diff options
44 files changed, 686 insertions, 369 deletions
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 90a1a111f..3780e0d7d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -14,7 +14,6 @@ with import <stockholm/lib>;
boot = {
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
- extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
kernelParams = [ "acpi_backlight=none" ];
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 1634a62ac..655a38030 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -624,6 +624,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
+ lass-daedalus = {
+ mail = "lass@daedalus.r";
+ pubkey = builtins.readFile ./ssh/daedalus.rsa;
+ };
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
diff --git a/krebs/3modules/lass/ssh/daedalus.rsa b/krebs/3modules/lass/ssh/daedalus.rsa
new file mode 100644
index 000000000..ad4847974
--- /dev/null
+++ b/krebs/3modules/lass/ssh/daedalus.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 56e5c6b82..0bed4d6da 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1038,6 +1038,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
+ makefu-remote-builder = {
+ inherit (makefu) mail pgp;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
+ };
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix
index 841e2ea00..c2e83c9f4 100644
--- a/krebs/5pkgs/simple/ftb/default.nix
+++ b/krebs/5pkgs/simple/ftb/default.nix
@@ -25,6 +25,7 @@ stdenv.mkDerivation {
cat > $out/bin/ftb << EOF
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar
diff --git a/krebs/source.nix b/krebs/source.nix
index 60303c7c1..73ebf135d 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -18,7 +18,7 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url =;
- ref = "b34a5f6d874e3c3f3f7812371b858b79ddb5be35"; # nixos-17.09 @ 2018-02-09
+ ref = "c831224528cd6bfd49bfc2c18b9c5d9015651077"; # nixos-17.09 @ 2018-02-15
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index f53e93f26..5a553572e 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
+ <stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -149,11 +150,13 @@ with import <stockholm/lib>;
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
+ virtualisation.docker.enable = true;
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 936666a73..6ca980155 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -31,6 +31,8 @@ with import <stockholm/lib>;
+ <stockholm/lass/2configs/dunst.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ "/home/virtual" = {
+ device = "/dev/mapper/pool-virtual";
+ fsType = "ext4";
+ };
services.udev.extraRules = ''
@@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
+ virtualisation.docker.enable = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 087aaab06..b498d94ff 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,6 +297,7 @@ in {
user = with config.krebs.users; [
+ jeschli-bolide
repo = [ ];
@@ -313,6 +314,18 @@ in {
+ {
+ services.taskserver = {
+ enable = true;
+ fqdn = "";
+ listenHost = "::";
+ listenPort = 53589;
+ organisations.lass.users = [ "lass" "android" ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
+ ];
+ }
]; = config.krebs.hosts.prism;
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 51512955e..7d3dfd428 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -41,6 +41,7 @@ in {
+ lass-helios.pubkey
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 5ca024574..61a006a52 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -121,7 +121,7 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- ${pkgs.coreutils}/bin/sleep infinity
+ exec ${pkgs.coreutils}/bin/sleep infinity
diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index cbf853d64..ae1c7bc8d 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -17,6 +17,7 @@ in {
+ config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
@@ -44,6 +45,11 @@ in {
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
+ { predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
+ ];
+ = [
@@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
+ services.minio.enable = true;
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 9582413ed..8d0fb0d02 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -16,6 +16,8 @@ with import <stockholm/lib>;
+ lass-daedalus.pubkey
+ lass-helios.pubkey
diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix
new file mode 100644
index 000000000..6d3d839bc
--- /dev/null
+++ b/lass/2configs/dunst.nix
@@ -0,0 +1,277 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+ dunstConfig = pkgs.writeText "dunst-config" ''
+ [global]
+ font = Iosevka Term 11
+ # Allow a small subset of html markup:
+ # <b>bold</b>
+ # <i>italic</i>
+ # <s>strikethrough</s>
+ # <u>underline</u>
+ #
+ # For a complete reference see
+ # <>.
+ # If markup is not allowed, those tags will be stripped out of the
+ # message.
+ markup = yes
+ plain_text = no
+ # The format of the message. Possible variables are:
+ # %a appname
+ # %s summary
+ # %b body
+ # %i iconname (including its path)
+ # %I iconname (without its path)
+ # %p progress value if set ([ 0%] to [100%]) or nothing
+ # Markup is allowed
+ format = "%a\n<b>%s</b>\n%b"
+ # Sort messages by urgency.
+ sort = yes
+ # Show how many messages are currently hidden (because of geometry).
