96d64bda3 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -4,6 +4,7 @@ with builtins;
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/git.nix
../2configs/exim-retiolum.nix
@@ -20,34 +21,10 @@ with builtins;
# };
# };
#}
- {
- #x220 config from mors
- #TODO: make x220 config file (or look in other user dir)
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
- }
];
krebs.build.host = config.krebs.hosts.shodan;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -57,7 +34,6 @@ with builtins;
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 92996c181..83553f5ca 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -16,6 +16,12 @@ with builtins;
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/skype.nix
+ {
+ lass.umts = {
+ enable = true;
+ modem = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0";
+ };
+ }
];
krebs.build.host = config.krebs.hosts.uriel;
@@ -33,8 +39,8 @@ with builtins;
#loader.grub.version = 2;
#loader.grub.device = "/dev/sda";
- loader.gummiboot.enable = true;
- loader.gummiboot.timeout = 5;
+ loader.systemd-boot.enable = true;
+ loader.timeout = 5;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
new file mode 100644
index 000000000..108ff7a1e
--- /dev/null
+++ b/lass/2configs/binary-cache/client.nix
@@ -0,0 +1,9 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = ["http://cache.prism.r"];
+ binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ };
+}
+
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..22ec04307
--- /dev/null
+++ b/lass/2configs/binary-cache/server.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key my-secret-key my-public-key
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.prism.r" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+}
+
diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix
deleted file mode 100644
index c2727520d..000000000
--- a/lass/2configs/binary-caches.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- nix.sshServe.enable = true;
- nix.sshServe.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
- ];
- nix.binaryCaches = [
- #"scp://nix-ssh@mors"
- #"scp://nix-ssh@uriel"
- ];
-}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 7d3c236a6..04bdcf9d8 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -37,13 +37,12 @@ in {
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
- build-all-scheduler = ''
- # build all lass hosts
+ build-scheduler = ''
+ # build all hosts
sched.append(schedulers.SingleBranchScheduler(
- ## only master
- change_filter=util.ChangeFilter(branch_re="master"),
+ change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=10,
- name="prism-master",
+ name="prism-all-branches",
builderNames=["build-all"]))
'';
};
@@ -52,11 +51,16 @@ in {
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
# TODO: get nixpkgs/stockholm paths from krebs
- env = {
+ env_lass = {
"LOGNAME": "lass",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
+ env_makefu = {
+ "LOGNAME": "makefu",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
# prepare nix-shell
# the dependencies which are used by the test script
@@ -76,9 +80,18 @@ in {
build-all = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- #TODO: get hosts via krebs
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
- addShell(f,name="build-{}".format(i),env=env,
+ addShell(f,name="build-{}".format(i),env=env_lass,
+ command=nixshell + \
+ ["make \
+ test \
+ ssh=${sshWrapper} \
+ target=build@localhost:${config.users.users.build.home}/testbuild \
+ method=build \
+ system={}".format(i)])
+
+ for i in [ "pornocauster", "wry" ]:
+ addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \
["make \
test \
@@ -92,16 +105,17 @@ in {
factory=f))
'';
+
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
for i in [ "prism", "mors", "echelon" ]:
- addShell(f,name="populate-{}".format(i),env=env,
+ addShell(f,name="populate-{}".format(i),env=env_lass,
command=nixshell + \
["{}( make system={} eval.config.krebs.build.populate \
| jq -er .)".format("!" if "failing" in i else "",i)])
- addShell(f,name="build-test-minimal",env=env,
+ addShell(f,name="build-test-minimal",env=env_lass,
command=nixshell + \
["nix-instantiate \
--show-trace --eval --strict --json \
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 9e0e37e48..e3065ba84 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -8,6 +8,8 @@ with config.krebs.lib;
../2configs/mc.nix
../2configs/retiolum.nix
../2configs/nixpkgs.nix
+ ../2configs/binary-cache/client.nix
+ ../2configs/gc.nix
./backups.nix
{
users.extraUsers =
@@ -41,12 +43,6 @@ with config.krebs.lib;
};
};
}
- {
- nix = {
- binaryCaches = ["http://cache.prism.r"];
- binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
- };
- }
];
networking.hostName = config.krebs.build.host.name;
@@ -63,9 +59,7 @@ with config.krebs.lib;
then toString <stockholm/lass/2configs/tests/dummy-secrets>
else "/home/lass/secrets/${config.krebs.build.host.name}";
#secrets-common = "/home/lass/secrets/common";
- stockholm = if getEnv "dummy_secrets" == "true"
- then "/var/lib/buildbot/slave/build-all/build"
- else "/home/lass/stockholm";
+ stockholm = getEnv "PWD";
} // optionalAttrs config.krebs.build.host.secure {
#secrets-master = "/home/lass/secrets/master";
});
@@ -122,6 +116,7 @@ with config.krebs.lib;
krebspaste
pciutils
psmisc
+ q
rs
tmux
untilport
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
new file mode 100644
index 000000000..8762ad95e
--- /dev/null
+++ b/lass/2configs/gc.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+
+with config.krebs.lib;
+{
+ nix.gc = {
+ automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ];
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index c0affe981..9a1cab176 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -29,18 +29,10 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
- painload = {};
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
};
- wai-middleware-time = {};
- web-routes-wai-custom = {};
- go = {};
- newsbot-js = {};
kimsufi-check = {};
- realwallpaper = {};
- xmonad-stockholm = {};
- the_playlist = {};
} // mapAttrs make-public-repo-silent {
the_playlist = {};
};
@@ -50,8 +42,6 @@ let
brain = {
collaborators = with config.krebs.users; [ tv makefu ];
};
- extraction_webinterface = {};
- politics-fetching = {};
} //
import <secrets/repos.nix> { inherit config lib pkgs; }
);
@@ -66,6 +56,7 @@ let
channel = "#retiolum";
server = "cd.retiolum";
verbose = config.krebs.build.host.name == "prism";
+ branches = [ "master" ];
};
};
};
@@ -84,12 +75,12 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ lass lass-helios lass-uriel ];
+ user = [ lass lass-uriel ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu miefda ];
+ user = [ tv makefu ];
repo = [ repo ];
perm = fetch;
} ++
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
new file mode 100644
index 000000000..be1faccea
--- /dev/null
+++ b/lass/2configs/hw/tp-x220.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+{
+ networking.wireless.enable = lib.mkDefault true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ zramSwap.enable = true;
+ zramSwap.numDevices = 2;
+
+ hardware.trackpoint = {
+ enable = true;
+ sensitivity = 220;
+ speed = 0;
+ emulateWheel = true;
+ };
+
+ services.tlp.enable = true;
+ services.tlp.extraConfig = ''
+ # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+ #START_CHARGE_THRESH_BAT0=80
+ STOP_CHARGE_THRESH_BAT0=95
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
+ '';
+
+ boot = {
+ kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+ };
+
+ hardware.opengl.extraPackages = [
+ pkgs.vaapiIntel
+ pkgs.vaapiVdpau
+ ];
+
+ services.xserver = {
+ videoDriver = "intel";
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ '';
+ };
+
+ security.rngd.enable = true;
+}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index c6d8a5f8c..0f940a369 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs = {
url = https://github.com/lassulus/nixpkgs;
- rev = "7d932301fe1d98a1ef1872a7124e8809279def74";
+ rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded";
};
}
diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix
deleted file mode 100644
index 7340fc7ca..000000000
--- a/lass/2configs/realwallpaper-server.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, lib, ... }:
-
-let
- hostname = config.krebs.build.host.name;
- inherit (lib)
- nameValuePair
- ;
-
-in {
- imports = [
- ./realwallpaper.nix
- ];
-
- krebs.nginx.servers.wallpaper = {
- server-names = [
- hostname
- ];
- locations = [
- (nameValuePair "/wallpaper.png" ''
- root /tmp/;
- '')
- ];
- };
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
- };
-}
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index c69cb1660..2ab52ed92 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -1,5 +1,30 @@
-{ config, ... }:
+{ config, lib, ... }:
-{
+let
+ hostname = config.krebs.build.host.name;
+ inherit (lib)
+ nameValuePair
+ ;
+
+in {
krebs.realwallpaper.enable = true;
+
+ krebs.nginx.servers.wallpaper = {
+ server-names = [
+ hostname
+ ];
+ locations = [
+ (nameValuePair "/wallpaper.png" ''
+ root /tmp/;
+ '')
+ ];
+ };
+
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+ };
}
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
new file mode 100644
index 000000000..45a4e2afd
--- /dev/null
+++ b/lass/2configs/repo-sync.nix
@@ -0,0 +1,106 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ mirror = "git@${config.networking.hostName}:";
+
+ defineRepo = name: announce: let
+ repo = {
+ public = true;
+ name = mkDefault "${name}";
+ cgit.desc = mkDefault "mirror for ${name}";
+ hooks = mkIf announce (mkDefault {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.networking.hostName;
+ verbose = false;
+ channel = "#retiolum";
+ server = "cd.retiolum";
+ branches = [ "newest" ];
+ };
+ });
+ };
+ in {
+ rules = with git; singleton {
+ user = with config.krebs.users; [
+ config.krebs.users."${config.networking.hostName}-repo-sync"
+ lass
+ lass-shodan
+ ];
+ repo = [ repo ];
+ perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+ };
+ repos."${name}" = repo;
+ };
+
+ sync-retiolum = name:
+ {
+ krebs.repo-sync.repos.${name} = {
+ makefu = {
+ origin.url = "http://cgit.gum/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ tv = {
+ origin.url = "http://cgit.cd/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ lassulus = {
+ origin.url = "http://cgit.prism/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ "@latest" = {
+ mirror.url = "${mirror}${name}";
+ mirror.ref = "heads/newest";
+ };
+ };
+ krebs.git = defineRepo name (config.networking.hostName == "prism");
+ };
+
+ sync-remote = name: url:
+ {
+ krebs.repo-sync.repos.${name} = {
+ remote = {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ };
+ };
+ krebs.git = defineRepo name (config.networking.hostName == "prism");
+ };
+
+ sync-remote-silent = name: url:
+ {
+ krebs.repo-sync.repos.${name} = {
+ remote = {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ };
+ };
+ krebs.git = defineRepo name false;
+ };
+
+in {
+ krebs.repo-sync = {
+ enable = true;
+ unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+ };
+ imports = [
+ (sync-remote "array" "https://github.com/makefu/array")
+ (sync-remote "email-header" "https://github.com/4z3/email-header")
+ (sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask")
+ (sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot")
+ (sync-remote "repo-sync" "https://github.com/makefu/repo-sync")
+ (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
+ (sync-remote "xintmap" "https://github.com/4z3/xintmap")
+ (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
+ (sync-retiolum "go")
+ (sync-retiolum "much")
+ (sync-retiolum "newsbot-js")
+ (sync-retiolum "painload")
+ (sync-retiolum "realwallpaper")
+ (sync-retiolum "stockholm")
+ (sync-retiolum "wai-middleware-time")
+ (sync-retiolum "web-routes-wai-custom")
+ (sync-retiolum "xmonad-stockholm")
+ ];
+}
+
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index c69d20633..8a2161e45 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -32,10 +32,10 @@ in {
(ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
- (ssl [ "pixelpocket.de" "www.pixelpocket.de" ])
+ (ssl [ "pixelpocket.de" ])
(servePage [ "pixelpocket.de" "www.pixelpocket.de" ])
- (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
+ (ssl [ "o.ubikmedia.de" ])
(serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
(ssl [
@@ -47,6 +47,7 @@ in {
"360gradvideo.tv"
"ubikmedia.eu"
"facts.cloud"
+ "youthtube.xyz"
"www.ubikmedia.de"
"www.aldona.ubikmedia.de"
"www.apanowicz.de"
@@ -55,6 +56,7 @@ in {
"www.360gradvideo.tv"
"www.ubikmedia.eu"
"www.facts.cloud"
+ "www.youthtube.xyz"
])
(serveWordpress [
"ubikmedia.de"
@@ -64,13 +66,15 @@ in {
"360gradvideo.tv"
"ubikmedia.eu"
"facts.cloud"
- "*.ubikmedia.de"
+ "youthtube.xyz"
"www.apanowicz.de"
"www.nirwanabluete.de"
"www.aldonasiech.com"
"www.360gradvideo.tv"
"www.ubikmedia.eu"
"www.facts.cloud"
+ "www.youthtube.xyz"
+ "*.ubikmedia.de"
])
];
@@ -79,6 +83,27 @@ in {
"o_ubikmedia_de"
];
+ krebs.backup.plans = {
+ prism-sql-domsen = {
+ method = "push";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; };
+ startAt = "00:01";
+ };
+ prism-http-domsen = {
+ method = "push";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; };
+ startAt = "00:10";
+ };
+ prism-o-ubikmedia-domsen = {
+ method = "push";
+ src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; };
+ dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; };
+ startAt = "00:30";
+ };
+ };
+
users.users.domsen = {
uid = genid "domsen";
description = "maintenance acc for domsen";
diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix
deleted file mode 100644
index bd59080d9..000000000
--- a/lass/2configs/wordpress.nix
+++ /dev/null
@@ -1,59 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- containers.wordpress = {
- privateNetwork = true;
- hostAddress = "192.168.101.1";
- localAddress = "192.168.101.2";
-
- config = {
- imports = [
- ../../krebs/3modules/iptables.nix
- ];
-
- krebs.iptables = {
- enable = true;
- tables = {
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
- };
- };
-
- environment.systemPackages = with pkgs; [
- iptables
- ];
-
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
-
- services.httpd = {
- enable = true;
- adminAddr = "root@apanowicz.de";
- extraModules = [
- { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
- ];
- virtualHosts = [
- {
- hostName = "wordpress";
- serverAliases = [ "wordpress" "www.wordpress" ];
-
- extraSubservices = [
- {
- serviceName = "wordpress";
- }
- ];
- }
- ];
- };
- };
- };
-}
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 80c947a7b..73b148bf7 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -91,9 +91,6 @@ let
set -efu
export PATH; PATH=${makeSearchPath "bin" ([
pkgs.rxvt_unicode
- pkgs.i3lock
- pkgs.pulseaudioLight
- pkgs.xorg.xbacklight
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 7299e9ac0..b221d7677 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -7,9 +7,6 @@
zsh-newuser-install() { :; }
'';
interactiveShellInit = ''
- HISTFILE=~/.histfile
- HISTSIZE=1000000
- SAVEHIST=100000
#unsetopt nomatch
setopt autocd extendedglob
bindkey -e
@@ -92,6 +89,11 @@
esac
'';
promptInit = ''
+ # TODO: figure out why we need to set this here
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+ SAVEHIST=$HISTSIZE
+
autoload -U promptinit
promptinit
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index b3037205e..6a3b41ca4 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -5,6 +5,7 @@ _:
./folderPerms.nix
./mysql-backup.nix
./power-action.nix
+ ./umts.nix
./urxvtd.nix
./wordpress_nginx.nix
./xresources.nix
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
index 9a4882644..83ca5dc2a 100644
--- a/lass/3modules/ejabberd/config.nix
+++ b/lass/3modules/ejabberd/config.nix
@@ -10,7 +10,7 @@ in toFile "ejabberd.conf" ''
[
{5222, ejabberd_c2s, [
starttls,
- {certfile, ${toErlang cfg.certfile}},
+ {certfile, ${toErlang cfg.certfile.path}},
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
@@ -27,7 +27,7 @@ in toFile "ejabberd.conf" ''
]}
]}.
{s2s_use_starttls, required}.
- {s2s_certfile, ${toErlang cfg.s2s_certfile}}.
+ {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}.
{auth_method, internal}.
