diff options
29 files changed, 451 insertions, 120 deletions
diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix index 4d4066ae4..cc4a1b208 100644 --- a/krebs/3modules/monit.nix +++ b/krebs/3modules/monit.nix @@ -49,10 +49,10 @@ let type = with types; attrsOf (submodule { options = { test = mkOption { - type = path; + type = either path str; }; alarm = mkOption { - type = path; + type = either path str; }; interval = mkOption { type = str; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 7705635f0..0211b31ba 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -12,7 +12,34 @@ let api = { enable = mkEnableOption "repo-sync"; repos = mkOption { - type = with types;attrsOf (attrsOf (attrsOf (attrsOf str))); + type = types.attrsOf (types.submodule { + options = { + branches = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + origin = mkOption { + type = types.git-source; + }; + mirror = mkOption { + type = types.git-source; + }; + }; + config = { + origin.ref = mkDefault "heads/master"; + mirror.ref = mkDefault "heads/${config._module.args.name}"; + }; + })); + }; + latest = mkOption { + type = types.nullOr types.git-source; + default = null; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = cfg.timerConfig; + }; + }; + }); example = literalExample '' # see `repo-sync --help` # `ref` provides sane defaults and can be omitted @@ -23,53 +50,53 @@ let # each attrset defines a group of repos for syncing { nxpkgs = { - makefu = { - origin = { - url = http://github.com/makefu/nixpkgs; - ref = "heads/dev" ; + branches = { + makefu = { + origin = { + url = http://github.com/makefu/nixpkgs; + ref = "heads/dev" ; + }; + mirror = { + url = "git@internal:nixpkgs-mirror" ; + ref = "heads/github-mirror-dev" ; + }; }; - mirror = { - url = "git@internal:nixpkgs-mirror" ; - ref = "heads/github-mirror-dev" ; + lass = { + origin = { + url = http://github.com/lass/nixpkgs; + }; + mirror = { + url = "git@internal:nixpkgs-mirror" ; + }; }; }; - lass = { - origin = { - url = http://github.com/lass/nixpkgs; - }; - mirror = { - url = "git@internal:nixpkgs-mirror" ; - }; - }; - "@latest" = { - mirror = { - url = "git@internal:nixpkgs-mirror"; - ref = "heads/master"; - }; + latest = { + url = "git@internal:nixpkgs-mirror"; + ref = "heads/master"; }; }; stockholm = { - lass = { - origin = { - url = http://cgit.prism.r/stockholm; + branches = { + lass = { + origin = { + url = http://cgit.prism.r/stockholm; + }; + mirror = { + url = "git@internal:stockholm-mirror" ; + }; }; - mirror = { - url = "git@internal:stockholm-mirror" ; + makefu = { + origin = { + url = http://gum.krebsco.de/stockholm; + }; + mirror = { + url = "git@internal:stockholm-mirror" ; + }; }; }; - makefu = { - origin = { - url = http://gum.krebsco.de/stockholm; - }; - mirror = { - url = "git@internal:stockholm-mirror" ; - }; - }; - "@latest" = { - mirror = { - url = "git@internal:stockholm-mirror"; - ref = "heads/master"; - }; + latest = { + url = "git@internal:stockholm-mirror"; + ref = "heads/master"; }; }; }; @@ -127,15 +154,16 @@ let nameValuePair "repo-sync-${name}" { description = "repo-sync timer"; wantedBy = [ "timers.target" ]; - - timerConfig = cfg.timerConfig; + timerConfig = repo.timerConfig; } ) cfg.repos; systemd.services = mapAttrs' (name: repo: let - repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json" - (builtins.toJSON repo); + repo-sync-config = pkgs.writeJSON "repo-sync-config-${name}.json" + (repo.branches // optionalAttrs (repo.latest != null) { + "@latest".mirror = repo.latest; + }); in nameValuePair "repo-sync-${name}" { description = "repo-sync"; after = [ "network.target" "secret.service" ]; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 1220143a7..d44c322aa 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -85,7 +85,7 @@ with import <stockholm/lib>; }; nets = { internet = { - ip4.addr = "64.137.177.226"; + ip4.addr = "45.62.237.203"; aliases = [ "cd.i" "cd.krebsco.de" diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 65ee14485..d14090323 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -2,6 +2,32 @@ with import <stockholm/lib>; { nixpkgs.config.packageOverrides = _: { + + # Combine a list of derivations using symlinks. Paths in later derivations + # take precedence over earlier ones. + # + # Example: create wrapper but retain all other files (man pages etc.) + # + # { + # nixpkgs.config.packageOverrides = super: { + # hello = pkgs.concat "hello" [ + # super.hello + # (pkgs.writeDashBin "hello" '' + # echo OMG + # echo exec ${super.hello}/bin/hello "$@" + # '') + # ]; + # }; + # } + # + concat = name: xs: pkgs.runCommand name {} '' + mkdir $out + ${flip concatMapStrings xs (x: '' + cp --remove-destination -vrs ${x}/* $out + find $out -type d -exec chmod -v u+rwx {} + + '')} + ''; + execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let in pkgs.writeC name { inherit destination; } /* c */ '' #include <unistd.h> @@ -96,7 +122,7 @@ with import <stockholm/lib>; assert types.package.check link; { install = /* sh */ '' - ${optionalString (dirOf path != "/") /* sh */ '' + ${optionalString (path != "") /* sh */ '' ${pkgs.coreutils}/bin/mkdir -p $out${dirOf path} ''} ${pkgs.coreutils}/bin/ln -s ${link} $out${path} diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index bffb08ad3..223e16bae 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -24,6 +24,7 @@ with import <stockholm/lib>; ../2configs/krebs-pass.nix ../2configs/repo-sync.nix ../2configs/ircd.nix + ../2configs/logf.