+ indicate_hidden = yes
+ # Alignment of message text.
+ # Possible values are "left", "center" and "right".
+ alignment = center
+ # The frequency with wich text that is longer than the notification
+ # window allows bounces back and forth.
+ # This option conflicts with "word_wrap".
+ # Set to 0 to disable.
+ bounce_freq = 0
+ # Show age of message if message is older than show_age_threshold
+ # seconds.
+ # Set to -1 to disable.
+ show_age_threshold = 1
+ # Split notifications into multiple lines if they don't fit into
+ # geometry.
+ word_wrap = yes
+ # Ignore newlines '\n' in notifications.
+ ignore_newline = no
+ # Hide duplicate's count and stack them
+ stack_duplicates = yes
+ hide_duplicates_count = no
+ # The geometry of the window:
+ # [{width}]x{height}[+/-{x}+/-{y}]
+ # The geometry of the message window.
+ # The height is measured in number of notifications everything else
+ # in pixels. If the width is omitted but the height is given
+ # ("-geometry x2"), the message window expands over the whole screen
+ # (dmenu-like). If width is 0, the window expands to the longest
+ # message displayed. A positive x is measured from the left, a
+ # negative from the right side of the screen. Y is measured from
+ # the top and down respectevly.
+ # The width can be negative. In this case the actual width is the
+ # screen width minus the width defined in within the geometry option.
+ geometry = "500x10-0+0"
+ # Shrink window if it's smaller than the width. Will be ignored if
+ # width is 0.
+ shrink = no
+ # The transparency of the window. Range: [0; 100].
+ # This option will only work if a compositing windowmanager is
+ # present (e.g. xcompmgr, compiz, etc.).
+ # transparency = 5
+ # Don't remove messages, if the user is idle (no mouse or keyboard input)
+ # for longer than idle_threshold seconds.
+ # Set to 0 to disable.
+ idle_threshold = 0
+ # Which monitor should the notifications be displayed on.
+ monitor = keyboard
+ # Display notification on focused monitor. Possible modes are:
+ # mouse: follow mouse pointer
+ # keyboard: follow window with keyboard focus
+ # none: don't follow anything
+ #
+ # "keyboard" needs a windowmanager that exports the
+ # _NET_ACTIVE_WINDOW property.
+ # This should be the case for almost all modern windowmanagers.
+ #
+ # If this option is set to mouse or keyboard, the monitor option
+ # will be ignored.
+ follow = none
+ # Should a notification popped up from history be sticky or timeout
+ # as if it would normally do.
+ sticky_history = yes
+ # Maximum amount of notifications kept in history
+ history_length = 15
+ # Display indicators for URLs (U) and actions (A).
+ show_indicators = no
+ # The height of a single line. If the height is smaller than the
+ # font height, it will get raised to the font height.
+ # This adds empty space above and under the text.
+ line_height = 3
+ # Draw a line of "separatpr_height" pixel height between two
+ # notifications.
+ # Set to 0 to disable.
+ separator_height = 1
+ # Padding between text and separator.
+ padding = 1
+ # Horizontal padding.
+ horizontal_padding = 1
+ # Define a color for the separator.
+ # possible values are:
+ # * auto: dunst tries to find a color fitting to the background;
+ # * foreground: use the same color as the foreground;
+ # * frame: use the same color as the frame;
+ # * anything else will be interpreted as a X color.
+ separator_color = frame
+ # Print a notification on startup.
+ # This is mainly for error detection, since dbus (re-)starts dunst
+ # automatically after a crash.
+ startup_notification = true
+ # dmenu path.
+ dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
+ # Browser for opening urls in context menu.
+ browser = /usr/bin/firefox -new-tab
+ # Align icons left/right/off
+ icon_position = off
+ max_icon_size = 80
+ # Paths to default icons.
+ icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
+ frame_width = 2
+ frame_color = "#8EC07C"
+ [shortcuts]
+ # Shortcuts are specified as [modifier+][modifier+]...key
+ # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
+ # "mod3" and "mod4" (windows-key).
+ # Xev might be helpful to find names for keys.
+ # Close notification.
+ close = ctrl+space
+ # Close all notifications.
+ close_all = ctrl+shift+space
+ # Redisplay last message(s).
+ # On the US keyboard layout "grave" is normally above TAB and left
+ # of "1".
+ history = ctrl+grave
+ # Context menu.