{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
index c68f32ef0..18c7cd656 100644
--- a/lass/3modules/ejabberd/default.nix
+++ b/lass/3modules/ejabberd/default.nix
@@ -4,7 +4,12 @@ in {
options.lass.ejabberd = {
enable = mkEnableOption "lass.ejabberd";
certfile = mkOption {
- type = types.str;
+ type = types.secret-file;
+ default = {
+ path = "${cfg.user.home}/ejabberd.pem";
+ owner = cfg.user;
+ source-path = "/var/lib/acme/lassul.us/full.pem";
+ };
};
hosts = mkOption {
type = with types; listOf str;
@@ -17,12 +22,11 @@ in {
export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
exec ${pkgs.ejabberd}/bin/ejabberdctl \
--logs ${shell.escape cfg.user.home} \
- --spool ${shell.escape cfg.user.home} \
"$@"
'';
};
s2s_certfile = mkOption {
- type = types.str;
+ type = types.secret-file;
default = cfg.certfile;
};
user = mkOption {
@@ -36,9 +40,15 @@ in {
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+ krebs.secret.files = {
+ ejabberd-certfile = cfg.certfile;
+ ejabberd-s2s_certfile = cfg.s2s_certfile;
+ };
+
systemd.services.ejabberd = {
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
+ requires = [ "secret.service" ];
+ after = [ "network.target" "secret.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix
index 06a316270..30875c9a9 100644
--- a/lass/3modules/power-action.nix
+++ b/lass/3modules/power-action.nix
@@ -12,6 +12,10 @@ let
api = {
enable = mkEnableOption "power-action";
+ battery = mkOption {
+ type = types.str;
+ default = "BAT0";
+ };
user = mkOption {
type = types.user;
default = {
@@ -80,13 +84,13 @@ let
"if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
powerlvl = pkgs.writeDash "powerlvl" ''
- cat /sys/class/power_supply/BAT0/capacity
+ cat /sys/class/power_supply/${cfg.battery}/capacity
'';
state = pkgs.writeDash "state" ''
- if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Charging" ]
- then echo "true"
- else echo "false"
+ if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ]
+ then echo "false"
+ else echo "true"
fi
'';
diff --git a/lass/2configs/umts.nix b/lass/3modules/umts.nix
index c1fce9ea2..01adc0409 100644
--- a/lass/2configs/umts.nix
+++ b/lass/3modules/umts.nix
@@ -3,6 +3,36 @@
with config.krebs.lib;
let
+ cfg = config.lass.umts;
+
+ out = {
+ options.lass.umts = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "umts";
+ modem = mkOption {
+ type = types.str;
+ default = "/dev/ttyUSB0";
+ };
+ initstrings = mkOption {
+ type = types.str;
+ default = ''
+ Init1 = ATZ
+ Init2 = ATQ0 V1 E1 S0=0 &C1 &D2
+ '';
+ };
+ username = mkOption {
+ type = types.str;
+ default = "default";
+ };
+ password = mkOption {
+ type = types.str;
+ default = "default";
+ };
+ };
+
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs-channels";
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
@@ -11,33 +41,32 @@ let
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
- modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
+ #modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
+ modem-device = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0";
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
- systemctl stop wpa_supplicant
systemctl start umts
- trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT
+ trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
- Modem = ${modem-device}
- Init1 = AT+CFUN=1
- Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Modem = ${cfg.modem}
+ ${cfg.initstrings}
+ Modem Type = Analog Modem
Baud = 460800
phone= *99#
- Username = netzclub
- Password = netzclub
+ Username = ${cfg.username}
+ Password = ${cfg.password}
Stupid Mode = 1
Idle Seconds = 0
'';
-
- out = {
+ imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
@@ -58,5 +87,5 @@ let
};
};
};
-in out
+in out
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 73e41790d..c48188f9d 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -3,6 +3,9 @@
{
nixpkgs.config.packageOverrides = rec {
acronym = pkgs.callPackage ./acronym/default.nix {};
+ ejabberd = pkgs.callPackage ./ejabberd {
+ erlang = pkgs.erlangR16;
+ };
firefoxPlugins = {
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
@@ -10,6 +13,7 @@
};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
+ q = pkgs.callPackage ./q {};
rs = pkgs.callPackage ./rs/default.nix {};
untilport = pkgs.callPackage ./untilport/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
diff --git a/lass/5pkgs/ejabberd/default.nix b/lass/5pkgs/ejabberd/default.nix
new file mode 100644
index 000000000..3a77c5cd1
--- /dev/null
+++ b/lass/5pkgs/ejabberd/default.nix
@@ -0,0 +1,28 @@
+{stdenv, fetchurl, expat, erlang, zlib, openssl, pam, lib}:
+
+stdenv.mkDerivation rec {
+ version = "2.1.13";
+ name = "ejabberd-${version}";
+ src = fetchurl {
+ url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
+ sha256 = "0vf8mfrx7vr3c5h3nfp3qcgwf2kmzq20rjv1h9sk3nimwir1q3d8";
+ };
+ buildInputs = [ expat erlang zlib openssl pam ];
+ patchPhase = ''
+ sed -i \
+ -e "s|erl \\\|${erlang}/bin/erl \\\|" \
+ -e 's|EXEC_CMD=\"sh -c\"|EXEC_CMD=\"${stdenv.shell} -c\"|' \
+ src/ejabberdctl.template
+ '';
+ preConfigure = ''
+ cd src
+ '';
+ configureFlags = ["--enable-pam"];
+
+ meta = {
+ description = "Open-source XMPP application server written in Erlang";
+ license = stdenv.lib.licenses.gpl2;
+ homepage = http://www.ejabberd.im;
+ maintainers = [ lib.maintainers.sander ];
+ };
+}
diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix
new file mode 100644
index 000000000..571932b1d
--- /dev/null
+++ b/lass/5pkgs/q/default.nix
@@ -0,0 +1,185 @@
+{ pkgs, ... }:
+let
+ q-cal = let
+ # XXX 23 is the longest line of cal's output
+ pad = ''{
+ ${pkgs.gnused}/bin/sed '
+ # rtrim
+ s/ *$//
+
+ # delete last empty line
+ ''${/^$/d}
+ ' \
+ | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
+ | ${pkgs.gnused}/bin/sed '
+ # colorize header
+ 1,2s/.*/&/
+
+ # colorize week number
+ s/^[ 1-9][0-9]/&/
+ '
+ }'';
+ in ''
+ ${pkgs.coreutils}/bin/paste \
+ <(${pkgs.utillinux}/bin/cal -mw \
+ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
+ | ${pad}
+ ) \
+ <(${pkgs.utillinux}/bin/cal -mw \
+ | ${pkgs.gnused}/bin/sed '
+ # colorize day of month
+ s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/
+ ' \
+ | ${pad}
+ ) \
+ <(${pkgs.utillinux}/bin/cal -mw \
+ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
+ | ${pad}
+ ) \
+ | ${pkgs.gnused}/bin/sed 's/\t/ /g'
+ '';
+
+ q-isodate = ''
+ ${pkgs.coreutils}/bin/date \
+ '+%Y-%m-%dT%H:%M:%S%:z'
+ '';
+
+ q-gitdir = ''
+ if test -d .git; then
+ #git status --porcelain
+ branch=$(
+ ${pkgs.git}/bin/git branch \
+ | ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p'
+ )
+ echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch"
+ fi
+ '';
+
+ q-power_supply = ''
+ for uevent in /sys/class/power_supply/*/uevent; do
+ if test -f $uevent; then
+ eval "$(${pkgs.gnused}/bin/sed -n '
+ s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p
+ ' $uevent)"
+
+ if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then
+ continue
+ fi
+
+ charge_percentage=$(echo "
+ scale=2
+ $POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL
+ " | ${pkgs.bc}/bin/bc)
+
+ lfc=$POWER_SUPPLY_CHARGE_FULL
+ rc=$POWER_SUPPLY_CHARGE_NOW
+ #rc=2800
+ N=78; N=76
+ N=10
+ n=$(echo $N-1 | ${pkgs.bc}/bin/bc)
+ centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc)
+ deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc)
+ energy_evel=$(
+ echo -n '☳ ' # TRIGRAM FOR THUNDER
+ if test $centi -ge 42; then echo -n ''
+ elif test $centi -ge 23; then echo -n ''
+ elif test $centi -ge 11; then echo -n ''
+ else echo -n ''; fi
+ for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do
+ echo -n â– 
+ done
+ echo -n ''
+ for i in $(${pkgs.coreutils}/bin/seq $deci $n); do
+ echo -n â– 
+ done
+ echo '' $rc #/ $lfc
+ )
+ echo "$energy_evel $charge_percentage"
+ fi
+ done
+ '';
+
+ q-virtualization = ''
+ echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
+ '';
+
+ q-wireless = ''
+ for dev in $(
+ ${pkgs.iw}/bin/iw dev \
+ | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
+ ); do
+ inet=$(${pkgs.iproute}/bin/ip addr show $dev \
+ | ${pkgs.gnused}/bin/sed -n '
+ s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p
+ ') \
+ || unset inet
+ ssid=$(${pkgs.iw}/bin/iw dev $dev link \
+ | ${pkgs.gnused}/bin/sed -n '
+ s/.*\tSSID: \(.*\)/\1/p
+ ') \
+ || unset ssid
+ echo "$dev''${inet+ $inet}''${ssid+ $ssid}"
+ done
+ '';
+
+ q-online = ''
+ if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
+ echo 'online'
+ else
+ echo offline
+ fi
+ '';
+
+ q-thermal_zone = ''
+ for i in /sys/class/thermal/thermal_zone*; do
+ type=$(${pkgs.coreutils}/bin/cat $i/type)
+ temp=$(${pkgs.coreutils}/bin/cat $i/temp)
+ printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc)
+ done
+ '';
+
+ q-todo = ''
+ TODO_file=$HOME/TODO
+ if test -e "$TODO_file"; then
+ ${pkgs.coreutils}/bin/cat "$TODO_file" \
+ | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
+ BEGIN { print "remind=0" }
+ /^[0-9]/{
+ x = $1
+ gsub(".", "\\\\&", x)
+ rest = substr($0, index($0, " "))
+ rest = $0
+ sub(" *", "", rest)
+ gsub(".", "\\\\&", rest)
+ print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
+ echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
+ (( remind++ ))"
+ }
+ END { print "test $remind = 0 && echo \"nothing to remind\"" }
+ ' \
+ | {
+ # bash needed for (( ... ))
+ ${pkgs.bash}/bin/bash
+ }
+ else
+ echo "$TODO_file: no such file or directory"
+ fi
+ '';
+
+in
+# bash needed for <(...)
+pkgs.writeBashBin "q" ''
+ set -eu
+ export PATH=/var/empty
+ ${q-cal}
+ echo
+ ${q-isodate}
+ (${q-gitdir}) &
+ (${q-power_supply}) &
+ (${q-virtualization}) &
+ (${q-wireless}) &
+ (${q-online}) &
+ (${q-thermal_zone}) &
+ wait
+ ${q-todo}
+''
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 841821a7a..c07bd2b83 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -46,7 +46,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
myTerm :: String
-myTerm = "urxvtc"
+myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc"
myFont :: String
myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
@@ -108,11 +108,11 @@ displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
[ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f")
- , ("M4-p", spawn "passmenu --type")
- , ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
- , ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
- , ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
- , ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
+ , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
+ , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%")
+ , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%")
+ , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute 0 toggle")
+ , ("<XF86AudioMicMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-source-mute 1 toggle")
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("<XF86MonBrightnessUp>", spawn "xbacklight -steps 1 -time 1 -inc 3")
, ("<XF86MonBrightnessDown>", spawn "xbacklight -steps 1 -time 1 -dec 3")
diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix
deleted file mode 100644
index b85e686b5..000000000
--- a/miefda/1systems/bobby.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- ../.
- ../2configs/miefda.nix
- ../2configs/tlp.nix
- ../2configs/x220t.nix
- ../2configs/hardware-configuration.nix
- ../2configs/tinc-basic-retiolum.nix
- ../2configs/git.nix
- ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda";
-
- networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
-
- # Select internationalisation properties.
- i18n = {
- # consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "us";
- # defaultLocale = "en_US.UTF-8";
- };
-
- # Set your time zone.
- time.timeZone = "Europe/Amsterdam";
-
- # List packages installed in system profile. To search by name, run:
- # $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- wget chromium
- ];
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # Enable CUPS to print documents.
- services.printing.enable = true;
-
- # Enable the X11 windowing system.
- services.xserver.enable = true;
- services.xserver.layout = "us";
- # services.xserver.xkbOptions = "eurosign:e";
-
- # Enable the KDE Desktop Environment.
- #services.xserver.displayManager.kdm.enable = true;
- services.xserver.desktopManager = {
- xfce.enable = true;
- xterm.enable= false;
- };
-
- # Define a user account. Don't forget to set a password with ‘passwd’.
- users.extraUsers.miefda = {
- isNormalUser = true;
- initialPassword= "welcome";
- uid = 1000;
- extraGroups= [
- "wheel"
- ];
- };
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
-
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- search-domain = "retiolum";
- build = {
- host = config.krebs.hosts.bobby;
- user = config.krebs.users.miefda;
- source = {
- git.nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
- target-path = "/var/src/nixpkgs";
- };
- dir.secrets = {
- host = config.krebs.hosts.bobby;
- path = "/home/miefda/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- host = config.krebs.hosts.bobby;
- path = "/home/miefda/gits/stockholm";
- };
- };
- };
- };
-}
diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix
deleted file mode 100644
index 51679d2a5..000000000
--- a/miefda/2configs/git.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
-
- out = {
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos =
- public-repos //
- optionalAttrs config.krebs.build.host.secure restricted-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- painload = {};
- stockholm = {
- cgit.desc = "take all the computers hostage, they'll love you!";
- };
- #wai-middleware-time = {};
- #web-routes-wai-custom = {};
- #go = {};
- #newsbot-js = {};
- #kimsufi-check = {};
- #realwallpaper = {};
- };
-
- restricted-repos = mapAttrs make-restricted-repo (
- {
- brain = {
- collaborators = with config.krebs.users; [ tv makefu ];
- };
- } //
- import <secrets/repos.nix> { inherit config lib pkgs; }
- );
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "bobby";
- };
- };
- };
-
- make-restricted-repo = name: { collaborators ? [], ... }: {
- inherit collaborators name;
- public = false;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = miefda;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = [ lass tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix
deleted file mode 100644
index 3eb1f43fe..000000000
--- a/miefda/2configs/hardware-configuration.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = 4;
-}
diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix
deleted file mode 100644
index f17e8aa34..000000000
--- a/miefda/2configs/miefda.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
-
- #networking.wicd.enable = true;
-
-}
diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix
deleted file mode 100644
index f82fd6b03..000000000
--- a/miefda/2configs/tinc-basic-retiolum.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- "prism"
- "ire"
- ];
- };
-}
diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix
deleted file mode 100644
index 32f4f2ee7..000000000
--- a/miefda/2configs/tlp.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- hardware.cpu.intel.updateMicrocode = true;
-
- zramSwap.enable = true;
- zramSwap.numDevices = 2;
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 220;
- emulateWheel = true;
- };
-
-
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
- '';
-}
diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix
deleted file mode 100644
index 2d128e533..000000000
--- a/miefda/2configs/x220t.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-{
-
- services.xserver = {
- xkbVariant = "altgr-intl";
- videoDriver = "intel";
- # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- '';
- };
-
-
-
- services.xserver.displayManager.sessionCommands =''
- xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
- xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
- xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
- # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
- '';
-
- hardware.bluetooth.enable = true;
-
-
-}
diff --git a/miefda/default.nix b/miefda/default.nix
deleted file mode 100644
index 7f275c2eb..000000000
--- a/miefda/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-_:
-{
- imports = [
- ../krebs
- ];
-}
diff --git a/mv/2configs/bash_completion.sh b/mv/2configs/bash_completion.sh
deleted file mode 100644
index 537484fb9..000000000
--- a/mv/2configs/bash_completion.sh
+++ /dev/null
@@ -1,779 +0,0 @@
-
-# Expand variable starting with tilde (~)
-# We want to expand ~foo/... to /home/foo/... to avoid problems when
-# word-to-complete starting with a tilde is fed to commands and ending up
-# quoted instead of expanded.