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -192,7 +193,6 @@ with import <stockholm/lib>; remmina thunderbird - logf iodine macchanger diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index b55732f65..a7a7f6129 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,8 +215,13 @@ in { } { krebs.repo-sync.timerConfig = { + OnBootSec = "15min"; + OnUnitInactiveSec = "90min"; + RandomizedDelaySec = "30min"; + }; + krebs.repo-sync.repos.stockholm.timerConfig = { OnBootSec = "5min"; - OnUnitInactiveSec = "3min"; + OnUnitInactiveSec = "2min"; RandomizedDelaySec = "2min"; }; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 275b93f26..3032e244f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -15,6 +15,8 @@ in { enable = true; systemWide = true; }; + security.rtkit.enable = true; + sound.enableOSSEmulation = false; } { krebs.per-user.lass.packages = [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 3e7881fb4..96f70d312 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; ../2configs/nixpkgs.nix ../2configs/vim.nix ../2configs/monitoring/client.nix + ./htop.nix ./backups.nix ./security-workarounds.nix { diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix new file mode 100644 index 000000000..0296101ac --- /dev/null +++ b/lass/2configs/htop.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: + +with import <stockholm/lib>; + +{ + nixpkgs.config.packageOverrides = super: { + htop = pkgs.concat "htop" [ + super.htop + (pkgs.writeDashBin "htop" '' + export HTOPRC=${pkgs.writeText "htoprc" '' + fields=0 48 17 18 38 39 40 2 46 47 49 1 + sort_key=46 + sort_direction=1 + hide_threads=0 + hide_kernel_threads=1 + hide_userland_threads=0 + shadow_other_users=1 + show_thread_names=1 + show_program_path=1 + highlight_base_name=1 + highlight_megabytes=1 + highlight_threads=1 + tree_view=1 + header_margin=1 + detailed_cpu_time=0 + cpu_count_from_zero=0 + update_process_names=0 + account_guest_in_cpu_meter=1 + color_scheme=6 + delay=15 + left_meters=LeftCPUs2 RightCPUs2 Memory Swap + left_meter_modes=1 1 1 1 + right_meters=Uptime Tasks LoadAverage Battery + right_meter_modes=2 2 2 2 + ''} + exec ${super.htop}/bin/htop "$@" + '') + ]; + }; +} diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix new file mode 100644 index 000000000..3c4948db1 --- /dev/null +++ b/lass/2configs/logf.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + host-colors = { + mors = "131"; + prism = "95"; + uriel = "61"; + shodan = "51"; + icarus = "53"; + echelon = "197"; + helios = "199"; + cloudkrebs = "119"; + }; +in { + environment.systemPackages = [ + (pkgs.writeDashBin "logf" '' + export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors} + ${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)} + '') + ]; +} diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index b7d5a4ceb..fc347ba3c 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -322,13 +322,19 @@ let in { environment.systemPackages = [ - (pkgs.lib.overrideDerivation pkgs.mc (original : { - postInstall = '' - rm -f $out/etc/mc/mc.ext - ln -s ${mcExt} $out/etc/mc/mc.ext - cp $out/share/mc/skins/nicedark.ini $out/share/mc/skins/default.ini - ''; - })) + (pkgs.concat "mc" [ + pkgs.mc + (pkgs.writeDashBin "mc" '' + export MC_DATADIR=${pkgs.concat "mc-datadir" [ + (pkgs.writeOut "mc-ext" { + "/mc.ext".link = mcExt; + "/sfs.ini".text = ""; + }) + ]} + export TERM=xterm-256color + exec ${pkgs.mc}/bin/mc -S xoria256 "$@" + '') + ]) ]; } diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9c3eafffd..a6409b7db 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "5b0c9d4"; + url = https://cgit.lassul.us/nixpkgs; + ref = "c0ecd31"; }; } diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index 6cf23deaf..241d263f8 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -12,7 +12,6 @@ pavucontrol pv pwgen - python34Packages.livestreamer remmina silver-searcher wget diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 83f646130..dfea637ed 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -36,25 +36,27 @@ let sync-retiolum = name: { krebs.repo-sync.repos.