+ context = mod4+u
+ [urgency_low]
+ # IMPORTANT: colors have to be defined in quotation marks.
+ # Otherwise the "#" and following would be interpreted as a comment.
+ frame_color = "#3B7C87"
+ foreground = "#3B7C87"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+ [urgency_normal]
+ frame_color = "#5B8234"
+ foreground = "#5B8234"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+ [urgency_critical]
+ frame_color = "#B7472A"
+ foreground = "#B7472A"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+ # Every section that isn't one of the above is interpreted as a rules to
+ # override settings for certain messages.
+ # Messages can be matched by "appname", "summary", "body", "icon", "category",
+ # "msg_urgency" and you can override the "timeout", "urgency", "foreground",
+ # "background", "new_icon" and "format".
+ # Shell-like globbing will get expanded.
+ #
+ # You can specify a script that gets run when the rule matches by
+ # setting the "script" option.
+ # The script will be called as follows:
+ # script appname summary body icon urgency
+ # where urgency can be "LOW", "NORMAL" or "CRITICAL".
+ #
+ # NOTE: if you don't want a notification to be displayed, set the format
+ # to "".
+ # NOTE: It might be helpful to run dunst -print in a terminal in order
+ # to find fitting options for rules.
+ #[espeak]
+ # summary = "*"
+ # script =
+ #[script-test]
+ # summary = "*script*"
+ # script =
+ #[ignore]
+ # # This notification will not be displayed
+ # summary = "foobar"
+ # format = ""
+ #[signed_on]
+ # appname = Pidgin
+ # summary = "*signed on*"
+ # urgency = low
+ #
+ #[signed_off]
+ # appname = Pidgin
+ # summary = *signed off*
+ # urgency = low
+ #
+ #[says]
+ # appname = Pidgin
+ # summary = *says*
+ # urgency = critical
+ #
+ #[twitter]
+ # appname = Pidgin
+ # summary = **
+ # urgency = normal
+ #
+ # vim: ft=cfg
+ '';
+in {
+ = {
+ wantedBy = [ "" ];
+ requires = [ "xmonad.service" ];
+ environment = {
+ DISPLAY = ":${toString}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "dunst";
+ ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
+ Restart = "always";
+ RestartSec = "15s";
+ StartLimitBurst = 0;
+ };
+ };
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 0219f5216..4335c7cab 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -59,6 +59,17 @@ with import <stockholm/lib>;
{ from = ""; to = lass.mail; }
{ from = ""; to = lass.mail; }
{ from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
+ { from = ""; to = lass.mail; }
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix
index 03414a745..24b806efa 100644
--- a/lass/2configs/logf.nix
+++ b/lass/2configs/logf.nix
@@ -10,9 +10,13 @@ let
echelon = "197";
cloudkrebs = "119";
+ urgent = [
+ "\\blass@mors\\b"
+ ];
in {
environment.systemPackages = [
(pkgs.writeDashBin "logf" ''
+ export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 7c58e8c5f..e83201cd8 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -21,11 +21,11 @@ let
mailboxes = {
- wireguard = [ "wireguard@lists.zx2c4" ];
- c-base = [ "" ];
- security = [ "" "security" "bugtraq" ];
- nix-devel = [ "" ];
- shack = [ "" ];
+ wireguard = [ "to:wireguard@lists.zx2c4" ];
+ c-base = [ "" ];
+ security = [ "" "to:security" "to:bugtraq" ];
+ nix-devel = [ "" ];
+ shack = [ "" ];
muttrc = pkgs.writeText "muttrc" ''
@@ -80,16 +80,16 @@ let
# V
''} %r |"
- virtual-mailboxes \
- "Unread" "notmuch://?query=tag:unread"\
- "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\
- ${concatMapStringsSep "\n" (i: ''${" "}"${}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)}
- "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\
- "TODO" "notmuch://?query=tag:TODO"\
- "Starred" "notmuch://?query=tag:*"\
- "Archive" "notmuch://?query=tag:archive"\
- "Sent" "notmuch://?query=tag:sent"\
- "Junk" "notmuch://?query=tag:junk"
+ virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT ${f}") (flatten (attrValues mailboxes))}"
+ virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
+ ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${}" "notmuch://?query=${concatMapStringsSep " or " (f: "${f}") i.value}"'') (mapAttrsToList nameValuePair mailboxes)}
+ virtual-mailboxes "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT ${f}") (flatten (attrValues mailboxes))}"
+ virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
+ virtual-mailboxes "Starred" "notmuch://?query=tag:*"
+ virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
+ virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
+ virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
+ virtual-mailboxes "All" "notmuch://?query=*"
tag-transforms "junk" "k" \
"unread" "u" \
diff --git a/lass/2configs/rtl-sdr.nix b/lass/2configs/rtl-sdr.nix
new file mode 100644
index 000000000..7d640ea6c
--- /dev/null
+++ b/lass/2configs/rtl-sdr.nix
@@ -0,0 +1,6 @@
+ boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr"
+ '';
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index d60b1feea..dd82b34eb 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -19,23 +19,8 @@ in {
- wine64 = {
- name = "wine64";
- description = "user for running wine in 64bit";
- home = "/home/wine64";
- useDefaultShell = true;
- extraGroups = [
- "audio"
- "video"
- ];