-# Only the first portion of the variable from the tilde up to the first slash
-# (~../) is expanded. The remainder of the variable, containing for example
-# a dollar sign variable ($) or asterisk (*) is not expanded.
-# Example usage:
-#
-# $ v="~"; __expand_tilde_by_ref v; echo "$v"
-#
-# Example output:
-#
-# v output
-# -------- ----------------
-# ~ /home/user
-# ~foo/bar /home/foo/bar
-# ~foo/$HOME /home/foo/$HOME
-# ~foo/a b /home/foo/a b
-# ~foo/* /home/foo/*
-#
-# @param $1 Name of variable (not the value of the variable) to expand
-__expand_tilde_by_ref()
-{
- # Does $1 start with tilde (~)?
- if [[ ${!1} == \~* ]]; then
- # Does $1 contain slash (/)?
- if [[ ${!1} == */* ]]; then
- # Yes, $1 contains slash;
- # 1: Remove * including and after first slash (/), i.e. "~a/b"
- # becomes "~a". Double quotes allow eval.
- # 2: Remove * before the first slash (/), i.e. "~a/b"
- # becomes "b". Single quotes prevent eval.
- # +-----1----+ +---2----+
- eval $1="${!1/%\/*}"/'${!1#*/}'
- else
- # No, $1 doesn't contain slash
- eval $1="${!1}"
- fi
- fi
-} # __expand_tilde_by_ref()
-
-
-# Get the word to complete.
-# This is nicer than ${COMP_WORDS[$COMP_CWORD]}, since it handles cases
-# where the user is completing in the middle of a word.
-# (For example, if the line is "ls foobar",
-# and the cursor is here --------> ^
-# @param $1 string Characters out of $COMP_WORDBREAKS which should NOT be
-# considered word breaks. This is useful for things like scp where
-# we want to return host:path and not only path, so we would pass the
-# colon (:) as $1 in this case.
-# @param $2 integer Index number of word to return, negatively offset to the
-# current word (default is 0, previous is 1), respecting the exclusions
-# given at $1. For example, `_get_cword "=:" 1' returns the word left of
-# the current word, respecting the exclusions "=:".
-# @deprecated Use `_get_comp_words_by_ref cur' instead
-# @see _get_comp_words_by_ref()
-_get_cword()
-{
- local LC_CTYPE=C
- local cword words
- __reassemble_comp_words_by_ref "$1" words cword
-
- # return previous word offset by $2
- if [[ ${2//[^0-9]/} ]]; then
- printf "%s" "${words[cword-$2]}"
- elif [[ "${#words[cword]}" -eq 0 || "$COMP_POINT" == "${#COMP_LINE}" ]]; then
- printf "%s" "${words[cword]}"
- else
- local i
- local cur="$COMP_LINE"
- local index="$COMP_POINT"
- for (( i = 0; i <= cword; ++i )); do
- while [[
- # Current word fits in $cur?
- "${#cur}" -ge ${#words[i]} &&
- # $cur doesn't match cword?
- "${cur:0:${#words[i]}}" != "${words[i]}"
- ]]; do
- # Strip first character
- cur="${cur:1}"
- # Decrease cursor position
- ((index--))
- done
-
- # Does found word matches cword?
- if [[ "$i" -lt "$cword" ]]; then
- # No, cword lies further;
- local old_size="${#cur}"
- cur="${cur#${words[i]}}"
- local new_size="${#cur}"
- index=$(( index - old_size + new_size ))
- fi
- done
-
- if [[ "${words[cword]:0:${#cur}}" != "$cur" ]]; then
- # We messed up! At least return the whole word so things
- # keep working
- printf "%s" "${words[cword]}"
- else
- printf "%s" "${cur:0:$index}"
- fi
- fi
-} # _get_cword()
-
-
-# Get word previous to the current word.
-# This is a good alternative to `prev=${COMP_WORDS[COMP_CWORD-1]}' because bash4
-# will properly return the previous word with respect to any given exclusions to
-# COMP_WORDBREAKS.
-# @deprecated Use `_get_comp_words_by_ref cur prev' instead
-# @see _get_comp_words_by_ref()
-#
-_get_pword()
-{
- if [[ $COMP_CWORD -ge 1 ]]; then
- _get_cword "${@:-}" 1
- fi
-}
-
-
-
-# Complete variables.
-# @return True (0) if variables were completed,
-# False (> 0) if not.
-_variables()
-{
- if [[ $cur =~ ^(\$\{?)([A-Za-z0-9_]*)$ ]]; then
- [[ $cur == *{* ]] && local suffix=} || local suffix=
- COMPREPLY+=( $( compgen -P ${BASH_REMATCH[1]} -S "$suffix" -v -- \
- "${BASH_REMATCH[2]}" ) )
- return 0
- fi
- return 1
-}
-
-# Assign variable one scope above the caller
-# Usage: local "$1" && _upvar $1 "value(s)"
-# Param: $1 Variable name to assign value to
-# Param: $* Value(s) to assign. If multiple values, an array is
-# assigned, otherwise a single value is assigned.
-# NOTE: For assigning multiple variables, use '_upvars'. Do NOT
-# use multiple '_upvar' calls, since one '_upvar' call might
-# reassign a variable to be used by another '_upvar' call.
-# See: http://fvue.nl/wiki/Bash:_Passing_variables_by_reference
-_upvar()
-{
- if unset -v "$1"; then # Unset & validate varname
- if (( $# == 2 )); then
- eval $1=\"\$2\" # Return single value
- else
- eval $1=\(\"\${@:2}\"\) # Return array
- fi
- fi
-}
-
-# Assign variables one scope above the caller
-# Usage: local varname [varname ...] &&
-# _upvars [-v varname value] | [-aN varname [value ...]] ...
-# Available OPTIONS:
-# -aN Assign next N values to varname as array
-# -v Assign single value to varname
-# Return: 1 if error occurs
-# See: http://fvue.nl/wiki/Bash:_Passing_variables_by_reference
-_upvars()
-{
- if ! (( $# )); then
- echo "${FUNCNAME[0]}: usage: ${FUNCNAME[0]} [-v varname"\
- "value] | [-aN varname [value ...]] ..." 1>&2
- return 2
- fi
- while (( $# )); do
- case $1 in
- -a*)
- # Error checking
- [[ ${1#-a} ]] || { echo "bash: ${FUNCNAME[0]}: \`$1': missing"\
- "number specifier" 1>&2; return 1; }
- printf %d "${1#-a}" &> /dev/null || { echo "bash:"\
- "${FUNCNAME[0]}: \`$1': invalid number specifier" 1>&2
- return 1; }
- # Assign array of -aN elements
- [[ "$2" ]] && unset -v "$2" && eval $2=\(\"\${@:3:${1#-a}}\"\) &&
- shift $((${1#-a} + 2)) || { echo "bash: ${FUNCNAME[0]}:"\
- "\`$1${2+ }$2': missing argument(s)" 1>&2; return 1; }
- ;;
- -v)
- # Assign single value
- [[ "$2" ]] && unset -v "$2" && eval $2=\"\$3\" &&
- shift 3 || { echo "bash: ${FUNCNAME[0]}: $1: missing"\
- "argument(s)" 1>&2; return 1; }
- ;;
- *)
- echo "bash: ${FUNCNAME[0]}: $1: invalid option" 1>&2
- return 1 ;;
- esac
- done
-}
-
-# @param $1 exclude Characters out of $COMP_WORDBREAKS which should NOT be
-# considered word breaks. This is useful for things like scp where
-# we want to return host:path and not only path, so we would pass the
-# colon (:) as $1 in this case.
-# @param $2 words Name of variable to return words to
-# @param $3 cword Name of variable to return cword to
-# @param $4 cur Name of variable to return current word to complete to
-# @see __reassemble_comp_words_by_ref()
-__get_cword_at_cursor_by_ref()
-{
- local cword words=()
- __reassemble_comp_words_by_ref "$1" words cword
-
- local i cur index=$COMP_POINT lead=${COMP_LINE:0:$COMP_POINT}
- # Cursor not at position 0 and not leaded by just space(s)?
- if [[ $index -gt 0 && ( $lead && ${lead//[[:space:]]} ) ]]; then
- cur=$COMP_LINE
- for (( i = 0; i <= cword; ++i )); do
- while [[
- # Current word fits in $cur?
- ${#cur} -ge ${#words[i]} &&
- # $cur doesn't match cword?
- "${cur:0:${#words[i]}}" != "${words[i]}"
- ]]; do
- # Strip first character
- cur="${cur:1}"
- # Decrease cursor position
- ((index--))
- done
-
- # Does found word match cword?
- if [[ $i -lt $cword ]]; then
- # No, cword lies further;
- local old_size=${#cur}
- cur="${cur#"${words[i]}"}"
- local new_size=${#cur}
- index=$(( index - old_size + new_size ))
- fi
- done
- # Clear $cur if just space(s)
- [[ $cur && ! ${cur//[[:space:]]} ]] && cur=
- # Zero $index if negative
- [[ $index -lt 0 ]] && index=0
- fi
-
- local "$2" "$3" "$4" && _upvars -a${#words[@]} $2 "${words[@]}" \
- -v $3 "$cword" -v $4 "${cur:0:$index}"
-}
-
-# Reassemble command line words, excluding specified characters from the
-# list of word completion separators (COMP_WORDBREAKS).
-# @param $1 chars Characters out of $COMP_WORDBREAKS which should
-# NOT be considered word breaks. This is useful for things like scp where
-# we want to return host:path and not only path, so we would pass the
-# colon (:) as $1 here.
-# @param $2 words Name of variable to return words to
-# @param $3 cword Name of variable to return cword to
-#
-__reassemble_comp_words_by_ref()
-{
- local exclude i j line ref
- # Exclude word separator characters?
- if [[ $1 ]]; then
- # Yes, exclude word separator characters;
- # Exclude only those characters, which were really included
- exclude="${1//[^$COMP_WORDBREAKS]}"
- fi
-
- # Default to cword unchanged
- eval $3=$COMP_CWORD
- # Are characters excluded which were former included?
- if [[ $exclude ]]; then
- # Yes, list of word completion separators has shrunk;
- line=$COMP_LINE
- # Re-assemble words to complete
- for (( i=0, j=0; i < ${#COMP_WORDS[@]}; i++, j++)); do
- # Is current word not word 0 (the command itself) and is word not
- # empty and is word made up of just word separator characters to
- # be excluded and is current word not preceded by whitespace in
- # original line?
- while [[ $i -gt 0 && ${COMP_WORDS[$i]} == +([$exclude]) ]]; do
- # Is word separator not preceded by whitespace in original line
- # and are we not going to append to word 0 (the command
- # itself), then append to current word.
- [[ $line != [$' \t']* ]] && (( j >= 2 )) && ((j--))
- # Append word separator to current or new word
- ref="$2[$j]"
- eval $2[$j]=\${!ref}\${COMP_WORDS[i]}
- # Indicate new cword
- [[ $i == $COMP_CWORD ]] && eval $3=$j
- # Remove optional whitespace + word separator from line copy
- line=${line#*"${COMP_WORDS[$i]}"}
- # Start new word if word separator in original line is
- # followed by whitespace.
- [[ $line == [$' \t']* ]] && ((j++))
- # Indicate next word if available, else end *both* while and
- # for loop
- (( $i < ${#COMP_WORDS[@]} - 1)) && ((i++)) || break 2
- done
- # Append word to current word
- ref="$2[$j]"
- eval $2[$j]=\${!ref}\${COMP_WORDS[i]}
- # Remove optional whitespace + word from line copy
- line=${line#*"${COMP_WORDS[i]}"}
- # Indicate new cword
- [[ $i == $COMP_CWORD ]] && eval $3=$j
- done
- [[ $i == $COMP_CWORD ]] && eval $3=$j
- else
- # No, list of word completions separators hasn't changed;
- eval $2=\( \"\${COMP_WORDS[@]}\" \)
- fi
-} # __reassemble_comp_words_by_ref()
-
-
-# If the word-to-complete contains a colon (:), left-trim COMPREPLY items with
-# word-to-complete.
-# With a colon in COMP_WORDBREAKS, words containing
-# colons are always completed as entire words if the word to complete contains
-# a colon. This function fixes this, by removing the colon-containing-prefix
-# from COMPREPLY items.
-# The preferred solution is to remove the colon (:) from COMP_WORDBREAKS in
-# your .bashrc:
-#
-# # Remove colon (:) from list of word completion separators
-# COMP_WORDBREAKS=${COMP_WORDBREAKS//:}
-#
-# See also: Bash FAQ - E13) Why does filename completion misbehave if a colon
-# appears in the filename? - http://tiswww.case.edu/php/chet/bash/FAQ
-# @param $1 current word to complete (cur)
-# @modifies global array $COMPREPLY
-#
-__ltrim_colon_completions()
-{
- if [[ "$1" == *:* && "$COMP_WORDBREAKS" == *:* ]]; then
- # Remove colon-word prefix from COMPREPLY items
- local colon_word=${1%"${1##*:}"}
- local i=${#COMPREPLY[*]}
- while [[ $((--i)) -ge 0 ]]; do
- COMPREPLY[$i]=${COMPREPLY[$i]#"$colon_word"}
- done
- fi
-} # __ltrim_colon_completions()
-
-
-# NOTE: Using this function as a helper function is deprecated. Use
-# `_known_hosts_real' instead.
-_known_hosts()
-{
- local cur prev words cword
- _init_completion -n : || return
-
- # NOTE: Using `_known_hosts' as a helper function and passing options
- # to `_known_hosts' is deprecated: Use `_known_hosts_real' instead.
- local options
- [[ "$1" == -a || "$2" == -a ]] && options=-a
- [[ "$1" == -c || "$2" == -c ]] && options+=" -c"
- _known_hosts_real $options -- "$cur"
-} # _known_hosts()
-
-
-# Helper function for completing _known_hosts.
-# This function performs host completion based on ssh's config and known_hosts
-# files, as well as hostnames reported by avahi-browse if
-# COMP_KNOWN_HOSTS_WITH_AVAHI is set to a non-empty value. Also hosts from
-# HOSTFILE (compgen -A hostname) are added, unless
-# COMP_KNOWN_HOSTS_WITH_HOSTFILE is set to an empty value.
-# Usage: _known_hosts_real [OPTIONS] CWORD
-# Options: -a Use aliases
-# -c Use `:' suffix
-# -F configfile Use `configfile' for configuration settings
-# -p PREFIX Use PREFIX
-# Return: Completions, starting with CWORD, are added to COMPREPLY[]
-_known_hosts_real()
-{
- local configfile flag prefix
- local cur curd awkcur user suffix aliases i host
- local -a kh khd config
-
- local OPTIND=1
- while getopts "acF:p:" flag "$@"; do
- case $flag in
- a) aliases='yes' ;;
- c) suffix=':' ;;
- F) configfile=$OPTARG ;;
- p) prefix=$OPTARG ;;
- esac
- done
- [[ $# -lt $OPTIND ]] && echo "error: $FUNCNAME: missing mandatory argument CWORD"
- cur=${!OPTIND}; let "OPTIND += 1"
- [[ $# -ge $OPTIND ]] && echo "error: $FUNCNAME("$@"): unprocessed arguments:"\
- $(while [[ $# -ge $OPTIND ]]; do printf '%s\n' ${!OPTIND}; shift; done)
-
- [[ $cur == *@* ]] && user=${cur%@*}@ && cur=${cur#*@}
- kh=()
-
- # ssh config files
- if [[ -n $configfile ]]; then
- [[ -r $configfile ]] && config+=( "$configfile" )
- else
- for i in /etc/ssh/ssh_config ~/.ssh/config ~/.ssh2/config; do
- [[ -r $i ]] && config+=( "$i" )
- done
- fi
-
- # Known hosts files from configs
- if [[ ${#config[@]} -gt 0 ]]; then
- local OIFS=$IFS IFS=$'\n' j
- local -a tmpkh
- # expand paths (if present) to global and user known hosts files
- # TODO(?): try to make known hosts files with more than one consecutive
- # spaces in their name work (watch out for ~ expansion
- # breakage! Alioth#311595)
- tmpkh=( $( awk 'sub("^[ \t]*([Gg][Ll][Oo][Bb][Aa][Ll]|[Uu][Ss][Ee][Rr])[Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee][ \t]+", "") { print $0 }' "${config[@]}" | sort -u ) )
- IFS=$OIFS
- for i in "${tmpkh[@]}"; do
- # First deal with quoted entries...
