diff options
30 files changed, 219 insertions, 98 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f336c966f..d24cea1a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./htgen.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e226a9060..e00c0ec9b 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -21,10 +21,9 @@ let OnCalendar = "*:00,10,20,30,40,50"; }; }; - # TODO find a better default stateDir stateDir = mkOption { type = types.str; - default = "$HOME/wallpaper"; + default = "/var/lib/wallpaper"; }; display = mkOption { type = types.str; @@ -52,27 +51,35 @@ let mkdir -p ${cfg.stateDir} cd ${cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale wallpaper + feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper ''; imp = { - systemd.user.timers.fetchWallpaper = { + users.users.fetchWallpaper = { + name = "fetchWallpaper"; + uid = genid "fetchWallpaper"; + description = "fetchWallpaper user"; + home = cfg.stateDir; + createHome = true; + }; + + systemd.timers.fetchWallpaper = { description = "fetch wallpaper timer"; wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; - systemd.user.services.fetchWallpaper = { + systemd.services.fetchWallpaper = { description = "fetch wallpaper"; - wantedBy = [ "default.target" ]; + after = [ "network.target" ]; path = with pkgs; [ curl feh - coreutils ]; environment = { + URL = cfg.url; DISPLAY = cfg.display; }; restartIfChanged = true; @@ -80,6 +87,7 @@ let serviceConfig = { Type = "simple"; ExecStart = fetchWallpaperScript; + User = "fetchWallpaper"; }; unitConfig = cfg.unitConfig; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix new file mode 100644 index 000000000..0dddca6c8 --- /dev/null +++ b/krebs/3modules/htgen.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.htgen; + + out = { + options.krebs.htgen = api; + config = imp; + }; + + api = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "krebs.htgen-${config.name}"; + + name = mkOption { + type = types.username; + default = config._module.args.name; + }; + + port = mkOption { + type = types.uint; + }; + + script = mkOption { + type = types.str; + }; + user = mkOption { + type = types.user; + default = { + name = "htgen-${config.name}"; + home = "/var/lib/htgen-${config.name}"; + }; + }; + }; + })); + }; + imp = { + + systemd.services = mapAttrs' (name: htgen: + nameValuePair "htgen-${name}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + HTGEN_PORT = toString htgen.port; + HTGEN_SCRIPT = htgen.script; + }; + serviceConfig = { + SyslogIdentifier = "htgen"; + User = htgen.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = "${pkgs.htgen}/bin/htgen --serve"; + }; + } + ) cfg; + + users.users = mapAttrs' (name: htgen: + nameValuePair htgen.user.name { + inherit (htgen.user) home name uid; + createHome = true; + } + ) cfg; + + }; +in out diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 09b493c20..d64ed86de 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -68,8 +68,8 @@ let networking.firewall.enable = false; systemd.services.krebs-iptables = { - description = "krebs-iptables"; - wantedBy = [ "network-pre.target" ]; + wantedBy = [ "sysinit.target" ]; + wants = [ "network-pre.target" ]; before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; @@ -85,6 +85,8 @@ let Restart = "always"; ExecStart = startScript; }; + + unitConfig.DefaultDependencies = false; }; }; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d44c322aa..3f00f30c2 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -224,8 +224,8 @@ with import <stockholm/lib>; internet = { ip4.addr = "188.68.36.196"; aliases = [ - "cgit.ni.i" "ni.i" + "cgit.ni.i" ]; ssh.port = 11423; }; @@ -360,8 +360,8 @@ with import <stockholm/lib>; gg23 = { ip4.addr = "10.23.1.38"; aliases = [ - "cache.xu.gg23" "xu.gg23" + "cache.xu.gg23" ]; ssh.port = 11423; }; diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix new file mode 100644 index 000000000..f9dfeb3d1 --- /dev/null +++ b/krebs/5pkgs/htgen/default.nix @@ -0,0 +1,28 @@ +{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: +with import <stockholm/lib>; +let + version = "1.1"; +in stdenv.mkDerivation { + name = "htgen-${version}"; + + src = fetchgit { + url = "http://cgit.krebsco.de/htgen"; + rev = "refs/tags/v${version}"; + sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z"; + }; + + installPhase = '' + mkdir -p $out/bin + { + echo '#! ${bash}/bin/bash' + echo 'export PATH=${makeBinPath [ + ucspi-tcp + coreutils + gnused + ]}''${PATH+":$PATH"}' + cat htgen + } > $out/bin/htgen + chmod +x $out/bin/htgen + cp -r examples $out + ''; +} diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index dd7616a05..8c6676d0e 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" '' diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 223e16bae..534d65162 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -86,6 +86,10 @@ with import <stockholm/lib>; pkgs.krebszones ]; } + { + #ps vita stuff + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + } ]; krebs.build.host = config.krebs.hosts.mors; @@ -180,8 +184,6 @@ with import <stockholm/lib>; ''; environment.systemPackages = with pkgs; [ - exfat - acronym cac-api sshpass diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index a3c6d0f28..c2bc3f3cd 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -9,7 +9,10 @@ with import <stockholm/lib>; with import <stockholm/lib>; let secKey = import <secrets/bepasty-secret.nix>; - ext-dom = "paste.lassul.us" ; + ext-doms = [ + "paste.lassul.us" + "paste.krebsco.de" + ]; in { services.nginx.enable = mkDefault true; @@ -25,16 +28,15 @@ in { defaultPermissions = "admin,list,create,read,delete"; secretKey = secKey; }; - - "${ext-dom}" = { - nginx = { - enableSSL = true; - forceSSL = true; - enableACME = true; - }; - defaultPermissions = "read"; - secretKey = secKey; + } // + genAttrs ext-doms (ext-dom: { + nginx = { + enableSSL = true; + forceSSL = true; + enableACME = true; }; - }; + defaultPermissions = "read"; + secretKey = secKey; + }); }; } diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 0616c4025..b255254f2 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -9,7 +9,7 @@ let ${pkgs.copyq}/bin/copyq config activate_closes true ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard ${pkgs.copyq}/bin/copyq config disable_tray true ${pkgs.copyq}/bin/copyq config hide_tabs true ${pkgs.copyq}/bin/copyq config hide_toolbar true @@ -19,10 +19,9 @@ let ${pkgs.copyq}/bin/copyq config text_wrap true ''; in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; + systemd.services.copyq = { + wantedBy = [ "multi-user.target" ]; + requires = [ "display-manager.service" ]; environment = { DISPLAY = ":0"; }; @@ -33,6 +32,7 @@ in { Restart = "always"; RestartSec = "2s"; StartLimitBurst = 0; + User = "lass"; }; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 96f70d312..f4e4cd2cc 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -64,7 +64,10 @@ with import <stockholm/lib>; ]; } { - services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy = { + enable = true; + resolverName = "d0wn-nl-ns3"; + }; networking.extraResolvconfConf = '' name_servers='127.0.0.1' ''; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 3e1b2c6e3..be08d0ec1 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -32,10 +32,13 @@ let public-repos = mapAttrs make-public-repo { stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; + cgit.section = "configuration"; }; - kimsufi-check = {}; } // mapAttrs make-public-repo-silent { - the_playlist = {}; + the_playlist = { + cgit.desc = "Good Music collection + tools"; + cgit.section = "art"; + }; }; restricted-repos = mapAttrs make-restricted-repo ( @@ -58,7 +61,7 @@ let server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" "newest" ]; + branches = [ "master" ]; }; }; }; diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index a28a6a5d2..f63e5ea53 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -36,5 +36,12 @@ with import <stockholm/lib>; { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } ]; - systemd.services.krebs-iptables.after = [ "libvirtd.service" ]; + # TODO use bridge interfaces instead of this crap + systemd.services.libvirtd.serviceConfig.ExecStartPost = let + restart-iptables = pkgs.writeDash "restart-iptables" '' + #soo hacky + ${pkgs.coreutils}/bin/sleep 1s + ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + ''; + in restart-iptables; } diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index 0296101ac..69e04a05b 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -3,6 +3,7 @@ with import <stockholm/lib>; { + security.hideProcessInformation = true; nixpkgs.config.packageOverrides = super: { htop = pkgs.concat "htop" [ super.htop diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e4b319528..a08dc88da 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -66,7 +66,6 @@ let # notmuch bindings macro index \\\\ "<vfolder-from-query>" # looks up a hand made query - macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred @@ -75,9 +74,25 @@ let bind index d noop bind pager d noop + bind index S noop + bind index s noop bind pager S noop + bind pager s noop macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail + macro index s "<modify-labels>-junk\n" # tag as Junk mail macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail + macro pager s "<modify-labels>-junk\n" # tag as Junk mail + + + bind index A noop + bind index a noop + bind pager A noop + bind pager a noop + macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived + macro index a "<modify-labels>-archive\n" # tag as Archived + macro pager A "<modify-labels>+archive -unread -inbox\n" # tag as