- createHome = true;
- packages = [
- ( { wineBuild = "wineWow"; })
- ];
- };
security.sudo.extraConfig = ''
${} ALL=(wine) NOPASSWD: ALL
- ${} ALL=(wine64) NOPASSWD: ALL
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index add30fbf1..aa3e6731d 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -50,16 +50,15 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
+ #beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
- #beautiful colors
alias ls='ls --color'
- # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
+ zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
#emacs bindings
bindkey "[7~" beginning-of-line
@@ -109,7 +108,7 @@
#check if in nix shell
- if test -n "$buildInputs"; then
+ if test -n "$IN_NIX_SHELL"; then
p_nixshell='%F{green}[s]%f '
t_nixshell='[s] '
diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix
index d16f89f45..cdd80857a 100644
--- a/lass/3modules/xserver/default.nix
+++ b/lass/3modules/xserver/default.nix
@@ -33,6 +33,11 @@ let
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
+ if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
+ exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
+ fi
+ ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
@@ -74,6 +79,7 @@ let
"-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
(optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}")
+ User =;
krebs.xresources.resources.dpi = ''
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 2dd352bd4..59c95cff7 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -23,6 +23,7 @@ import XMonad
import qualified XMonad.StackSet as W
import Control.Monad.Extra (whenJustM)
import Data.List (isInfixOf)
+import Data.Monoid (Endo)
import System.Environment (getArgs, lookupEnv)
import System.Posix.Process (executeFile)
import XMonad.Actions.CopyWindow (copy, kill1)
@@ -36,7 +37,7 @@ import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
-import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
+import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
import XMonad.Layout.NoBorders (smartBorders)
@@ -44,9 +45,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat)
import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy)
import XMonad.Util.EZConfig (additionalKeysP)
+import XMonad.Util.NamedWindows (getName)
+import XMonad.Util.Run (safeSpawn)
import XMonad.Stockholm.Shutdown
+data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
+instance UrgencyHook LibNotifyUrgencyHook where
+ urgencyHook LibNotifyUrgencyHook w = do
+ name <- getName w
+ Just idx <- fmap (W.findTag w) $ gets windowset
+ safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx]
myTerm :: FilePath
myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc"
@@ -61,7 +73,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
xmonad $ ewmh
- $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
+ $ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
, modMask = mod4Mask
@@ -80,11 +92,12 @@ myLayoutHook = defLayout
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
+floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $
[ [ title =? t --> doFloat | t <- myTitleFloats]
, [ className =? c --> doFloat | c <- myClassFloats ] ]
- myTitleFloats = [] -- for the KDE "open link" popup from konsole
+ myTitleFloats = []
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a656fdce3..b859efc94 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -148,6 +148,11 @@ in {
allowedIPs = [ "" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
+ {
+ # workr
+ allowedIPs = [ "" ];
+ publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+ }
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index ce3ffbcf3..01438397e 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -19,22 +19,24 @@ let
# __FRONT_
# |* d0 |
# | |
- # |* d3 |
+ # |* d1 |
# | |
# |* d3 |
# | |
# |* |
# |* d2 |
- # | * r0 |
+ # | * |
+ # | * |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+ cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
+ dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
@@ -68,6 +70,8 @@ in {
+ <stockholm/makefu/2configs/deployment/google-muell.nix>
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
# security
@@ -116,7 +120,6 @@ in {
services.sabnzbd.enable = true; = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- virtualisation.docker.enable = true;
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
@@ -126,6 +129,7 @@ in {
makefu.snapraid = {
enable = true;
+ # TODO: 3 is not protected
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
@@ -138,7 +142,7 @@ in {
environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
- wol # wake up filepimp
+ wol # wake up filepimp
fileSystems = let
@@ -150,6 +154,7 @@ in {
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
+ // cryptMount "crypt3"
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs";
@@ -178,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
+ (usbkey "crypt3" cryptDisk3)
loader.grub.device = lib.mkForce rootDisk;
diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix
index 38c044be4..c2cd23d1e 100644
--- a/makefu/1systems/sdev/config.nix
+++ b/makefu/1systems/sdev/config.nix
@@ -5,32 +5,35 @@
imports =
[ # Include the results of the hardware scan.