- while [[ $i =~ ^([^\"]*)\"([^\"]*)\"(.*)$ ]]; do
- i=${BASH_REMATCH[1]}${BASH_REMATCH[3]}
- j=${BASH_REMATCH[2]}
- __expand_tilde_by_ref j # Eval/expand possible `~' or `~user'
- [[ -r $j ]] && kh+=( "$j" )
- done
- # ...and then the rest.
- for j in $i; do
- __expand_tilde_by_ref j # Eval/expand possible `~' or `~user'
- [[ -r $j ]] && kh+=( "$j" )
- done
- done
- fi
-
-
- if [[ -z $configfile ]]; then
- # Global and user known_hosts files
- for i in /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2 \
- /etc/known_hosts /etc/known_hosts2 ~/.ssh/known_hosts \
- ~/.ssh/known_hosts2; do
- [[ -r $i ]] && kh+=( "$i" )
- done
- for i in /etc/ssh2/knownhosts ~/.ssh2/hostkeys; do
- [[ -d $i ]] && khd+=( "$i"/*pub )
- done
- fi
-
- # If we have known_hosts files to use
- if [[ ${#kh[@]} -gt 0 || ${#khd[@]} -gt 0 ]]; then
- # Escape slashes and dots in paths for awk
- awkcur=${cur//\//\\\/}
- awkcur=${awkcur//\./\\\.}
- curd=$awkcur
-
- if [[ "$awkcur" == [0-9]*[.:]* ]]; then
- # Digits followed by a dot or a colon - just search for that
- awkcur="^$awkcur[.:]*"
- elif [[ "$awkcur" == [0-9]* ]]; then
- # Digits followed by no dot or colon - search for digits followed
- # by a dot or a colon
- awkcur="^$awkcur.*[.:]"
- elif [[ -z $awkcur ]]; then
- # A blank - search for a dot, a colon, or an alpha character
- awkcur="[a-z.:]"
- else
- awkcur="^$awkcur"
- fi
-
- if [[ ${#kh[@]} -gt 0 ]]; then
- # FS needs to look for a comma separated list
- COMPREPLY+=( $( awk 'BEGIN {FS=","}
- /^\s*[^|\#]/ {
- sub("^@[^ ]+ +", ""); \
- sub(" .*$", ""); \
- for (i=1; i<=NF; ++i) { \
- sub("^\\[", "", $i); sub("\\](:[0-9]+)?$", "", $i); \
- if ($i !~ /[*?]/ && $i ~ /'"$awkcur"'/) {print $i} \
- }}' "${kh[@]}" 2>/dev/null ) )
- fi
- if [[ ${#khd[@]} -gt 0 ]]; then
- # Needs to look for files called
- # .../.ssh2/key_22_<hostname>.pub
- # dont fork any processes, because in a cluster environment,
- # there can be hundreds of hostkeys
- for i in "${khd[@]}" ; do
- if [[ "$i" == *key_22_$curd*.pub && -r "$i" ]]; then
- host=${i/#*key_22_/}
- host=${host/%.pub/}
- COMPREPLY+=( $host )
- fi
- done
- fi
-
- # apply suffix and prefix
- for (( i=0; i < ${#COMPREPLY[@]}; i++ )); do
- COMPREPLY[i]=$prefix$user${COMPREPLY[i]}$suffix
- done
- fi
-
- # append any available aliases from config files
- if [[ ${#config[@]} -gt 0 && -n "$aliases" ]]; then
- local hosts=$( sed -ne 's/^[ \t]*[Hh][Oo][Ss][Tt]\([Nn][Aa][Mm][Ee]\)\{0,1\}['"$'\t '"']\{1,\}\([^#*?]*\)\(#.*\)\{0,1\}$/\2/p' "${config[@]}" )
- COMPREPLY+=( $( compgen -P "$prefix$user" \
- -S "$suffix" -W "$hosts" -- "$cur" ) )
- fi
-
- # Add hosts reported by avahi-browse, if desired and it's available.
- if [[ ${COMP_KNOWN_HOSTS_WITH_AVAHI:-} ]] && \
- type avahi-browse &>/dev/null; then
- # The original call to avahi-browse also had "-k", to avoid lookups
- # into avahi's services DB. We don't need the name of the service, and
- # if it contains ";", it may mistify the result. But on Gentoo (at
- # least), -k wasn't available (even if mentioned in the manpage) some
- # time ago, so...
- COMPREPLY+=( $( compgen -P "$prefix$user" -S "$suffix" -W \
- "$( avahi-browse -cpr _workstation._tcp 2>/dev/null | \
- awk -F';' '/^=/ { print $7 }' | sort -u )" -- "$cur" ) )
- fi
-
- # Add hosts reported by ruptime.
- COMPREPLY+=( $( compgen -W \
- "$( ruptime 2>/dev/null | awk '!/^ruptime:/ { print $1 }' )" \
- -- "$cur" ) )
-
- # Add results of normal hostname completion, unless
- # `COMP_KNOWN_HOSTS_WITH_HOSTFILE' is set to an empty value.
- if [[ -n ${COMP_KNOWN_HOSTS_WITH_HOSTFILE-1} ]]; then
- COMPREPLY+=(
- $( compgen -A hostname -P "$prefix$user" -S "$suffix" -- "$cur" ) )
- fi
-
- __ltrim_colon_completions "$prefix$user$cur"
-
- return 0
-} # _known_hosts_real()
-
-
-# Get the word to complete and optional previous words.
-# This is nicer than ${COMP_WORDS[$COMP_CWORD]}, since it handles cases
-# where the user is completing in the middle of a word.
-# (For example, if the line is "ls foobar",
-# and the cursor is here --------> ^
-# Also one is able to cross over possible wordbreak characters.
-# Usage: _get_comp_words_by_ref [OPTIONS] [VARNAMES]
-# Available VARNAMES:
-# cur Return cur via $cur
-# prev Return prev via $prev
-# words Return words via $words
-# cword Return cword via $cword
-#
-# Available OPTIONS:
-# -n EXCLUDE Characters out of $COMP_WORDBREAKS which should NOT be
-# considered word breaks. This is useful for things like scp
-# where we want to return host:path and not only path, so we
-# would pass the colon (:) as -n option in this case.
-# -c VARNAME Return cur via $VARNAME
-# -p VARNAME Return prev via $VARNAME
-# -w VARNAME Return words via $VARNAME
-# -i VARNAME Return cword via $VARNAME
-#
-# Example usage:
-#
-# $ _get_comp_words_by_ref -n : cur prev
-#
-_get_comp_words_by_ref()
-{
- local exclude flag i OPTIND=1
- local cur cword words=()
- local upargs=() upvars=() vcur vcword vprev vwords
-
- while getopts "c:i:n:p:w:" flag "$@"; do
- case $flag in
- c) vcur=$OPTARG ;;
- i) vcword=$OPTARG ;;
- n) exclude=$OPTARG ;;
- p) vprev=$OPTARG ;;
- w) vwords=$OPTARG ;;
- esac
- done
- while [[ $# -ge $OPTIND ]]; do
- case ${!OPTIND} in
- cur) vcur=cur ;;
- prev) vprev=prev ;;
- cword) vcword=cword ;;
- words) vwords=words ;;
- *) echo "bash: $FUNCNAME(): \`${!OPTIND}': unknown argument" \
- 1>&2; return 1
- esac
- let "OPTIND += 1"
- done
-
- __get_cword_at_cursor_by_ref "$exclude" words cword cur
-
- [[ $vcur ]] && { upvars+=("$vcur" ); upargs+=(-v $vcur "$cur" ); }
- [[ $vcword ]] && { upvars+=("$vcword"); upargs+=(-v $vcword "$cword"); }
- [[ $vprev && $cword -ge 1 ]] && { upvars+=("$vprev" ); upargs+=(-v $vprev
- "${words[cword - 1]}"); }
- [[ $vwords ]] && { upvars+=("$vwords"); upargs+=(-a${#words[@]} $vwords
- "${words[@]}"); }
-
- (( ${#upvars[@]} )) && local "${upvars[@]}" && _upvars "${upargs[@]}"
-}
-
-# Initialize completion and deal with various general things: do file
-# and variable completion where appropriate, and adjust prev, words,
-# and cword as if no redirections exist so that completions do not
-# need to deal with them. Before calling this function, make sure
-# cur, prev, words, and cword are local, ditto split if you use -s.
-#
-# Options:
-# -n EXCLUDE Passed to _get_comp_words_by_ref -n with redirection chars
-# -e XSPEC Passed to _filedir as first arg for stderr redirections
-# -o XSPEC Passed to _filedir as first arg for other output redirections
-# -i XSPEC Passed to _filedir as first arg for stdin redirections
-# -s Split long options with _split_longopt, implies -n =
-# @return True (0) if completion needs further processing,
-# False (> 0) no further processing is necessary.
-#
-_init_completion()
-{
- local exclude= flag outx errx inx OPTIND=1
-
- while getopts "n:e:o:i:s" flag "$@"; do
- case $flag in
- n) exclude+=$OPTARG ;;
- e) errx=$OPTARG ;;
- o) outx=$OPTARG ;;
- i) inx=$OPTARG ;;
- s) split=false ; exclude+== ;;
- esac
- done
-
- # For some reason completion functions are not invoked at all by
- # bash (at least as of 4.1.7) after the command line contains an
- # ampersand so we don't get a chance to deal with redirections
- # containing them, but if we did, hopefully the below would also
- # do the right thing with them...
-
- COMPREPLY=()
- local redir="@(?([0-9])<|?([0-9&])>?(>)|>&)"
- _get_comp_words_by_ref -n "$exclude<>&" cur prev words cword
-
- # Complete variable names.
- _variables && return 1
-
- # Complete on files if current is a redirect possibly followed by a
- # filename, e.g. ">foo", or previous is a "bare" redirect, e.g. ">".
- if [[ $cur == $redir* || $prev == $redir ]]; then
- local xspec
- case $cur in
- 2'>'*) xspec=$errx ;;
- *'>'*) xspec=$outx ;;
- *'<'*) xspec=$inx ;;
- *)
- case $prev in
- 2'>'*) xspec=$errx ;;
- *'>'*) xspec=$outx ;;
- *'<'*) xspec=$inx ;;
- esac
- ;;
- esac
- cur="${cur##$redir}"
- _filedir $xspec
- return 1
- fi
-
- # Remove all redirections so completions don't have to deal with them.
- local i skip
- for (( i=1; i < ${#words[@]}; )); do
- if [[ ${words[i]} == $redir* ]]; then
- # If "bare" redirect, remove also the next word (skip=2).
- [[ ${words[i]} == $redir ]] && skip=2 || skip=1
- words=( "${words[@]:0:i}" "${words[@]:i+skip}" )
- [[ $i -le $cword ]] && cword=$(( cword - skip ))
- else
- i=$(( ++i ))
- fi
- done
-
- [[ $cword -le 0 ]] && return 1
- prev=${words[cword-1]}
-
- [[ ${split-} ]] && _split_longopt && split=true
-
- return 0
-}
-
-# Try to complete -o SubOptions=
-#
-# Returns 0 if the completion was handled or non-zero otherwise.
-_ssh_suboption_check()
-{
- # Get prev and cur words without splitting on =
- local cureq=`_get_cword :=` preveq=`_get_pword :=`
- if [[ $cureq == *=* && $preveq == -o ]]; then
- _ssh_suboption $cureq
- return $?