${name} = { - makefu = { - origin.url = "http://cgit.gum/${name}"; - mirror.url = "${mirror}${name}"; + branches = { + makefu = { + origin.url = "http://cgit.gum/${name}"; + mirror.url = "${mirror}${name}"; + }; + tv = { + origin.url = "http://cgit.ni.r/${name}"; + mirror.url = "${mirror}${name}"; + }; + nin = { + origin.url = "http://cgit.onondaga.r/${name}"; + mirror.url = "${mirror}${name}"; + }; + lassulus = { + origin.url = "http://cgit.lassul.us/${name}"; + mirror.url = "${mirror}${name}"; + }; }; - tv = { - origin.url = "http://cgit.ni.r/${name}"; - mirror.url = "${mirror}${name}"; - }; - nin = { - origin.url = "http://cgit.onondaga.r/${name}"; - mirror.url = "${mirror}${name}"; - }; - lassulus = { - origin.url = "http://cgit.lassul.us/${name}"; - mirror.url = "${mirror}${name}"; - }; - "@latest" = { - mirror.url = "${mirror}${name}"; - mirror.ref = "heads/newest"; + latest = { + url = "${mirror}${name}"; + ref = "heads/newest"; }; }; krebs.git = defineRepo name (config.networking.hostName == "prism"); @@ -63,9 +65,11 @@ let sync-remote = name: url: { krebs.repo-sync.repos.${name} = { - remote = { - origin.url = url; - mirror.url = "${mirror}${name}"; + branches = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; }; }; krebs.git = defineRepo name (config.networking.hostName == "prism"); @@ -74,9 +78,11 @@ let sync-remote-silent = name: url: { krebs.repo-sync.repos.${name} = { - remote = { - origin.url = url; - mirror.url = "${mirror}${name}"; + branches = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; }; }; krebs.git = defineRepo name false; @@ -109,4 +115,3 @@ in { (sync-retiolum "xmonad-stockholm") ]; } - diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 4e0af0dc7..e6cf8d101 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -207,11 +207,14 @@ let alldirs = attrValues dirs ++ map dirOf (attrValues files); in unique (sort lessThan alldirs); - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; + vim = pkgs.concat "vim" [ + pkgs.vim + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + '') + ]; hs.vim = pkgs.writeText "hs.vim" '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 0b75425c4..daecdcd2f 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -25,15 +25,10 @@ in { imports = [ ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (servePage [ "pixelpocket.de" ]) - (serveOwncloud [ "o.ubikmedia.de" ]) - (serveWordpress [ "ubikmedia.de" "apanowicz.de" diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index bc70417f5..82f507138 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -95,7 +95,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f") + [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix index af865497e..12f2718bc 100644 --- a/nin/1systems/hiawatha.nix +++ b/nin/1systems/hiawatha.nix @@ -10,8 +10,11 @@ with lib; imports = [ ../. <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ../2configs/retiolum.nix + ../2configs/copyq.nix + ../2configs/games.nix ../2configs/git.nix + ../2configs/retiolum.nix + ../2configs/termite.nix ]; krebs.build.host = config.krebs.hosts.hiawatha; diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/nin/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix new file mode 100644 index 000000000..a7edae078 --- /dev/null +++ b/nin/2configs/games.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + vdoom = pkgs.writeDash "vdoom" '' + ${pkgs.zandronum-bin}/bin/zandronum \ + -fov 120 \ + "$@" + ''; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + vdoom1 = pkgs.writeDashBin "vdoom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + vdoom2 = pkgs.writeDashBin "vdoom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum-bin}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + ]; + + hardware.pulseaudio.support32Bit = true; + +} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix index 39f919e79..6bdc857d8 100644 --- a/nin/2configs/git.nix +++ b/nin/2configs/git.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; let out = { + services.nginx.enable = true; krebs.git = { enable = true; cgit = { diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index ad39848b6..9c3eafffd 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6651c72"; + ref = "5b0c9d4"; }; } diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix new file mode 100644 index 000000000..942446b01 --- /dev/null +++ b/nin/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.nin.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; + +} diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix index 4219e5d01..004ea5942 100644 --- a/shared/2configs/repo-sync.nix +++ b/shared/2configs/repo-sync.nix @@ -8,19 +8,21 @@ with lib; in { enable = true; repos.stockholm = { - makefu = { - origin.url = http://cgit.gum/stockholm ; - mirror.url = mirror; - }; - tv = { - origin.url = http://cgit.ni.r/stockholm; - mirror.url = mirror; - }; - lassulus = { - origin.url = http://cgit.prism/stockholm ; - mirror.url = mirror; + branches = { + makefu = { + origin.url = http://cgit.gum/stockholm ; + mirror.url = mirror; + }; + tv = { + origin.url = http://cgit.ni.r/stockhol |