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ { # until virtualbox-image is fixed
+ imports = [
+ <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ ];
+ boot.loader.grub.device = "/dev/sda";
+ }
# <secrets/extra-hosts.nix>
# environment
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
- # workaround for
- services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
- nixpkgs.config.allowUnfree = true;
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
+ # corefonts
+ nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
- docker
(pkgs.writeScriptBin "tor-browser" ''
@@ -39,18 +42,11 @@
- virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
- fileSystems."/media/share" = {
- fsType = "vboxsf";
- device = "share";
- options = [ "rw" "uid=9001" "gid=9001" ];
- };
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index ffd9deaee..208dd1ff7 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -8,30 +8,9 @@
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda";
- virtualisation.virtualbox.guest.enable = true;
- # {
- # imports = [
- # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
- # ];
- # virtualbox.baseImageSize = 35 * 1024;
- # fileSystems."/media/share" = {
- # fsType = "vboxsf";
- # device = "share";
- # options = [ "rw" "uid=9001" "gid=9001" ];
- # };
- # }
- # {
- # imports = [
- # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- # ];
- # fileSystems."/nix" = {
- # device ="/dev/disk/by-label/nixstore";
- # fsType = "ext4";
- # };
- # }
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# base gui
# <stockholm/makefu/2configs/main-laptop.nix>
@@ -75,14 +54,8 @@
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
- nixpkgs.config.allowUnfree = true;
# allow vbob to deploy self
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
- };
- };
+ users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
+ # for forticlient
+ nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
- # docker
- # virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
@@ -111,6 +86,6 @@
+ # required for qemu"serial-getty@ttyS0".enable = true;
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index f44211b93..6434ba273 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -18,7 +18,7 @@ in {
- # <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
+ <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
@@ -31,6 +31,63 @@ in {
# Services
+ (let
+ musicDirectory = "/data/music";
+ in {
+ services.mpd = {
+ enable = true;
+ inherit musicDirectory;
+ # dataDir = "/home/anders/.mpd";
+ network.listenAddress = "any";
+ extraConfig = ''
+ audio_output {
+ type "pulse"
+ name "Local MPD"
+ server ""
+ }
+ '';
+ };
+ # open because of truestedInterfaces
+ # networking.firewall.allowedTCPPorts = [ 6600 4713 ];
+ = {
+ path = musicDirectory;
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ sound.enable = true;
+ hardware.pulseaudio = {
+ enable = true;
+ package = pkgs.pulseaudioFull;
+ # systemWide = true;
+ support32Bit = true;
+ zeroconf.discovery.enable = true;
+ zeroconf.publish.enable = true;
+ tcp = {
+ enable = true;
+ anonymousClients.allowAll = true;
+ anonymousClients.allowedIpRanges = [ "" "" ];
+ };
+ configFile = pkgs.writeText "" ''
+ load-module module-udev-detect
+ load-module module-bluetooth-policy
+ load-module module-bluetooth-discover
+ load-module module-native-protocol-unix
+ load-module module-always-sink
+ load-module module-console-kit
+ load-module module-systemd-login
+ load-module module-intended-roles
+ load-module module-position-event-sounds
+ load-module module-filter-heuristics
+ load-module module-filter-apply
+ load-module module-native-protocol-tcp auth-ip-acl=
+ load-module module-switch-on-connect
+ '';
+ };
+ # connect via
+ hardware.bluetooth.enable = true;
+ })
# Sensors
@@ -147,7 +204,10 @@ in {
boot.loader.grub.device = rootdisk; = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "kvm-intel"
+ "snd-seq" "snd-rawmidi"
+ ];
fileSystems = {
"/" = {
device = rootdisk + "-part1";
@@ -174,66 +234,4 @@ in {
serverAddress = "x.r";
- security.wrappers.fping = {
- source = "${pkgs.fping}/bin/fping";
- setuid = true;
- };
- services.smokeping = {
- enable = true;
- targetConfig = ''
- probe = FPing
- menu = Top
- title = Network Latency Grapher
- remark = Welcome to this SmokePing website.