- fi
- return 1
-}
-
-_complete_ssh()
-{
- local cur prev words cword
- _init_completion -n : || return
-
- local configfile
- local -a config
-
- _ssh_suboption_check && return 0
-
- case $prev in
- -F|-i|-S)
- _filedir
- return 0
- ;;
- -c)
- _ssh_ciphers
- return 0
- ;;
- -m)
- _ssh_macs
- return 0
- ;;
- -l)
- COMPREPLY=( $( compgen -u -- "$cur" ) )
- return 0
- ;;
- -O)
- COMPREPLY=( $( compgen -W 'check forward exit stop' -- "$cur" ) )
- return 0
- ;;
- -o)
- _ssh_options
- return 0
- ;;
- -w)
- _available_interfaces
- return 0
- ;;
- -b)
- _ip_addresses
- return 0
- ;;
- -D|-e|-I|-L|-p|-R|-W)
- return 0
- ;;
- esac
-
- if [[ "$cur" == -F* ]]; then
- cur=${cur#-F}
- _filedir
- # Prefix completions with '-F'
- COMPREPLY=( "${COMPREPLY[@]/#/-F}" )
- cur=-F$cur # Restore cur
- elif [[ "$cur" == -* ]]; then
- COMPREPLY=( $( compgen -W '$( _parse_usage "$1" )' -- "$cur" ) )
- else
- # Search COMP_WORDS for '-F configfile' or '-Fconfigfile' argument
- set -- "${words[@]}"
- while [[ $# -gt 0 ]]; do
- if [[ $1 == -F* ]]; then
- if [[ ${#1} -gt 2 ]]; then
- configfile="$(dequote "${1:2}")"
- else
- shift
- [[ $1 ]] && configfile="$(dequote "$1")"
- fi
- break
- fi
- shift
- done
- _known_hosts_real -a -F "$configfile" "$cur"
- if [[ $cword -ne 1 ]]; then
- compopt -o filenames
- COMPREPLY+=( $( compgen -c -- "$cur" ) )
- fi
- fi
-
- return 0
-} &&
-shopt -u hostcomplete && complete -F _complete_ssh ssh
diff --git a/mv/2configs/default.nix b/mv/2configs/default.nix
deleted file mode 100644
index d93218a18..000000000
--- a/mv/2configs/default.nix
+++ /dev/null
@@ -1,197 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-let
- HOME = getEnv "HOME";
-in
-
-{
- krebs.enable = true;
-
- krebs.build = {
- user = config.krebs.users.mv;
- target = mkDefault "root@${config.krebs.build.host.name}";
- source = {
- git.nixpkgs = {
- url = mkDefault https://github.com/NixOS/nixpkgs;
- rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
- target-path = mkDefault "/var/src/nixpkgs";
- };
- dir.secrets = {
- path = mkDefault "${HOME}/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- path = mkDefault "${HOME}/stockholm";
- target-path = mkDefault "/var/src/stockholm";
- };
- };
- };
-
- networking.hostName = config.krebs.build.host.name;
-
- imports = [
- <secrets>
- ./vim.nix
- {
- # stockholm dependencies
- environment.systemPackages = with pkgs; [
- git
- ];
- }
- {
- users = {
- defaultUserShell = "/run/current-system/sw/bin/bash";
- mutableUsers = false;
- users = {
- mv = {
- isNormalUser = true;
- uid = 1338;
- };
- };
- };
- }
- {
- security.sudo.extraConfig = ''
- Defaults mailto="${config.krebs.users.mv.mail}"
- '';
- time.timeZone = "Europe/Berlin";
- }
- {
- # TODO check if both are required:
- nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
-
- nix.trustedBinaryCaches = [
- "https://cache.nixos.org"
- "http://cache.nixos.org"
- "http://hydra.nixos.org"
- ];
-
- nix.useChroot = true;
- }
- {
- environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
-
- environment.systemPackages = with pkgs; [
- rxvt_unicode.terminfo
- ];
-
- environment.shellAliases = mkForce {
- # alias cal='cal -m3'
- gp = "${pkgs.pari}/bin/gp -q";
- df = "df -h";
- du = "du -h";
- # alias grep='grep --color=auto'
-
- # TODO alias cannot contain #\'
- # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep";
-
- # alias la='ls -lA'
- lAtr = "ls -lAtr";
- # alias ll='ls -l'
- ls = "ls -h --color=auto --group-directories-first";
- dmesg = "dmesg -L --reltime";
- view = "vim -R";
-
- reload = "systemctl reload";
- restart = "systemctl restart";
- start = "systemctl start";
- status = "systemctl status";
- stop = "systemctl stop";
- };
-
- environment.variables = {
- NIX_PATH =
- with config.krebs.build.source; with dir; with git;
- mkForce (concatStringsSep ":" [
- "nixpkgs=${nixpkgs.target-path}"
- "secrets=${stockholm.target-path}/null"
- ]);
- };
-
- programs.bash = {
- interactiveShellInit = ''
- HISTCONTROL='erasedups:ignorespace'
- HISTSIZE=65536
- HISTFILESIZE=$HISTSIZE
-
- shopt -s checkhash
- shopt -s histappend histreedit histverify
- shopt -s no_empty_cmd_completion
- complete -d cd
-
- ${readFile ./bash_completion.sh}
-
- # TODO source bridge
- '';
- promptInit = ''
- case $UID in
- 0)
- PS1='\[\e[1;31m\]\w\[\e[0m\] '
- ;;
- 1337)
- PS1='\[\e[1;32m\]\w\[\e[0m\] '
- ;;
- *)
- PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] '
- ;;
- esac
- if test -n "$SSH_CLIENT"; then
- PS1='\[\e[35m\]\h'" $PS1"
- fi
- if test -n "$SSH_AGENT_PID"; then
- PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
- fi
- '';
- };
-
- programs.ssh.startAgent = false;
- }
-
- {
- services.cron.enable = false;
- services.nscd.enable = false;
- services.ntp.enable = false;
- }
-
- {
- boot.kernel.sysctl = {
- # Enable IPv6 Privacy Extensions
- "net.ipv6.conf.all.use_tempaddr" = 2;
- "net.ipv6.conf.default.use_tempaddr" = 2;
- };
- }
-
- {
- services.openssh = {
- enable = true;
- hostKeys = [
- { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- }
-
- {
- # TODO: exim
- security.setuidPrograms = [
- "sendmail" # for sudo
- ];
- }
- {
- environment.systemPackages = [
- pkgs.get
- pkgs.krebszones
- pkgs.nix-prefetch-scripts
- pkgs.push
- ];
- }
-
- {
- systemd.tmpfiles.rules = let
- forUsers = flip map users;
- isUser = { group, ... }: hasSuffix "users" group;
- users = filter isUser (mapAttrsToList (_: id) config.users.users);
- in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
- environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
- }
- ];
-}
diff --git a/mv/2configs/git.nix b/mv/2configs/git.nix
deleted file mode 100644
index aee448cb6..000000000
--- a/mv/2configs/git.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
-
- out = {
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "Hmhmh, im Moment nicht.";
- };
- };
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
- };
-
- repos = public-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- stockholm = {};
- };
-
- make-public-repo = name: { cgit ? {}, ... }: {
- inherit cgit name;
- public = true;
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "stro";
- };
- };
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = [ mv_stro ];
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = [ lass makefu uriel tv tv-xu ];
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out
diff --git a/mv/2configs/hw/x220.nix b/mv/2configs/hw/x220.nix
deleted file mode 100644
index 7426555df..000000000
--- a/mv/2configs/hw/x220.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../smartd.nix
- ];
-
- boot.initrd.availableKernelModules = [
- "aesni-intel"
- "ahci"
- "fbcon"
- "i915"
- ];
- boot.kernelModules = [
- "kvm-intel"
- "msr"
- "tp-smapi"
- ];
-
- boot.extraModulePackages = [
- config.boot.kernelPackages.tp_smapi
- ];
-
- # disabled for fbcon and i915 to kick in or to disable the kernelParams
- # XXX: investigate
- boot.vesa = false;
-
- boot.loader.gummiboot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.wireless.enable = true;
-
- #hardware.enableAllFirmware = true;
- #nixpkgs.config.allowUnfree = true;
- #zramSwap.enable = true;
- #zramSwap.numDevices = 2;
-
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.tlp.enable = true;
- services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
- '';
-
- nix = {
- buildCores = 2;
- maxJobs = 2;
- daemonIONiceLevel = 1;
- daemonNiceLevel = 1;
- };
-
- services.logind.extraConfig = ''
- HandleHibernateKey=ignore
- HandleLidSwitch=ignore
- HandlePowerKey=ignore
- HandleSuspendKey=ignore
- '';
-
- services.xserver = {
- videoDriver = "intel";
- #vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
- #deviceSection = ''
- # Option "AccelMethod" "sna"
- #'';
- };
-
- #services.xserver.displayManager.sessionCommands =''
- # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
- # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
- # xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
- #'';
-}
diff --git a/mv/2configs/mail-client.nix b/mv/2configs/mail-client.nix
deleted file mode 100644
index 8b6f8bbcd..000000000
--- a/mv/2configs/mail-client.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-
-with pkgs;
-{
- environment.systemPackages = [
- much
- msmtp
- notmuch
- pythonPackages.alot
- qprint
- w3m
- ];
-}
diff --git a/mv/2configs/smartd.nix b/mv/2configs/smartd.nix
deleted file mode 100644
index 9c4d8b2d8..000000000
--- a/mv/2configs/smartd.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.smartd = {
- enable = true;
- devices = [
- {
- device = "DEVICESCAN";
- options = toString [
- "-a"
- "-m ${config.krebs.users.tv.mail}"
- "-s (O/../.././09|S/../.././04|L/../../6/05)"
- ];
- }
- ];
- };
-}
diff --git a/mv/2configs/vim.nix b/mv/2configs/vim.nix
deleted file mode 100644
index adf1da9db..000000000
--- a/mv/2configs/vim.nix
+++ /dev/null
@@ -1,123 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-let
- out = {
- environment.systemPackages = [
- pkgs.vim
- ];
-
- # Nano really is just a stupid name for Vim.
- nixpkgs.config.packageOverrides = pkgs: {
- nano = pkgs.vim;
- };
-
- environment.etc.vimrc.source = vimrc;
-
- environment.variables.EDITOR = mkForce "vim";
- environment.variables.VIMINIT = ":so /etc/vimrc";
- };
-
- extra-runtimepath = concatStringsSep "," [
- "${pkgs.vimPlugins.undotree}/share/vim-plugins/undotree"
- ];
-
- vimrc = pkgs.writeText "vimrc" ''
- set nocompatible
-
- set autoindent
- set backspace=indent,eol,start
- set backup
- set backupdir=$HOME/.vim/backup/
- set directory=$HOME/.vim/cache//
- set hlsearch
- set incsearch
- set mouse=a
- set noruler
- set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
- set shortmess+=I
- set showcmd
- set showmatch
- set ttimeoutlen=0
- set undodir=$HOME/.vim/undo
- set undofile
- set undolevels=1000000
- set undoreload=1000000
- set viminfo='20,<1000,s100,h,n$HOME/.vim/cache/info
- set visualbell
- set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
- set wildmenu
- set wildmode=longest,full
-
- set et ts=2 sts=2 sw=2
-
- filetype plugin indent on
-
- set t_Co=256
- colorscheme industry
- syntax on
-
- au Syntax * syn match Tabstop containedin=ALL /\t\+/
- \ | hi Tabstop ctermbg=16
- \ | syn match TrailingSpace containedin=ALL /\s\+$/
- \ | hi TrailingSpace ctermbg=88
- \ | hi Normal ctermfg=White
-
- au BufRead,BufNewFile *.hs so ${pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
- ''}
-
- au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''
- setf nix
- set isk=@,48-57,_,192-255,-,'
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match INT /\<[0-9]\+\>/
- syn match PATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match HPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match SPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match URI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- hi link INT Constant
- hi link PATH Constant
- hi link HPATH Constant
- hi link SPATH Constant
- hi link URI Constant
-
- syn match String /"\([^\\"]\|\\.\)*"/
- syn match Comment /\(^\|\s\)#.*/
- ''}
-
- au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
- cnoremap <C-A> <Home>
-
- noremap <C-c> :q<cr>
-
- nnoremap <esc>[5^ :tabp<cr>
- nnoremap <esc>[6^ :tabn<cr>
- nnoremap <esc>[5@ :tabm -1<cr>
- nnoremap <esc>[6@ :tabm +1<cr>
-
- nnoremap <f1> :tabp<cr>
- nnoremap <f2> :tabn<cr>
- inoremap <f1> <esc>:tabp<cr>
- inoremap <f2> <esc>:tabn<cr>
-
- " <C-{Up,Down,Right,Left>
- noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
- noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
- noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
- noremap <esc>Od <nop> | noremap! <esc>Od <nop>
- " <[C]S-{Up,Down,Right,Left>
- noremap <esc>[a <nop> | noremap! <esc>[a <nop>
- noremap <esc>[b <nop> | noremap! <esc>[b <nop>
- noremap <esc>[c <nop> | noremap! <esc>[c <nop>
- noremap <esc>[d <nop> | noremap! <esc>[d <nop>
- vnoremap u <nop>
- '';
-in
-out
diff --git a/mv/2configs/xserver/Xresources.nix b/mv/2configs/xserver/Xresources.nix
deleted file mode 100644
index 923572721..000000000
--- a/mv/2configs/xserver/Xresources.nix
+++ /dev/null
@@ -1,215 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-pkgs.writeText "Xresources" ''
- !URxvt*background: #050505
-
- ! 2013-02-25 \e was reas escape before
- ! *VT100.Translations: #override\
- ! :<Btn4Down>: string("\e[5~")\n\
- ! :<Btn5Down>: string("\e[6~")
-
- ! XTerm*VT100*Translations: #override \
- ! Shift<Key>Return: string(" &") string(0x0A) \n\
- ! Meta<Key>Return: string(" | less") string(0x0A) \n\
- ! ~Shift<Key>Prior: scroll-back(1,page) \n\
- ! ~Shift<Key>Next: scroll-forw(1,page) \n\
- ! Shift<Key>Prior: scroll-back(1) \n\
- ! Shift<Key>Next: scroll-forw(1) \n\
- ! <Key>Delete: string(0x1b) string("[2~")
- ! \n\
- ! <Key>BackSpace: string(0x7f)
-
- ! 2013-02-2013-02-25
- ! ! <M-c>: load bash-completion (if not already)
- ! URxvt*VT100*Translations: #override\
- ! Meta<KeyPress>c:\
- ! string("\eOH# \eOF\n+compl\n\eOA\eOA\eOH\e[3~\e[3~\eOF")\
- ! string(0x7)\n
-
- ! do not scroll automatically on output:
- ! XTerm*scrollTtyOutput: false
- URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’"
- ! URxvt*secondaryScreen: false
-
- ! URxvt*loginShell: true
-
- URxvt*eightBitInput: false
- ! *eightBitOutput: 1
- ! URxvt*decTerminalID: 220
- ! URxvt*utf8: 1
- ! URxvt*locale: UTF-8
- ! XTerm*customization: -color
- URxvt*SaveLines: 4096
- URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
- URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
-
- ! 2013-05-23 if this does not work try
- ! xset +fp /usr/share/fonts/local/
- ! xset fp rehash
- ! URxvt*font: -*-termsynu-edium-*-*-*-12-*-*-*-*-*-iso10646-1
- ! URxvt*boldFont: -*-termsynu-bold-*-*-*-12-*-*-*-*-*-iso10646-1
- !
- !-misc-termsynu-medium-r-normal--12-87-100-100-c-70-iso10646-1
-
- ! XTerm*font: -misc-fixed-medium-r-normal--13-120-75-75-c-80-iso10646-1
- URxvt*scrollBar: false
-
- ! XTerm*font:-nil-profont-medium-r-normal--11-110-72-72-c-60-iso8859-1
- ! URxvt*boldFont:-nil-profont-medium-r-normal--11-110-72-72-c-60-iso8859-1
-
- URxvt*background: #050505
- ! URxvt*background: #041204
-
- !URxvt.depth: 32
- !URxvt*background: rgba:0500/0500/0500/cccc
-
- ! URxvt*background: #080810
- URxvt*foreground: #d0d7d0
- ! URxvt*background: black
- ! URxvt*foreground: white
- ! URxvt*background: rgb:00/00/40
- ! URxvt*foreground: rgb:a0/a0/d0
- ! XTerm*cursorColor: rgb:00/00/60
- URxvt*cursorColor: #f042b0
- URxvt*cursorColor2: #f0b000
- URxvt*cursorBlink: off
- ! URxvt*cursorUnderline: true
- ! URxvt*highlightColor: #232323
- ! URxvt*highlightTextColor: #b0ffb0
-
- URxvt*.pointerBlank: true
- URxvt*.pointerBlankDelay: 987654321
- URxvt*.pointerColor: #f042b0
- URxvt*.pointerColor2: #050505
-
- ! URxvt*fading: 50
- ! URxvt*fadeColor: #0f0f0f
-
- ! XTerm*colorMode: on
- ! URxvt*dynamicColors: on
- ! URxvt*boldColors: off
-
- URxvt*jumpScroll: true
-
- ! allow synthetic events for fvwm, so pass window specific keys
- ! XTerm*allowSendEvents: true
- URxvt*allowSendEvents: false
-
- ! better double/tripple clicking in xterms
- ! Format: csv, [low-]high:value
- !
- ! extend character class 48 due they are used in urls
- ! (see: man xterm; /CHARACTER CLASSES)
- ! ! % -./ @ & = ?
- URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48
- URxvt*cutNewline: False
- URxvt*cutToBeginningOfLine: False
-
- ! BLACK for indigo background
- URxvt*color0: #232342
-
- ! TODO: man xterm; /ACTIONS
-
- ! *VT100*colorULMode: on
- ! XTerm*underLine: on
- !
- ! URxvt*color0: black
- ! URxvt*color1: red3
- ! URxvt*color2: green3
- ! URxvt*color3: yellow3
- ! URxvt*color4: blue2
- ! URxvt*color5: magenta3
- ! URxvt*color6: cyan3
- ! URxvt*color7: gray90
- ! URxvt*color8: burlywood1
- ! URxvt*color9: sienna1
- ! URxvt*color10: PaleVioletRed1
- ! URxvt*color11: LightSkyBlue
- ! URxvt*color12: white
- ! URxvt*color13: white
- ! URxvt*color14: white
- ! URxvt*color33: #f0b0f0
-
-
- ! URxvt*color0: #000000
- ! URxvt*color1: #c00000
- ! URxvt*color2: #80c070
- URxvt*color3: #c07000
- ! URxvt*color4: #0000c0
- URxvt*color4: #4040c0
- ! URxvt*color5: #c000c0
- ! URxvt*color6: #008080
- URxvt*color7: #c0c0c0
-
- URxvt*color8: #707070
- URxvt*color9: #ff6060
- URxvt*color10: #70ff70
- URxvt*color11: #ffff70
- URxvt*color12: #7070ff
- URxvt*color13: #ff50ff
- URxvt*color14: #70ffff
- URxvt*color15: #ffffff
-
- ! XTerm*color91: #000070
- ! XTerm*color92: #000080
- ! XTerm*color93: #000090
- ! XTerm*color94: #0000a0
- ! XTerm*color95: #0000b0
- ! XTerm*color96: #0000c0
- ! XTerm*color97: #0000d0
- ! XTerm*color98: #0000e0
- ! XTerm*color99: #0000f0
-
- ! !! vim-create-colorscheme {{{
- ! !! Question cterm=none
- ! XTerm*color20: #f0b000
- ! !! }}}
- !
- !
