diff options
| -rw-r--r-- | krebs/3modules/lass/default.nix | 8 | ||||
| -rw-r--r-- | lass/1systems/daedalus/config.nix | 3 | ||||
| -rw-r--r-- | lass/1systems/helios/config.nix | 9 | ||||
| -rw-r--r-- | lass/1systems/mors/config.nix | 34 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 7 | ||||
| -rw-r--r-- | lass/2configs/baseX.nix | 23 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/dns-stuff.nix | 9 | ||||
| -rw-r--r-- | lass/2configs/mail.nix | 7 | ||||
| -rw-r--r-- | lass/2configs/vim.nix | 5 | ||||
| -rw-r--r-- | lass/2configs/xresources.nix | 6 | ||||
| -rw-r--r-- | lass/5pkgs/xmonad-lass.nix | 12 | ||||
| -rw-r--r-- | lass/source.nix | 2 | ||||
| -rw-r--r-- | lib/types.nix | 26 | ||||
| -rw-r--r-- | tv/1systems/mu/config.nix | 3 | ||||
| -rw-r--r-- | tv/2configs/default.nix | 6 | ||||
| -rw-r--r-- | tv/2configs/urlwatch.nix | 2 | ||||
| -rw-r--r-- | tv/3modules/ejabberd/default.nix | 46 |
18 files changed, 164 insertions, 45 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 534eac716..3e03e71cb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -437,8 +437,14 @@ with import <stockholm/lib>; ip4.addr = "129.215.90.4"; aliases = [ "eddie.i" ]; }; - retiolum = { + retiolum = rec { via = internet; + addrs = [ + # edinburgh university + "129.215.0.0/16" + ip4.addr + ip6.addr + ]; ip4.addr = "10.243.29.170"; ip6.addr = "42:4992:6a6d:700::1"; aliases = [ "eddie.r" ]; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index e1bce5da8..7b90ebb63 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -9,6 +9,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/steam.nix> { # bubsy config users.users.bubsy = { @@ -34,6 +36,7 @@ with import <stockholm/lib>; hexchat networkmanagerapplet libreoffice + audacity ]; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index a94bbd3e9..6db6f8fd1 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -45,7 +45,9 @@ with import <stockholm/lib>; { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; - lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; + lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; + lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; + lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; } { #TAPIR, AGATIS, sentral, a3 - foo services.redis.enable = true; @@ -97,6 +99,11 @@ with import <stockholm/lib>; services.tlp.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.xrandrHeads = [ + { output = "DP-0.8"; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; } + { output = "DP-2"; primary = true; } + ]; security.pki.certificateFiles = [ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 8b90cce77..610bfef8e 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -157,4 +157,38 @@ with import <stockholm/lib>; krebs.repo-sync.timerConfig = { OnCalendar = "00:37"; }; + + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export PATH=${makeBinPath [ + pkgs.bash + pkgs.coreutils + pkgs.nix + (pkgs.writeDashBin "is-git-crypt-locked" '' + magic=$(dd status=none if="$1" skip=1 bs=1 count=8) + test "$magic" = GITCRYPT + '') + ]} + cd ~/stockholm + export SYSTEM="$1" + if is-git-crypt-locked ~/secrets/ready; then + echo 'secrets are crypted' >&2 + exit 23 + else + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + fi + ''; + predeploy = pkgs.writeDash "predeploy" '' + set -eu + export PATH=${makeBinPath [ + pkgs.bash + pkgs.coreutils + pkgs.nix + ]} + cd ~/stockholm + export SYSTEM="$1" + exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' + ''; + }; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eadda5270..30d5c8dab 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -265,6 +265,13 @@ in { alias /var/realwallpaper/realwallpaper.png; ''; } + { + services.minecraft-server.enable = true; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } + { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index f6390ce4d..9d4ad8c6a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -28,9 +28,19 @@ in { ''; } { #font magic - options.lass.myFont = mkOption { - type = types.str; - default = "-schumacher-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + options.lass.fonts = { + regular = mkOption { + type = types.str; + default = "xft:Hack-Regular:pixelsize=11,xft:Symbola"; + }; + bold = mkOption { + type = types.str; + default = "xft:Hack-Bold:pixelsize=11,xft:Symbola"; + }; + italic = mkOption { + type = types.str; + default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol"; + }; }; } ]; @@ -82,8 +92,11 @@ in { termite ]; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc + fonts.fonts = with pkgs; [ + hack-font + hasklig + symbola + xlibs.fontschumachermisc ]; services.xserver = { diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e96f4dc7e..f745dc4a1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -119,6 +119,7 @@ with import <stockholm/lib>; aria2 #neat utils + file kpaste krebspaste mosh diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix index 0c96e6e91..e305145f5 100644 --- a/lass/2configs/dns-stuff.nix +++ b/lass/2configs/dns-stuff.nix @@ -4,7 +4,12 @@ with import <stockholm/lib>; services.dnscrypt-proxy = { enable = true; localAddress = "127.1.0.1"; - resolverName = "cs-de"; + customResolver = { + address = config.krebs.hosts.gum.nets.internet.ip4.addr; + port = 15251; + name = "2.dnscrypt-cert.euer.krebsco.de"; + key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; + }; }; services.dnsmasq = { enable = true; @@ -17,8 +22,6 @@ with import <stockholm/lib>; all-servers dnssec trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 - address=/blog/127.0.0.1 - address=/blog/::1 rebind-domain-ok=/onion/ server=/.onion/127.0.0.1#9053 port=53 diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 7a9881186..91127f737 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -74,12 +74,9 @@ let virtual-mailboxes \ "Unread" "notmuch://?query=tag:unread"\ "INBOX" "notmuch://?query=tag:inbox \ - and NOT tag:killed \ - and NOT to:shackspace \ - and NOT to:c-base \ - and NOT from:security-alert@hpe.com \ and NOT to:nix-devel\ - and NOT to:radio"\ + and NOT to:shackspace\ + and NOT to:c-base" \ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 71c3aaada..698344b09 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -97,10 +97,13 @@ let noremap <esc>[b <nop> | noremap! <esc>[b <nop> noremap <esc>[c <nop> | noremap! <esc>[c <nop> noremap <esc>[d <nop> | noremap! <esc>[d <nop> - vnoremap u <nop> + + let g:ackprg = 'ag --vimgrep' + cnoreabbrev Ack Ack! ''; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ack-vim pkgs.vimPlugins.Gundo pkgs.vimPlugins.Syntastic pkgs.vimPlugins.undotree diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index adbcd353d..a3c54f3a1 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -8,8 +8,10 @@ let URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt*SaveLines: 4096 - URxvt*font: ${config.lass.myFont} - URxvt*boldFont: ${config.lass.myFont} + + URxvt.font: ${config.lass.fonts.regular} + URxvt.boldFont: ${config.lass.fonts.bold} + URxvt.italicFont: ${config.lass.fonts.italic} ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index b86ce358e..997b60b8f 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -48,11 +48,11 @@ import XMonad.Layout.SimpleFloat (simpleFloat) import XMonad.Stockholm.Shutdown -urxvtcPath :: FilePath -urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" +myTerm :: FilePath +myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" myFont :: String -myFont = "${config.lass.myFont}" +myFont = "${config.lass.fonts.regular}" main :: IO () main = getArgs >>= \case @@ -64,7 +64,7 @@ mainNoArgs = do xmonad' $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def - { terminal = urxvtcPath + { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook , logHook = updatePointer (0.25, 0.25) (0.25, 0.25) @@ -115,8 +115,8 @@ myKeyMap = , ("M4-S-<Backspace>", removeEmptyWorkspace) , ("M4-S-c", kill1) , ("M4-<Esc>", toggleWS) - , ("M4-S-<Enter>", spawn urxvtcPath) - , ("M4-x", floatNext True >> spawn urxvtcPath) + , ("M4-S-<Enter>", spawn myTerm) + , ("M4-x", floatNext True >> spawn myTerm) , ("M4-c", floatNext True >> spawn "${pkgs.termite}/bin/termite") , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) diff --git a/lass/source.nix b/lass/source.nix index e0af7d83c..fc24b7e87 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "1987983"; + ref = "2231575"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/lib/types.nix b/lib/types.nix index 70570a6b3..08dc0974e 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -92,7 +92,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf addr; + type = listOf cidr; default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -109,7 +109,7 @@ rec { type = addr4; }; prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) + type = cidr4; } // optionalAttrs (config.name == "retiolum") { default = "10.243.0.0/16"; }); @@ -125,7 +125,7 @@ rec { apply = lib.normalize-ip6-addr; }; prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) + type = cidr6; } // optionalAttrs (config.name == "retiolum") { default = "42::/16"; }); @@ -364,6 +364,26 @@ rec { merge = mergeOneOption; }; + cidr = either cidr4 cidr6; + cidr4 = mkOptionType { + name = "CIDRv4 address"; + check = let + CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in + concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?"; + in + test CIDRv4address; + merge = mergeOneOption; + }; + cidr6 = mkOptionType { + name = "CIDRv6 address"; + check = let + # TODO check IPv6 address harder + CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?"; + in + test CIDRv6address; + merge = mergeOneOption; + }; + binary-cache-pubkey = str; pgp-pubkey = str; diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 501200c1f..10d7b2197 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -52,9 +52,6 @@ with import <stockholm/lib>; networking.networkmanager.enable = true; environment.systemPackages = with pkgs; [ - (pkgs.kdeApplications.callPackage - (import <nixpkgs/pkgs/applications/kde/kde-locale-5.nix> "de" {}) - {}) chromium firefoxWrapper gimp diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 9ad0253a3..f418b9ff0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -80,6 +80,12 @@ with import <stockholm/lib>; dmesg = "dmesg -L --reltime"; view = "vim -R"; + deploy = pkgs.writeDash "deploy" '' + set -eu + cd ~/stockholm + export SYSTEM="$1" + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + ''; reload = "systemctl reload"; restart = "systemctl restart"; start = "systemctl start"; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 5779240ba..515f8996f 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -31,7 +31,7 @@ with import <stockholm/lib>; ## other - https://nixos.org/channels/nixos-17.03/git-revision + https://nixos.org/channels/nixos-17.09/git-revision https://nixos.org/channels/nixos-unstable/git-revision ## 2014-10-17 diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index d7b8deb7e..e99b94ff9 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -34,18 +34,24 @@ in { hosts = mkOption { type = with types; listOf str; }; - pkgs.ejabberdctl = mkOption { + pkgs.ejabberd = mkOption { type = types.package; - default = pkgs.writeDashBin "ejabberdctl" '' - exec ${pkgs.ejabberd}/bin/ejabberdctl \ - --config ${toFile "ejabberd.yaml" (import ./config.nix { - inherit pkgs; - config = cfg; - })} \ - --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ - "$@" - ''; + default = pkgs.symlinkJoin { + name = "ejabberd-wrapper"; + paths = [ + (pkgs.writeDashBin "ejabberdctl" '' + exec ${pkgs.ejabberd}/bin/ejabberdctl \ + --config ${toFile "ejabberd.yaml" (import ./config.nix { + inherit pkgs; + config = cfg; + })} \ + --logs ${shell.escape cfg.user.home} \ + --spool ${shell.escape cfg.user.home} \ + "$@" + '') + pkgs.ejabberd + ]; + }; }; registration_watchers = mkOption { type = types.listOf types.str; @@ -66,7 +72,21 @@ in { }; }; config = lib.mkIf cfg.enable { - environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + environment.systemPackages = [ + (pkgs.symlinkJoin { + name = "ejabberd-sudo-wrapper"; + paths = [ + (pkgs.writeDashBin "ejabberdctl" '' + set -efu + cd ${shell.escape cfg.user.home} + exec /run/wrappers/bin/sudo \ + -u ${shell.escape cfg.user.name} \ + ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@" + '') + cfg.pkgs.ejabberd + ]; + }) + ]; krebs.secret.files = { ejabberd-certfile = cfg.certfile; @@ -79,7 +99,7 @@ in { after = [ "network.target" "secret.service" ]; serviceConfig = { ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}"; - ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground"; + ExecStart = "${cfg.pkgs.ejabberd}/bin/ejabberdctl foreground"; PermissionsStartOnly = true; SyslogIdentifier = "ejabberd"; User = cfg.user.name; |