- + network
- menu = Net latency
- title = Network latency (ICMP pings)
- ++ google
- probe = FPing
- host =
- ++ webde
- probe = FPing
- host =
- + services
- menu = Service latency
- title = Service latency (DNS, HTTP)
- ++ HTTP
- menu = HTTP latency
- title = Service latency (HTTP)
- +++ webdeping
- probe = EchoPingHttp
- host =
- +++ googwebping
- probe = EchoPingHttp
- host =
- #+++ webwww
- #probe = Curl
- #host =
- #+++ googwebwww
- #probe = Curl
- #host =
- '';
- probeConfig = ''
- + FPing
- binary = /run/wrappers/bin/fping
- + EchoPingHttp
- pings = 5
- url = /
- #+ Curl
- ## probe-specific variables
- #binary = ${pkgs.curl}/bin/curl
- #step = 60
- ## a default for this target-specific variable
- #urlformat = http://%host%/
- '';
- };
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index a32db91e1..b4d4aa66e 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization
- <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
@@ -59,8 +59,9 @@ with import <stockholm/lib>;
# Hardware
- <stockholm/makefu/2configs/hw/rtl8812au.nix>
- <stockholm/makefu/2configs/hw/wwan.nix>
+ # <stockholm/makefu/2configs/hw/tpm.nix>
+ # <stockholm/makefu/2configs/hw/rtl8812au.nix>
+ <stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/rad1o.nix>
@@ -77,18 +78,46 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+ # <stockholm/makefu/2configs/deployment/>
+ {
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "" ];
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [
+ {
+ # gum
+ endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
+ allowedIPs = [ "" ];
+ publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ }
+ #{
+ # # vbob
+ # allowedIPs = [ "" ];
+ # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+ #}
+ ];
+ };
+ }
+ { # auto-mounting
+ services.udisks2.enable = true;
+ services.devmon.enable = true;
+ # services.gnome3.gvfs.enable = true;
+ users.users.makefu.packages = with pkgs;[
+ gvfs pcmanfm lxmenu-data
+ ];
+ environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+ }
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
- makefu.umts.apn = "";
nixpkgs.config.allowUnfree = true;
- environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@@ -100,8 +129,15 @@ with import <stockholm/lib>;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
- omo.local
+ omo.local
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+ nix.package = pkgs.nixUnstable;
+ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
+ nixpkgs.overlays = [ (import <python/overlay.nix>) ];
+ # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix
new file mode 100644
index 000000000..f23789ee5
--- /dev/null
+++ b/makefu/2configs/deployment/google-muell.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, buildPythonPackage, ... }:
+with import <stockholm/lib>;
+ pkg = pkgs.ampel;
+ home = "/var/lib/ampel";
+ sec = "${toString <secrets>}/google-muell.json";
+ ampelsec = "${home}/google-muell.json";
+ esp = "";
+ sleepval = "1800";
+in {
+ users.users.ampel = {
+ uid = genid "ampel";
+ createHome = true;
+ isSystemUser = true;
+ inherit home;
+ };
+ = {
+ description = "Send led change to rgb cubes";
+ after = [ "" ];
+ wantedBy = [ "" ];
+ serviceConfig = {
+ User = "ampel";
+ ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
+ cp ${sec} ${ampelsec}
+ chown ampel ${ampelsec}
+ '';
+ ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
+ PermissionsStartOnly = true;
+ Restart = "always";
+ RestartSec = 10;
+ PrivateTmp = true;
+ };
+ };
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index 292b6679d..d34b66125 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -2,25 +2,7 @@
mq = "";
- pkg = pkgs.python3Packages.buildPythonPackage {
- name = "ampel-master";
- src = pkgs.fetchgit {
- url = "";
- rev = "531741b";
- sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
- };
- propagatedBuildInputs = with pkgs.python3Packages; [
- docopt
- paho-mqtt
- requests
- pytz
- influxdb
- httplib2
- google_api_python_client
- ];
- };
+ pkg = pkgs.ampel;
in { = {
description = "Send led change to message queue";
diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix
index daa0282b8..861a9327e 100644
--- a/makefu/2configs/gui/base.nix
+++ b/makefu/2configs/gui/base.nix
@@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ];
- environment.systemPackages = with pkgs;[
- pavucontrol
- xlockmore
- rxvt_unicode-with-plugins
- firefox
- ];
- users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
+ users.users.${mainUser} = {
+ extraGroups = [ "audio" ];
+ packages = with pkgs;[
+ pavucontrol
+ xlockmore