- ! #include ".xrdb/look-zenburn.xrdb"
- ! #include ".xrdb/xterm.xrdb"
-
-
-
- ! URxvt.perl-ext: matcher
- ! URxvt.urlLauncher: cr
- ! URxvt.underlineColor: blue
-
- ! URxvt.matcher.button: 1
- ! URxvt.perl-ext: default,matcher
- ! URxvt.urlLauncher: cr
- ! URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-]
- ! URxvt.underlineColor: blue
-
- ! 2014-05-12 von lass
- !URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
- !URxvt.url-select.launcher: /home/tv/bin/ff -new-tab
- !URxvt.url-select.underline: true
- !URxvt.keysym.M-u: perl:url-select:select_next
- !URxvt.keysym.M-Escape: perl:keyboard-select:activate
- !URxvt.keysym.M-s: perl:keyboard-select:search
-
-
-
-
- ! 2013-02-25 I neve use this
- URxvt*iso14755: False
-
- URxvt*urgentOnBell: True
- URxvt*visualBell: True
-
- ! ref https://github.com/muennich/urxvt-perls
- URxvt*perl-ext: default,url-select
- URxvt*keysym.M-u: perl:url-select:select_next
- URxvt*url-select.launcher: ${pkgs.ff}/bin/ff -new-tab
- URxvt*url-select.underline: true
- URxvt*colorUL: #4682B4
- URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
-
- root-urxvt*background: #230000
- root-urxvt*foreground: #e0c0c0
- root-urxvt*BorderColor: #400000
- root-urxvt*color0: #800000
-''
diff --git a/mv/2configs/xserver/default.nix b/mv/2configs/xserver/default.nix
deleted file mode 100644
index 3d4aa8847..000000000
--- a/mv/2configs/xserver/default.nix
+++ /dev/null
@@ -1,153 +0,0 @@
-{ config, lib, pkgs, ... }@args:
-
-with config.krebs.lib;
-
-let
- # TODO krebs.build.user
- user = config.users.users.mv;
-
- out = {
- services.xserver.display = 11;
- services.xserver.tty = 11;
-
- services.xserver.synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- };
-
- fonts.fonts = [
- pkgs.xlibs.fontschumachermisc
- ];
-
- systemd.services.urxvtd = {
- wantedBy = [ "multi-user.target" ];
- reloadIfChanged = true;
- serviceConfig = {
- ExecReload = need-reload "urxvtd.service";
- ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
- Restart = "always";
- RestartSec = "2s";
- StartLimitBurst = 0;
- User = user.name;
- };
- };
-
- environment.systemPackages = [
- pkgs.ff
- pkgs.gitAndTools.qgit
- pkgs.mpv
- pkgs.pavucontrol
- pkgs.slock
- pkgs.sxiv
- pkgs.xsel
- pkgs.zathura
- ];
-
- security.setuidPrograms = [
- "slock"
- ];
-
- systemd.services.display-manager = mkForce {};
-
- services.xserver.enable = true;
-
- systemd.services.xmonad = {
- wantedBy = [ "multi-user.target" ];
- requires = [ "xserver.service" ];
- environment = xmonad-environment;
- serviceConfig = {
- ExecStart = "${xmonad-start}/bin/xmonad";
- ExecStop = "${xmonad-stop}/bin/xmonad-stop";
- User = user.name;
- WorkingDirectory = user.home;
- };
- };
-
- systemd.services.xserver = {
- after = [
- "systemd-udev-settle.service"
- "local-fs.target"
- "acpid.service"
- ];
- reloadIfChanged = true;
- environment = xserver-environment;
- serviceConfig = {
- ExecReload = need-reload "xserver.service";
- ExecStart = "${xserver}/bin/xserver";
- };
- };
- };
-
- xmonad-environment = {
- DISPLAY = ":${toString config.services.xserver.display}";
- XMONAD_STATE = "/tmp/xmonad.state";
-
- # XXX JSON is close enough :)
- XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
- "Dashboard" # we start here
- "23"
- "cr"
- "ff"
- "hack"
- "im"
- "mail"
- "stockholm"
- "za" "zh" "zj" "zs"
- ]);
- };
-
- xmonad-start = pkgs.writeScriptBin "xmonad" ''
- #! ${pkgs.bash}/bin/bash
- set -efu
- export PATH; PATH=${makeSearchPath "bin" [
- pkgs.rxvt_unicode
- ]}:/var/setuid-wrappers
- settle() {(
- # Use PATH for a clean journal
- command=''${1##*/}
- PATH=''${1%/*}; export PATH
- shift
- until "$command" "$@"; do
- ${pkgs.coreutils}/bin/sleep 1
- done
- )&}
- settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args}
- settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c'
- exec ${pkgs.xmonad-tv}/bin/xmonad
- '';
-
- xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
- #! /bin/sh
- exec ${pkgs.xmonad-tv}/bin/xmonad --shutdown
- '';
-
- xserver-environment = {
- XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
- XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
- LD_LIBRARY_PATH = concatStringsSep ":" (
- [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
- ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
- };
-
- xserver = pkgs.writeScriptBin "xserver" ''
- #! /bin/sh
- set -efu
- exec ${pkgs.xorg.xorgserver}/bin/X \
- :${toString config.services.xserver.display} \
- vt${toString config.services.xserver.tty} \
- -config ${import ./xserver.conf.nix args} \
- -logfile /var/log/X.${toString config.services.xserver.display}.log \
- -nolisten tcp \
- -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \
- '';
-
- need-reload = s: let
- pkg = pkgs.writeScriptBin "need-reload" ''
- #! /bin/sh
- echo "$*"
- '';
- in "${pkg}/bin/need-reload ${s}";
-
-in out
diff --git a/mv/2configs/xserver/xserver.conf.nix b/mv/2configs/xserver/xserver.conf.nix
deleted file mode 100644
index c452b4226..000000000
--- a/mv/2configs/xserver/xserver.conf.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- cfg = config.services.xserver;
-in
-
-pkgs.stdenv.mkDerivation {
- name = "xserver.conf";
-
- xfs = optionalString (cfg.useXFS != false)
- ''FontPath "${toString cfg.useXFS}"'';
-
- inherit (cfg) config;
-
- buildCommand =
- ''
- echo 'Section "Files"' >> $out
- echo $xfs >> $out
-
- for i in ${toString config.fonts.fonts}; do
- if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
- for j in $(find $i -name fonts.dir); do
- echo " FontPath \"$(dirname $j)\"" >> $out
- done
- fi
- done
-
- for i in $(find ${toString cfg.modules} -type d); do
- if test $(echo $i/*.so* | wc -w) -ne 0; then
- echo " ModulePath \"$i\"" >> $out
- fi
- done
-
- echo 'EndSection' >> $out
-
- echo "$config" >> $out
- '';
-}
diff --git a/mv/3modules/default.nix b/mv/3modules/default.nix
deleted file mode 100644
index 963f108b2..000000000
--- a/mv/3modules/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_:
-
-{
- imports = [
- ./iptables.nix
- ];
-}
diff --git a/mv/3modules/iptables.nix b/mv/3modules/iptables.nix
deleted file mode 100644
index b2b41bf00..000000000
--- a/mv/3modules/iptables.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-let
- cfg = config.tv.iptables;
-
- out = {
- options.tv.iptables = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "tv.iptables";
-
- input-internet-accept-new-tcp = mkOption {
- type = with types; listOf (either int str);
- default = [];
- };
-
- input-retiolum-accept-new-tcp = mkOption {
- type = with types; listOf (either int str);
- default = [];
- };
- };
-
- imp = {
- networking.firewall.enable = false;
-
- systemd.services.tv-iptables = {
- description = "tv-iptables";
- wantedBy = [ "network-pre.target" ];
- before = [ "network-pre.target" ];
- after = [ "systemd-modules-load.service" ];
-
- path = with pkgs; [
- iptables
- ];
-
- restartIfChanged = true;
-
- serviceConfig = {
- Type = "simple";
- RemainAfterExit = true;
- Restart = "always";
- ExecStart = "@${startScript} tv-iptables_start";
- };
- };
- };
-
-
- accept-new-tcp = port:
- "-p tcp -m tcp --dport ${port} -m conntrack --ctstate NEW -j ACCEPT";
-
- rules = iptables-version:
- pkgs.writeText "tv-iptables-rules${toString iptables-version}" ''
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") ([]
- ++ [
- "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
- "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
- ]
- )}
- COMMIT
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- :Retiolum - [0:0]
- ${concatMapStringsSep "\n" (rule: "-A INPUT ${rule}") ([]
- ++ [
- "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
- "-i lo -j ACCEPT"
- ]
- ++ map accept-new-tcp (unique (map toString cfg.input-internet-accept-new-tcp))
- ++ ["-i retiolum -j Retiolum"]
- )}
- ${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([]
- ++ {
- ip4tables = [
- "-p icmp -m icmp --icmp-type echo-request -j ACCEPT"
- ];
- ip6tables = [
- "-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT"
- ];
- }."ip${toString iptables-version}tables"
- ++ map accept-new-tcp (unique (map toString cfg.input-retiolum-accept-new-tcp))
- ++ {
- ip4tables = [
- "-p tcp -j REJECT --reject-with tcp-reset"
- "-p udp -j REJECT --reject-with icmp-port-unreachable"
- "-j REJECT --reject-with icmp-proto-unreachable"
- ];
- ip6tables = [
- "-p tcp -j REJECT --reject-with tcp-reset"
- "-p udp -j REJECT --reject-with icmp6-port-unreachable"
- "-j REJECT"
- ];
- }."ip${toString iptables-version}tables"
- )}
- COMMIT
- '';
-
- startScript = pkgs.writeScript "tv-iptables_start" ''
- #! /bin/sh
- set -euf
- iptables-restore < ${rules 4}
- ip6tables-restore < ${rules 6}
- '';
-
-in
-out
-
-#let
-# cfg = config.tv.iptables;
-# arg' = arg // { inherit cfg; };
-#in
-#
-#{
-# options.tv.iptables = import ./options.nix arg';
-# config = lib.mkIf cfg.enable (import ./config.nix arg');
-#}
diff --git a/mv/5pkgs/default.nix b/mv/5pkgs/default.nix
deleted file mode 100644
index 882ac0413..000000000
--- a/mv/5pkgs/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ pkgs, ... }:
-
-{
- nixpkgs.config.packageOverrides = rec {
- cr = pkgs.writeScriptBin "cr" ''
- #! /bin/sh
- set -efu
- export LC_TIME=de_DE.utf8
- exec ${pkgs.chromium}/bin/chromium \
- --ssl-version-min=tls1 \
- --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
- --disk-cache-size=50000000 \
- "%@"
- '';
- ff = pkgs.writeScriptBin "ff" ''
- #! /bin/sh
- set -efu
- exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
- '';
- xmonad-tv =
- let src = pkgs.writeNixFromCabal "xmonad-tv.nix" ./xmonad-tv; in
- pkgs.haskellPackages.callPackage src {};
- };
-}
diff --git a/mv/5pkgs/xmonad-tv/.gitignore b/mv/5pkgs/xmonad-tv/.gitignore
deleted file mode 100644
index 616204547..000000000
--- a/mv/5pkgs/xmonad-tv/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/shell.nix
diff --git a/mv/5pkgs/xmonad-tv/Main.hs b/mv/5pkgs/xmonad-tv/Main.hs
deleted file mode 100644
index 2258b34a6..000000000
--- a/mv/5pkgs/xmonad-tv/Main.hs
+++ /dev/null
@@ -1,277 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-} -- for XS
-{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
-{-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE ScopedTypeVariables #-}
-
-
-module Main where
-
-import Control.Exception
-import Text.Read (readEither)
-import XMonad
-import System.IO (hPutStrLn, stderr)
-import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
-import System.Posix.Process (executeFile)
-import XMonad.Prompt (defaultXPConfig)
-import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
- , removeEmptyWorkspace)
-import XMonad.Actions.GridSelect
-import XMonad.Actions.CycleWS (toggleWS)
---import XMonad.Actions.CopyWindow ( copy )
-import XMonad.Layout.NoBorders ( smartBorders )
-import qualified XMonad.StackSet as W
-import Data.Map (Map)
-import qualified Data.Map as Map
--- TODO import XMonad.Layout.WorkspaceDir
-import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
--- import XMonad.Layout.Tabbed
---import XMonad.Layout.MouseResizableTile
-import XMonad.Layout.Reflect (reflectVert)
-import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Hooks.Place (placeHook, smart)
-import XMonad.Hooks.FloatNext (floatNextHook)
-import XMonad.Actions.PerWorkspaceKeys (chooseAction)
-import XMonad.Layout.PerWorkspace (onWorkspace)
---import XMonad.Layout.BinarySpacePartition
-
---import XMonad.Actions.Submap
-import XMonad.Stockholm.Pager
-import XMonad.Stockholm.Rhombus
-import XMonad.Stockholm.Shutdown
-
-
-myTerm :: String
-myTerm = "urxvtc"
-
-myRootTerm :: String
-myRootTerm = "urxvtc -name root-urxvt -e su -"
-
-myFont :: String
-myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
-
-main :: IO ()
-main = getArgs >>= \case
- ["--shutdown"] -> sendShutdownEvent
- _ -> mainNoArgs
-
-mainNoArgs :: IO ()
-mainNoArgs = do
- workspaces0 <- getWorkspaces0
- xmonad'
- -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
- -- urgencyConfig { remindWhen = Every 1 }
- -- $ withUrgencyHook borderUrgencyHook "magenta"
- -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
- $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
- $ defaultConfig
- { terminal = myTerm
- , modMask = mod4Mask
- , keys = myKeys
- , workspaces = workspaces0
- , layoutHook = smartBorders $ myLayout
- -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
- --, handleEventHook = handleTimerEvent
- , manageHook = placeHook (smart (1,0)) <+> floatNextHook
- , startupHook = spawn "echo emit XMonadStartup"
- , normalBorderColor = "#1c1c1c"
- , focusedBorderColor = "#f000b0"
- , handleEventHook = handleShutdownEvent
- }
- where
- myLayout =
- (onWorkspace "im" $ reflectVert $ Mirror $ Tall 1 (3/100) (12/13))
- (FixedColumn 1 20 80 10 ||| Full)
-
-
-xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
-xmonad' conf = do
- path <- getEnv "XMONAD_STATE"
- try (readFile path) >>= \case
- Right content -> do
- hPutStrLn stderr ("resuming from " ++ path)
- withArgs ("--resume" : lines content) (xmonad conf)
- Left e -> do
- hPutStrLn stderr (displaySomeException e)
- xmonad conf
-
-getWorkspaces0 :: IO [String]
-getWorkspaces0 =
- try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
- Left e -> warn (displaySomeException e)