+ rxvt_unicode-with-plugins
+ ];
+ };
hardware.pulseaudio = {
enable = true;
diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix
index 4b7a0c333..7db749227 100644
--- a/makefu/2configs/gui/wbob-kiosk.nix
+++ b/makefu/2configs/gui/wbob-kiosk.nix
@@ -1,11 +1,13 @@
-{ lib, ... }:
+{ pkgs, lib, ... }:
imports = [
+ users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = {
layout = lib.mkForce "de";
+ xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
@@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
- xset s off -dpms
+ xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
new file mode 100644
index 000000000..7e29849b1
--- /dev/null
+++ b/makefu/2configs/hw/network-manager.nix
@@ -0,0 +1,37 @@
+{ pkgs, lib, ... }:
+ users.users.makefu = {
+ extraGroups = [ "networkmanager" ];
+ packages = with pkgs;[
+ networkmanagerapplet
+ gnome3.gnome_keyring gnome3.dconf
+ ];
+ };
+ networking.wireless.enable = lib.mkForce false;
+ = {
+ description = "ModemManager";
+ after = [ "network-manager.service" ];
+ bindsTo = [ "network-manager.service" ];
+ wantedBy = [ "network-manager.service" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
+ PrivateTmp = true;
+ Restart = "always";
+ RestartSec = "5";
+ };
+ };
+ networking.networkmanager.enable = true;
+ # TODO: put somewhere else
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.clipit}/bin/clipit &
+ ${pkgs.networkmanagerapplet}/bin/nm-applet &
+ '';
+# nixOSUnstable
+# networking.networkmanager.wifi = {
+# powersave = true;
+# scanRandMacAddress = true;
+# };
diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix
new file mode 100644
index 000000000..65f915a2f
--- /dev/null
+++ b/makefu/2configs/hw/vbox-guest.nix
@@ -0,0 +1,16 @@
+{ lib, ...}:
+ ## Guest Extensions are currently broken
+ imports = [
+ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+ ];
+ virtualisation.virtualbox.guest.enable = true;
+ services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
+ fileSystems."/media/share" = {
+ fsType = "vboxsf";
+ device = "share";
+ options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
+ };
+ # virtualbox.baseImageSize = 35 * 1024;
diff --git a/makefu/2configs/hw/wwan.nix b/makefu/2configs/hw/wwan.nix
deleted file mode 100644
index 0eb0c97d7..000000000
--- a/makefu/2configs/hw/wwan.nix
+++ /dev/null
@@ -1,8 +0,0 @@
- makefu.umts = {
- enable = true;
- modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
- };
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index f2676f11c..1993a5212 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,5 +5,5 @@
- # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix
index 0356ba391..e0c68167f 100644
--- a/makefu/2configs/tools/studio.nix
+++ b/makefu/2configs/tools/studio.nix
@@ -9,8 +9,8 @@
# owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
- pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
- pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
+ pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
+ pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index af0e81df5..fa4eb827c 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -14,8 +14,6 @@ _:
- ./umts.nix
- ./wvdial.nix
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
deleted file mode 100644
index 86669945a..000000000
--- a/makefu/3modules/umts.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
- nixpkgs-1509 = import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs-channels";
- rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
- sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
- }) {};
- wvdial = nixpkgs-1509.wvdial; #
- # TODO: currently it is only netzclub
- umts-bin = pkgs.writeScriptBin "umts" ''
- #!/bin/sh
- set -euf
- systemctl start umts
- trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
- echo nameserver | tee -a /etc/resolv.conf
- journalctl -xfu umts
- '';
- wvdial-defaults = ''
- Phone = *99***1#
- Dial Command = ATDT
- Modem = ${cfg.modem-device}
- Baud = 460800
- Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
- Init2 = ATZ
- Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
- ISDN = 0
- Modem Type = Analog Modem
- Username = netzclub
- Password = netzclub
- Stupid Mode = 1
- Idle Seconds = 0'';
- cfg = config.makefu.umts;
- out = {
- options.makefu.umts = api;
- config = lib.mkIf cfg.enable imp;
- };
- api = {
- enable = mkEnableOption "umts";
- modem-device = mkOption {
- default = "/dev/ttyUSB0";
- type = types.str;
- description = ''
- path to modem device, use <filename>/dev/serial/by-id/...</filename>
- to avoid race conditions.
- '';
- };
- apn = mkOption {
- default = "";
- type = types.str;
- description = ''
- apn to use for dailing
- '';
- };
- };
- imp = {
- environment.shellAliases = {
- umts = "sudo ${umts-bin}/bin/umts";
- };
- environment.systemPackages = [ ];
- environment.wvdial.dialerDefaults = wvdial-defaults;
- = {
- description = "UMTS wvdial Service";
- serviceConfig = {
- Type = "simple";
- Restart = "always";
- RestartSec = "10s";
- ExecStart = "${wvdial}/bin/wvdial -n";
- };
- };
- };
-in out
diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix
deleted file mode 100644
index 1ed929ed4..000000000
--- a/makefu/3modules/wvdial.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-# Global configuration for wvdial.
-{ config, lib, pkgs, ... }:
-with lib;
- configFile = ''
- [Dialer Defaults]
- PPPD PATH = ${pkgs.ppp}/sbin/pppd
- ${config.environment.wvdial.dialerDefaults}
- '';
- cfg = config.environment.wvdial;
- ###### interface
- options = {
- environment.wvdial = {
- dialerDefaults = mkOption {
- default = "";
- type = types.str;
- example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
- description = ''
- Contents of the "Dialer Defaults" section of
- <filename>/etc/wvdial.conf</filename>.
- '';
- };
- pppDefaults = mkOption {
- default = ''
- noipdefault
- usepeerdns
- defaultroute
- persist
- noauth
- '';
- type = types.str;
- description = "Default ppp settings for wvdial.";
- };
- };
- };
- ###### implementation
- config = mkIf (cfg.dialerDefaults != "") {
- environment = {
- etc =
- [
- { source = pkgs.writeText "wvdial.conf" configFile;
- target = "wvdial.conf";
- }
- { source = pkgs.writeText "wvdial" cfg.pppDefaults;
- target = "ppp/peers/wvdial";
- }
- ];
- };
- };
diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix
new file mode 100644
index 000000000..86518b9b8
--- /dev/null
+++ b/makefu/5pkgs/ampel/default.nix
@@ -0,0 +1,27 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+with pkgs.python3Packages;buildPythonPackage rec {
+ name = "ampel-${version}";
+ version = "0.2";
+ propagatedBuildInputs = [
+ docopt
+ paho-mqtt
+ requests
+ pytz
+ influxdb
+ httplib2
+ google_api_python_client
+ ];
+ src = pkgs.fetchgit {
+ url = "";
+ rev = "d8a0250";
+ sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
+ };
+ meta = {
+ homepage =;
+ description = "change colors of rgb cubes";
+ license = lib.licenses.asl20;
+ };
diff --git a/makefu/5pkgs/pfsshell/default.nix b/makefu/5pkgs/pfsshell/default.nix
new file mode 100644
index 000000000..fc6b37069
--- /dev/null
+++ b/makefu/5pkgs/pfsshell/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
+stdenv.mkDerivation rec {
+ pname = "pfsshell";
+ version = "64f8c2";
+ name = "${pname}-${version}";
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = "pfsshell";
+ rev = version;
+ sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
+ };
+ buildInputs = [ ];
+ makeFlags = [ ];
+ installPhase = ''
+ mkdir -p $out/bin
+ cp pfsshell $out/bin
+ '';
+ meta = {
+ homepage = ;
+ description = "browse and transfer files to/from PFS filesystems";
+ };
diff --git a/makefu/source.nix b/makefu/source.nix
index c22c82f32..708f0d20c 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -13,7 +13,8 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
- ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
+ # TODO: automate updating of this ref + cherry-picks
+ ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 2c4b4868e..dc50be4f1 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -128,11 +128,6 @@ let {
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
- optional repo.public {
- user = attrValues config.krebs.users;
- repo = [ repo ];
- perm = fetch;
- } ++
optional (repo.collaborators or [] != []) {
user = repo.collaborators;
repo = [ repo ];
[cgit] Unable to lock slot /tmp/cgit/c2000000.lock: Permission denied (13)