- Right p -> try (readFile p) >>= \case
- Left e -> warn (displaySomeException e)
- Right x -> case readEither x of
- Left e -> warn e
- Right y -> return y
- where
- warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
-
-displaySomeException :: SomeException -> String
-displaySomeException = displayException
-
-
-spawnTermAt :: String -> X ()
---spawnTermAt _ = floatNext True >> spawn myTerm
---spawnTermAt "ff" = floatNext True >> spawn myTerm
---spawnTermAt _ = spawn myTerm
-spawnTermAt ws = do
- env <- liftIO getEnvironment
- let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
- xfork (executeFile "urxvtc" True [] (Just env')) >> return ()
-
-myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
-myKeys conf = Map.fromList $
- [ ((_4 , xK_Escape ), spawn "/var/setuid-wrappers/slock")
- , ((_4S , xK_c ), kill)
-
- , ((_4 , xK_x ), chooseAction spawnTermAt)
- , ((_4C , xK_x ), spawn myRootTerm)
- --, ((_4M , xK_x ), spawn "xterm")
- --, ((_4M , xK_x ), mySpawn "xterm")
-
- --, ((_4 , xK_F1 ), withFocused jojo)
- --, ((_4 , xK_F1 ), printAllGeometries)
-
- , ((0 , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
- , ((_S , xK_Menu ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
- , ((_C , xK_Menu ), toggleWS)
- , ((_4 , xK_Menu ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
-
- -- %! Rotate through the available layout algorithms
- , ((_4 , xK_space ), sendMessage NextLayout)
- , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout
-
- ---- BinarySpacePartition
- --, ((_4 , xK_l), sendMessage $ ExpandTowards R)
- --, ((_4 , xK_h), sendMessage $ ExpandTowards L)
- --, ((_4 , xK_j), sendMessage $ ExpandTowards D)
- --, ((_4 , xK_k), sendMessage $ ExpandTowards U)
- --, ((_4S , xK_l), sendMessage $ ShrinkFrom R)
- --, ((_4S , xK_h), sendMessage $ ShrinkFrom L)
- --, ((_4S , xK_j), sendMessage $ ShrinkFrom D)
- --, ((_4S , xK_k), sendMessage $ ShrinkFrom U)
- --, ((_4 , xK_n), sendMessage Rotate)
- --, ((_4S , xK_n), sendMessage Swap)
-
- ---- mouseResizableTile
- --, ((_4 , xK_u), sendMessage ShrinkSlave)
- --, ((_4 , xK_i), sendMessage ExpandSlave)
-
- -- move focus up or down the window stack
- --, ((_4 , xK_m ), windows W.focusMaster)
- , ((_4 , xK_j ), windows W.focusDown)
- , ((_4 , xK_k ), windows W.focusUp)
-
- -- modifying the window order
- , ((_4S , xK_m ), windows W.swapMaster)
- , ((_4S , xK_j ), windows W.swapDown)
- , ((_4S , xK_k ), windows W.swapUp)
-
- -- resizing the master/slave ratio
- , ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area
- , ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area
-
- -- floating layer support
- , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling
-
- -- increase or decrease number of windows in the master area
- , ((_4 , xK_comma ), sendMessage $ IncMasterN 1)
- , ((_4 , xK_period ), sendMessage $ IncMasterN (-1))
-
- , ((_4 , xK_a ), addWorkspacePrompt defaultXPConfig)
- , ((_4 , xK_r ), renameWorkspace defaultXPConfig)
- , ((_4 , xK_Delete ), removeEmptyWorkspace)
-
- , ((_4 , xK_Return ), toggleWS)
- --, (0 , xK_Menu ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
- --, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view)
- --, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift)
- --, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k })
- ]
- where
- _4 = mod4Mask
- _C = controlMask
- _S = shiftMask
- _M = mod1Mask
- _4C = _4 .|. _C
- _4S = _4 .|. _S
- _4M = _4 .|. _M
- _4CM = _4 .|. _C .|. _M
- _4SM = _4 .|. _S .|. _M
-
-
-pagerConfig :: PagerConfig
-pagerConfig = defaultPagerConfig
- { pc_font = myFont
- , pc_cellwidth = 64
- --, pc_cellheight = 36 -- TODO automatically keep screen aspect
- --, pc_borderwidth = 1
- --, pc_matchcolor = "#f0b000"
- , pc_matchmethod = MatchPrefix
- --, pc_colors = pagerWorkspaceColors
- , pc_windowColors = windowColors
- }
- where
- windowColors _ _ _ True _ = ("#ef4242","#ff2323")
- windowColors wsf m c u wf = do
- let def = defaultWindowColors wsf m c u wf
- if m == False && wf == True
- then ("#402020", snd def)
- else def
-
-horseConfig :: RhombusConfig
-horseConfig = defaultRhombusConfig
- { rc_font = myFont
- , rc_cellwidth = 64
- --, rc_cellheight = 36 -- TODO automatically keep screen aspect
- --, rc_borderwidth = 1
- --, rc_matchcolor = "#f0b000"
- , rc_matchmethod = MatchPrefix
- --, rc_colors = pagerWorkspaceColors
- --, rc_paint = myPaint
- }
-
-wGSConfig :: GSConfig Window
-wGSConfig = defaultGSConfig
- { gs_cellheight = 20
- , gs_cellwidth = 192
- , gs_cellpadding = 5
- , gs_font = myFont
- , gs_navigate = navNSearch
- }
-
--- wsGSConfig = defaultGSConfig
--- { gs_cellheight = 20
--- , gs_cellwidth = 64
--- , gs_cellpadding = 5
--- , gs_font = myFont
--- , gs_navigate = navNSearch
--- }
-
--- custom navNSearch
---makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a)
---makeGSNav esc = nav
--- where
--- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler
--- keyMap = Map.fromList
--- [ (esc , cancel)
--- , ((0,xK_Escape) , cancel)
--- , ((0,xK_Return) , select)
--- , ((0,xK_Left) , move (-1, 0) >> nav)
--- , ((0,xK_Right) , move ( 1, 0) >> nav)
--- , ((0,xK_Down) , move ( 0, 1) >> nav)
--- , ((0,xK_Up) , move ( 0,-1) >> nav)
--- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav)
--- ]
--- -- The navigation handler ignores unknown key symbols, therefore we const
--- navNSearchDefaultHandler (_,s,_) = do
--- transformSearchString (++ s)
--- nav
-
-
-(&) :: a -> (a -> c) -> c
-(&) = flip ($)
-
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames ws =
- return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
diff --git a/mv/5pkgs/xmonad-tv/Makefile b/mv/5pkgs/xmonad-tv/Makefile
deleted file mode 100644
index cbb0776e6..000000000
--- a/mv/5pkgs/xmonad-tv/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-.PHONY: ghci
-ghci: shell.nix
- nix-shell --command 'exec ghci -Wall'
-
-shell.nix: xmonad.cabal
- cabal2nix --shell . > $@
diff --git a/mv/5pkgs/xmonad-tv/xmonad.cabal b/mv/5pkgs/xmonad-tv/xmonad.cabal
deleted file mode 100644
index 2246524fc..000000000
--- a/mv/5pkgs/xmonad-tv/xmonad.cabal
+++ /dev/null
@@ -1,17 +0,0 @@
-Author: tv
-Build-Type: Simple
-Cabal-Version: >= 1.2
-License: MIT
-Name: xmonad-tv
-Version: 0
-
-Executable xmonad
- Build-Depends:
- base,
- containers,
- unix,
- xmonad,
- xmonad-contrib,
- xmonad-stockholm
- GHC-Options: -Wall -O3 -threaded -rtsopts
- Main-Is: Main.hs
diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi.nix
new file mode 100644
index 000000000..5bfacd992
--- /dev/null
+++ b/tv/1systems/caxi.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.build.host = config.krebs.hosts.caxi;
+
+ imports = [
+ ../.
+ ../2configs/hw/CAC-Developer-1.nix
+ ../2configs/fs/CAC-CentOS-7-64bit.nix
+ ../2configs/retiolum.nix
+ ];
+
+ networking = let
+ inherit (config.krebs.build.host.nets.internet) ip4;
+ in {
+ interfaces.enp2s1.ip4 = singleton {
+ address = ip4.addr;
+ prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix));
+ };
+ defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1";
+ nameservers = ["8.8.8.8"];
+ };
+}
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 32d956b8a..2ad4a1505 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -18,7 +18,7 @@ with config.krebs.lib;
enable = true;
ssl_cert = ../Zcerts/charybdis_cd.crt.pem;
};
- tv.iptables.input-retiolum-accept-new-tcp = [
+ tv.iptables.input-retiolum-accept-tcp = [
config.tv.charybdis.port
config.tv.charybdis.sslport
];
@@ -28,14 +28,14 @@ with config.krebs.lib;
enable = true;
hosts = [ "jabber.viljetic.de" ];
};
- tv.iptables.input-internet-accept-new-tcp = [
+ tv.iptables.input-internet-accept-tcp = [
"xmpp-client"
"xmpp-server"
];
}
{
krebs.github-hosts-sync.enable = true;
- tv.iptables.input-internet-accept-new-tcp =
+ tv.iptables.input-internet-accept-tcp =
singleton config.krebs.github-hosts-sync.port;
}
{
@@ -44,20 +44,50 @@ with config.krebs.lib;
"cgit.cd.viljetic.de"
];
# TODO make public_html also available to cd, cd.retiolum (AKA default)
- krebs.nginx.servers.public_html = {
- server-names = singleton "cd.viljetic.de";
- locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '');
+ krebs.nginx.servers."https://viljetic.de" = {
+ server-names = singleton "viljetic.de";
+ listen = mkForce []; # disable default
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/viljetic.de/fullchain.pem";
+ certificate_key = "/var/lib/acme/viljetic.de/key.pem";
+ };
+ locations = [
+ (nameValuePair "/" ''
+ root ${pkgs.viljetic-pages};
+ '')
+ (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '')
+ ];
};
- krebs.nginx.servers.viljetic = {
+ krebs.nginx.servers."http://viljetic.de" = {
server-names = singleton "viljetic.de";
- # TODO directly set root (instead via location)
- locations = singleton (nameValuePair "/" ''
- root ${pkgs.viljetic-pages};
- '');
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge/" ''
+ root /var/lib/acme/challenges/viljetic.de/;
+ '')
+ (nameValuePair "/" ''
+ return 301 https://viljetic.de$request_uri;
+ '')
+ ];
+ };
+ security.acme = {
+ certs."viljetic.de" = {
+ email = "tomislav@viljetic.de";
+ webroot = "/var/lib/acme/challenges/viljetic.de";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ user = "nginx";
+ };
};
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
+ tv.iptables.input-internet-accept-tcp = [
+ "http"
+ "https"
+ ];
}
];
@@ -78,13 +108,7 @@ with config.krebs.lib;
iotop
iptables
nethogs
- ntp # ntpate
rxvt_unicode.terminfo
tcpdump
];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
}
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
deleted file mode 100644
index f46ed9547..000000000
--- a/tv/1systems/mkdir.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- # TODO merge with lass
- getDefaultGateway = ip:
- concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
-
- primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
-in
-
-{
- krebs.build.host = config.krebs.hosts.mkdir;
-
- imports = [
- ../.
- ../2configs/hw/CAC-Developer-1.nix
- ../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/exim-smarthost.nix
- ../2configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = primary-addr4;
- prefixLength = 24;
- }
- ];
-
- # TODO define gateway in krebs/3modules/default.nix
- networking.defaultGateway = getDefaultGateway primary-addr4;
-
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix
index 06da15ecc..e7908e299 100644
--- a/tv/1systems/mu.nix
+++ b/tv/1systems/mu.nix
@@ -76,7 +76,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
slock
- tinc
+ tinc_pre
iptables
vim
gimp
@@ -157,11 +157,6 @@ with config.krebs.lib;
];
};
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 3696bcdfc..5415e50b1 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -60,7 +60,6 @@ with config.krebs.lib;
esac
'')
gnupg
- ntp # ntpate
rxvt_unicode.terminfo
tmux
];
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
deleted file mode 100644
index 25fae2c36..000000000
--- a/tv/1systems/rmdir.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- # TODO merge with lass
- getDefaultGateway = ip:
- concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
-
- primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
-in
-
-{
- krebs.build.host = config.krebs.hosts.rmdir;
-
- imports = [
- ../.
- ../2configs/hw/CAC-Developer-1.nix
- ../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/exim-smarthost.nix
- ../2configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "mkdir"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = primary-addr4;
- prefixLength = 24;
- }
- ];
- # TODO define gateway in krebs/3modules/default.nix
- networking.defaultGateway = getDefaultGateway primary-addr4;
-
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index cebd7c9e4..a2e113e18 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -29,7 +29,6 @@ with config.krebs.lib;
# root
cryptsetup
- ntp # ntpate
# tv
bc
@@ -38,7 +37,7 @@ with config.krebs.lib;
dic
file
get
- gnupg21
+ gnupg1compat
haskellPackages.hledger
htop
jq
@@ -153,7 +152,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
ethtool
- tinc
+ tinc_pre
iptables
#jack2
];
@@ -164,11 +163,6 @@ with config.krebs.lib;
services.printing.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 6ba7ab327..b832470d0 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -41,7 +41,6 @@ with config.krebs.lib;
# root
cryptsetup
- ntp # ntpate
# tv
bc
@@ -49,7 +48,7 @@ with config.krebs.lib;
cac-api
dic
file
- gnupg21
+ gnupg1compat
haskellPackages.hledger
htop
jq
@@ -163,7 +162,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
ethtool
- tinc
+ tinc_pre
iptables
#jack2
@@ -176,11 +175,6 @@ with config.krebs.lib;
services.printing.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
diff --git a/mv/1systems/stro.nix b/tv/1systems/zu.nix
index 520bf14eb..bfc018cc3 100644
--- a/mv/1systems/stro.nix
+++ b/tv/1systems/zu.nix
@@ -3,28 +3,35 @@
with config.krebs.lib;
{
- krebs.build.host = config.krebs.hosts.stro;
-
- krebs.build.source.git.nixpkgs.rev =
- "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
+ krebs.build.host = config.krebs.hosts.zu;
imports = [
+ {
+ options.tv.test.sercret-file = mkOption {
+ type = types.secret-file;
+ default = {};
+ };
+ }
../.
../2configs/hw/x220.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
+ ../2configs/man.nix
+ ../2configs/nginx/public_html.nix
+ ../2configs/pulse.nix
+ ../2configs/retiolum.nix
+ ../2configs/wu-binary-cache/client.nix
../2configs/xserver
{
environment.systemPackages = with pkgs; [
# stockholm
- genid
gnumake
hashPassword
- lentil
+ haskellPackages.lentil
parallel
- (pkgs.writeScriptBin "im" ''
- #! ${pkgs.bash}/bin/bash
+ (pkgs.writeBashBin "im" ''
export PATH=${makeSearchPath "bin" (with pkgs; [
tmux
gnugrep
@@ -39,28 +46,27 @@ with config.krebs.lib;
# root
cryptsetup
- ntp # ntpate
# tv
bc
bind # dig
- #cac
+ cac-api
dic
file
- gnupg21
+ gnupg1compat
haskellPackages.hledger
htop
jq
- manpages
mkpasswd
netcat
nix-repl
nmap
p7zip
pass
- posix_man_pages
+ q
qrencode
- texLive
+ # XXX fails at systemd.services.dbus.unitConfig
+ #texlive
tmux
#ack
@@ -123,59 +129,25 @@ with config.krebs.lib;
unison
];
}
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.exim-retiolum.enable = true;
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "gum"
- "wry"
- ];
- };
- }
];
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "xts" ];
devices = [
- { name = "xuca"; device = "/dev/sda2"; }
+ { name = "zuca"; device = "/dev/sda2"; }
];
};
fileSystems = {
"/" = {
- device = "/dev/mapper/xuvga-root";
+ device = "/dev/mapper/zuvga-root";
fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
- device = "/dev/mapper/xuvga-home";
+ device = "/dev/mapper/zuvga-home";
fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/boot" = {
device = "/dev/sda1";
@@ -183,29 +155,20 @@ with config.krebs.lib;
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
- options = "nosuid,nodev,noatime";
+ options = ["nosuid" "nodev" "noatime"];
};
};
nixpkgs.config.chromium.enablePepperFlash = true;
- #nixpkgs.config.allowUnfreePredicate = pkg:
- # pkgs.lib.hasPrefix "virtualbox" pkg.name;
-
- #nixpkgs.config.allowUnfree = true;
#hardware.bumblebee.enable = true;
#hardware.bumblebee.group = "video";
hardware.enableAllFirmware = true;
#hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.enable = true;
environment.systemPackages = with pkgs; [
- #xlibs.fontschumachermisc
- #slock
ethtool
- #firefoxWrapper # with plugins
- #chromiumDevWrapper
- tinc
+ tinc_pre
iptables
#jack2
@@ -216,30 +179,51 @@ with config.krebs.lib;
"sendmail" # for cron
];
- services.bitlbee.enable = true;
services.printing.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
- #virtualisation.libvirtd.enable = true;
-
#services.bitlbee.enable = true;
#services.tor.client.enable = true;
#services.tor.enable = true;
+ #services.virtualboxHost.enable = true;
- #nixpkgs.config.virtualbox.enableExtensionPack = true;
-
- # XXX Enable for maximum slowness:
- virtualisation.virtualbox.host.enable = true;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
+
+#/*
+#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}';
+# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}';
+# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; }
+#*/
+# networking.extraHosts = optionalString (1 == 1) ''
+#54.255.133.72 api.zalora.sg
+#52.77.12.194 bob.zalora.sg
+#52.74.232.49 www.zalora.sg costa.zalora.sg
+# '';
+
+
+ #services.elasticsearch.enable = true;
+ #services.kibana.enable = true;
+ #services.logstash.enable = true;
+
+ environment.etc."ssh/ssh_config".text = mkForce ''
+ AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+
+ ${optionalString config.programs.ssh.setXAuthLocation ''
+ XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+ ''}
+
+ ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
+
+ # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
+ #PubkeyAcceptedKeyTypes +ssh-dss
+
+ ${config.programs.ssh.extraConfig}
+ '';
+
}
diff --git a/tv/2configs/audit.nix b/tv/2configs/audit.nix
new file mode 100644
index 000000000..644741a5b
--- /dev/null
+++ b/tv/2configs/audit.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+ security.audit = {
+ rules = [
+ "-a task,never"
+ ];
+ };
+}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 741955eee..a9ba1eadd 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with config.krebs.lib;
stockholm = "/home/tv/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "87fe38fd0e19ca83fc3ea338f8e0e7b12971d204";
+ rev = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
};
} // optionalAttrs config.krebs.build.host.secure {
secrets-master = "/home/tv/secrets/master";
@@ -25,6 +25,7 @@ with config.krebs.lib;
imports = [
<secrets>
+ ./audit.nix
./backup.nix
./nginx
./vim.nix
@@ -152,6 +153,7 @@ with config.krebs.lib;
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
+ services.timesyncd.enable = true;
}
{
@@ -168,13 +170,20 @@ with config.krebs.lib;
}
{
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+ }
+
+ {
services.openssh = {
enable = true;
hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
+ tv.iptables.input-internet-accept-tcp = singleton "ssh";
}
{
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 9197a3c30..ad355f8b4 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -4,5 +4,5 @@ with config.krebs.lib;
{
krebs.exim-retiolum.enable = true;
- tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
+ tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
}
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 3616a8f52..351b54da1 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -43,5 +43,5 @@ with config.krebs.lib;
{ from = "mirko"; to = "mv"; }
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
+ tv.iptables.input-internet-accept-tcp = singleton "smtp";
}
diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index 1fac65a31..d0d07d5ca 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -12,6 +12,6 @@ with config.krebs.lib;
];
};
tv.iptables = optionalAttrs config.krebs.nginx.enable {
- input-retiolum-accept-new-tcp = singleton "http";
+ input-retiolum-accept-tcp = singleton "http";
};
}
diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix
index 15a3b5482..858f16563 100644
--- a/tv/2configs/nginx/public_html.nix
+++ b/tv/2configs/nginx/public_html.nix
@@ -11,5 +11,5 @@ with config.krebs.lib;
'')
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
+ tv.iptables.input-internet-accept-tcp = singleton "http";
}
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index e1598d792..f79454157 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
with config.krebs.lib;
@@ -12,6 +12,8 @@ with config.krebs.lib;
"cd"
"ire"
];
+ tincPackage = pkgs.tinc_pre;
};
- tv.iptables.input-internet-accept-new-tcp = singleton "tinc";
+ tv.iptables.input-internet-accept-tcp = singleton "tinc";
+ tv.iptables.input-internet-accept-udp = singleton "tinc";
}
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 85045332f..86c5d05d6 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -14,8 +14,17 @@ let
};
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ pkgs.vimPlugins.ctrlp
pkgs.vimPlugins.undotree
(pkgs.vimUtils.buildVimPlugin {
+ name = "vim-syntax-jq";
+ src = pkgs.fetchgit {
+ url = https://github.com/vito-c/jq.vim;
+ rev = "99d55a300047946a82ecdd7617323a751199ad2d";
+ sha256 = "00mmwg4swwmllknzzx07af080lcy7y5i6341rc6c08i2vka48nv9";
+ };
+ })
+ (pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
@@ -101,6 +110,176 @@ let
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeOut "vim-tv" {
+ "/syntax/haskell.vim".text = /* vim */ ''
+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
+
+ hi link ConId Identifier
+ hi link VarId Identifier
+ hi link hsDelimiter Delimiter
+ '';
+ "/syntax/nix.vim".text = /* vim */ ''
+ "" Quit when a (custom) syntax file was already loaded
+ "if exists("b:current_syntax")
+ " finish
+ "endif
+
+ "setf nix
+
+ " Ref <nix/src/libexpr/lexer.l>
+ syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
+ syn match NixINT /\<[0-9]\+\>/
+ syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
+ syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
+ syn region NixSTRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ syn region NixIND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+
+ syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
+
+ syn match NixCommentMatch /\(^\|\s\)#.*/
+ syn region NixCommentRegion start="/\*" end="\*/"
+
+ hi link NixCode Statement
+ hi link NixData Constant
+ hi link NixComment Comment
+
+ hi link NixCommentMatch NixComment
+ hi link NixCommentRegion NixComment
+ hi link NixID NixCode
+ hi link NixINT NixData
+ hi link NixPATH NixData
+ hi link NixHPATH NixData
+ hi link NixSPATH NixData
+ hi link NixURI NixData
+ hi link NixSTRING NixData
+ hi link NixIND_STRING NixData
+
+ hi link NixEnter NixCode
+ hi link NixOther NixCode
+ hi link NixQuote NixData
+
+ syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
+ syn cluster nix_ind_strings contains=NixIND_STRING
+ syn cluster nix_strings contains=NixSTRING
+
+ ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
+ startAlts = filter isString [
+ ''/\* ${lang} \*/''
+ extraStart
+ ];
+ sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
+ in /* vim */ ''
+ syn include @nix_${lang}_syntax syntax/${lang}.vim
+ if exists("b:current_syntax")
+ unlet b:current_syntax
+ endif
+
+ syn match nix_${lang}_sigil
+ \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
+ \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
+ \ transparent
+
+ syn region nix_${lang}_region_STRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn region nix_${lang}_region_IND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn cluster nix_ind_strings
+ \ add=nix_${lang}_region_IND_STRING
+
+ syn cluster nix_strings
+ \ add=nix_${lang}_region_STRING
+
+ " This is required because containedin isn't transitive.
+ syn cluster nix_has_dollar_curly
+ \ add=@nix_${lang}_syntax
+ '') {
+ c = {};
+ cabal = {};
+ diff = {};
+ haskell = {};
+ jq.extraStart = concatStringsSep ''\|'' [
+ ''writeJq.*''
+ ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"''
+ ];
+ lua = {};
+ sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
+ sh.extraStart = concatStringsSep ''\|'' [
+ ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''
+ ''[a-z]*Phase[ \t\r\n]*=''
+ ];
+ vim.extraStart =
+ ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
+ xdefaults = {};
+ })}
+
+ " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
+ syn clear shVarAssign
+
+ syn region nixINSIDE_DOLLAR_CURLY
+ \ matchgroup=NixEnter
+ \ start="[$]{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=@nix_has_dollar_curly
+ \ transparent
+
+ syn region nix_inside_curly
+ \ matchgroup=NixEnter
+ \ start="{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
+ \ transparent
+
+ syn match NixQuote /'''\(''$\|\\.\)/he=s+2
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /'''\('\|\\.\)/he=s+1
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /\\./he=s+1
+ \ containedin=@nix_strings
+ \ contained
+
+ syn sync fromstart
+
+ let b:current_syntax = "nix"
+
+ set isk=@,48-57,_,192-255,-,'
+ '';
+ "/syntax/sed.vim".text = /* vim */ ''
+ syn region sedBranch
+ \ matchgroup=sedFunction start="T"
+ \ matchgroup=sedSemicolon end=";\|$"
+ \ contains=sedWhitespace
+ '';
+ }))
];
dirs = {
@@ -121,6 +300,9 @@ let
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+ if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
+ set -- +CtrlP
+ fi
exec ${pkgs.vim}/bin/vim "$@"
'';
@@ -137,7 +319,7 @@ let
set mouse=a
set noruler
set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set runtimepath=$VIMRUNTIME,${extra-runtimepath}
set shortmess+=I
set showcmd
set showmatch
@@ -164,15 +346,10 @@ let
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
- au BufRead,BufNewFile *.hs so ${hs.vim}
-
- au BufRead,BufNewFile *.nix so ${nix.vim}
+ au BufRead,BufNewFile *.nix set ft=nix
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
- nmap <esc>q :buffer
- nmap <M-q> :buffer
-
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
@@ -198,147 +375,41 @@ let
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
- '';
-
- hs.vim = pkgs.writeText "hs.vim" ''
- syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
- hi link ConId Identifier
- hi link VarId Identifier
- hi link hsDelimiter Delimiter
- '';
- nix.vim = pkgs.writeText "nix.vim" ''
- setf nix
-
- " Ref <nix/src/libexpr/lexer.l>
- syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
- syn match NixINT /\<[0-9]\+\>/
- syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
- syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
- syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
- syn region NixSTRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- syn region NixIND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
-
- syn match NixOther /[():/;=.,?\[\]]/
-
- syn match NixCommentMatch /\(^\|\s\)#.*/
- syn region NixCommentRegion start="/\*" end="\*/"
-
- hi link NixCode Statement
- hi link NixData Constant
- hi link NixComment Comment
-
- hi link NixCommentMatch NixComment
- hi link NixCommentRegion NixComment
- hi link NixID NixCode
- hi link NixINT NixData
- hi link NixPATH NixData
- hi link NixHPATH NixData
- hi link NixSPATH NixData
- hi link NixURI NixData
- hi link NixSTRING NixData
- hi link NixIND_STRING NixData
-
- hi link NixEnter NixCode
- hi link NixOther NixCode
- hi link NixQuote NixData
-
- syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
- syn cluster nix_ind_strings contains=NixIND_STRING
- syn cluster nix_strings contains=NixSTRING
-
- ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
- startAlts = filter isString [
- ''/\* ${lang} \*/''
- extraStart
- ];
- sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
- in /* vim */ ''
- syn include @nix_${lang}_syntax syntax/${lang}.vim
- unlet b:current_syntax
-
- syn match nix_${lang}_sigil
- \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
- \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
- \ transparent
-
- syn region nix_${lang}_region_STRING
- \ matchgroup=NixSTRING
- \ start='"'
- \ skip='\\"'
- \ end='"'
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn region nix_${lang}_region_IND_STRING
- \ matchgroup=NixIND_STRING
- \ start="'''"
- \ skip="'''\('\|[$]\|\\[nrt]\)"
- \ end="'''"
- \ contained
- \ contains=@nix_${lang}_syntax
- \ transparent
-
- syn cluster nix_ind_strings
- \ add=nix_${lang}_region_IND_STRING
-
- syn cluster nix_strings
- \ add=nix_${lang}_region_STRING
-
- syn cluster nix_has_dollar_curly
- \ add=@nix_${lang}_syntax
- '') {
- c = {};
- cabal = {};
- haskell = {};
- sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
- vim.extraStart =
- ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
- })}
-
- " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
- syn clear shVarAssign
-
- syn region nixINSIDE_DOLLAR_CURLY
- \ matchgroup=NixEnter
- \ start="[$]{"
- \ end="}"
- \ contains=TOP
- \ containedin=@nix_has_dollar_curly
- \ transparent
-
- syn region nix_inside_curly
- \ matchgroup=NixEnter
- \ start="{"
- \ end="}"
- \ contains=TOP
- \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
- \ transparent
-
- syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
- \ containedin=@nix_ind_strings
- \ contained
-
- syn match NixQuote /\\./he=s+1
- \ containedin=@nix_strings
- \ contained
-
- syn sync fromstart
-
- let b:current_syntax = "nix"
-
- set isk=@,48-57,_,192-255,-,'
+ "
+ " CtrlP-related configuration
+ "
+ hi CtrlPPrtCursor ctermbg=199
+ hi CtrlPMatch ctermfg=226
+ set showtabline=0
+ let g:ctrlp_cmd = 'CtrlPMixed'
+ let g:ctrlp_map = '<esc>q'
+ let g:ctrlp_working_path_mode = 'a'
+ " Cannot use autoignore extension because it fails to initialize properly:
+ " when started the first time, e.g. using `vim +CtrlP`, then it won't use
+ " patterns from .ctrlpignore until CtrlP gets reopened and F5 pressed...
+ fu s:gen_ctrlp_custom_ignore()
+ let l:prefix = getcwd()
+ let l:pats = readfile(l:prefix . "/.ctrlpignore")
+ let l:pats = filter(l:pats, 's:ctrlpignore_filter(v:val)')
+ let l:pats = map(l:pats, 's:ctrlpignore_rewrite(v:val)')
+ return l:prefix . "\\(" . join(l:pats, "\\|") . "\\)"
+ endfu
+ fu s:ctrlpignore_filter(s)
+ " filter comments and blank lines
+ return match(a:s, '^\s*\(#.*\)''$') == -1
+ endfu
+ fu s:ctrlpignore_rewrite(s)
+ if a:s[0:0] == "^"
+ return "/" . a:s[1:]
+ else
+ return "/.*" . a:s
+ endif
+ endfu
+ try
+ let g:ctrlp_custom_ignore = s:gen_ctrlp_custom_ignore()
+ catch /^Vim\%((\a\+)\)\=:E484/
+ endtry
'';
in
out
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index c0e71f24d..4b1d1ef87 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -17,12 +17,22 @@ let
default = "retiolum";
};
- input-internet-accept-new-tcp = mkOption {
+ input-internet-accept-tcp = mkOption {
type = with types; listOf (either int str);
default = [];
};
- input-retiolum-accept-new-tcp = mkOption {
+ input-internet-accept-udp = mkOption {
+ type = with types; listOf (either int str);
+ default = [];
+ };
+
+ input-retiolum-accept-tcp = mkOption {
+ type = with types; listOf (either int str);
+ default = [];
+ };
+
+ input-retiolum-accept-udp = mkOption {
type = with types; listOf (either int str);
default = [];
};
@@ -83,8 +93,8 @@ let
ip4tables = "-p icmp -m icmp --icmp-type echo-request -j ACCEPT";
ip6tables = "-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT";
}."ip${toString iptables-version}tables";
- accept-new-tcp = port:
- "-p tcp -m tcp --dport ${port} -m conntrack --ctstate NEW -j ACCEPT";
+ accept-tcp = port: "-p tcp -m tcp --dport ${port} -j ACCEPT";
+ accept-udp = port: "-p udp -m udp --dport ${port} -j ACCEPT";
in
pkgs.writeText "tv-iptables-rules${toString iptables-version}" ''
*nat
@@ -112,13 +122,15 @@ let
"-i lo -j ACCEPT"
]
++ optional (cfg.accept-echo-request == "internet") accept-echo-request
- ++ map accept-new-tcp (unique (map toString cfg.input-internet-accept-new-tcp))
+ ++ map accept-tcp (unique (map toString cfg.input-internet-accept-tcp))
+ ++ map accept-udp (unique (map toString cfg.input-internet-accept-udp))
++ ["-i retiolum -j Retiolum"]
)}
${formatTable cfg.extra.filter}
${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([]
++ optional (cfg.accept-echo-request == "retiolum") accept-echo-request
- ++ map accept-new-tcp (unique (map toString cfg.input-retiolum-accept-new-tcp))
+ ++ map accept-tcp (unique (map toString cfg.input-retiolum-accept-tcp))
+ ++ map accept-udp (unique (map toString cfg.input-retiolum-accept-udp))
++ {
ip4tables = [
"-p tcp -j REJECT --reject-with tcp-reset"
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 607980807..affb535ef 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -16,6 +16,10 @@
erlang = pkgs.erlangR16;
};
ff = pkgs.callPackage ./ff {};
+ gnupg =
+ if elem config.krebs.build.host.name ["xu" "wu"]
+ then super.gnupg21
+ else super.gnupg;
q = pkgs.callPackage ./q {};
viljetic-pages = pkgs.callPackage ./viljetic-pages {};
xmonad-tv = import ./xmonad-tv.nix { inherit pkgs; };
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-13 07:09:03 +0000
[cgit] Unable to lock slot /tmp/cgit/e8200000.lock: No such file or directory (2)