Archived + macro pager a "<modify-labels>-archive\n" # tag as Archived + bind index t noop bind pager t noop diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index fc347ba3c..513ee1bd0 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -325,12 +325,10 @@ in { (pkgs.concat "mc" [ pkgs.mc (pkgs.writeDashBin "mc" '' - export MC_DATADIR=${pkgs.concat "mc-datadir" [ - (pkgs.writeOut "mc-ext" { + export MC_DATADIR=${pkgs.writeOut "mc-ext" { "/mc.ext".link = mcExt; "/sfs.ini".text = ""; - }) - ]} + }}; export TERM=xterm-256color exec ${pkgs.mc}/bin/mc -S xoria256 "$@" '') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a6409b7db..7f6512552 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "c0ecd31"; + ref = "ade5837"; }; } diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index f22bf451a..c7bdb525d 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -26,7 +26,7 @@ in { lowerLimit = 0; charging = false; action = pkgs.writeDash "suspend-wrapper" '' - /var/setuid-wrappers/sudo ${suspend} + /run/wrappers/bin/sudo ${suspend} ''; }; user = "lass"; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index dfea637ed..74e508549 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -10,6 +10,7 @@ let public = true; name = mkDefault "${name}"; cgit.desc = mkDefault "mirror for ${name}"; + cgit.section = mkDefault "mirror"; hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index daecdcd2f..fde3f7c2b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -120,6 +120,7 @@ in { sender_domains = [ "jla-trading.com" "ubikmedia.eu" + "ubikmedia.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 35dbe2044..b5e721483 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -36,9 +36,10 @@ let ''; in { - systemd.user.services.xresources = { + systemd.services.xresources = { description = "xresources"; - wantedBy = [ "default.target" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "display-manager.service" ]; environment = { DISPLAY = ":0"; @@ -50,6 +51,7 @@ in { Type = "simple"; ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; Restart = "on-failure"; + User = "lass"; }; }; } diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index ce3c63f28..b0b822780 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -32,7 +32,17 @@ in security = import <secrets/grafana_security.nix>; }; - nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ]; + nix = { + binaryCaches = [ + "http://localhost:3142/nixos" + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + }; networking = { firewall.enable = false; diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix index 004ea5942..637a26e3c 100644 --- a/shared/2configs/repo-sync.nix +++ b/shared/2configs/repo-sync.nix @@ -23,7 +23,8 @@ with lib; }; }; latest = { - mirror.url = mirror; + url = mirror; + ref = "heads/master"; }; }; }; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 4cde8b903..328e71fdc 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -19,12 +19,6 @@ with import <stockholm/lib>; ../2configs/xserver { environment.systemPackages = with pkgs; [ - - # stockholm - gnumake - hashPassword - parallel - # root cryptsetup diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 4b8fe8da2..8cf6146b5 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -20,23 +20,6 @@ with import <stockholm/lib>; { environment.systemPackages = with pkgs; [ - # stockholm - gnumake - hashPassword - #haskellPackages.lentil - parallel - (pkgs.writeBashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') # root cryptsetup diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 194ac2928..b1b2d58ce 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -25,24 +25,6 @@ with import <stockholm/lib>; { environment.systemPackages = with pkgs; [ - # stockholm - gnumake - hashPassword - haskellPackages.lentil - parallel - (pkgs.writeBashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - # root cryptsetup diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index e170156a4..d17e41351 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -38,6 +38,8 @@ with import <stockholm/lib>; # stockholm dependencies environment.systemPackages = with pkgs; [ git + gnumake + hashPassword populate ]; } @@ -152,6 +154,7 @@ with import <stockholm/lib>; { environment.systemPackages = [ pkgs.get + pkgs.krebspaste pkgs.krebszones pkgs.nix-prefetch-scripts pkgs.push diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index cc3bdf95d..816dce78d 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -13,7 +13,7 @@ with import <stockholm/lib>; "shackspace.de" "viljetic.de" ]; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [ config.krebs.hosts.nomic config.krebs.hosts.wu config.krebs.hosts.xu diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 1ffafe9c9..8b83b0503 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -297,14 +297,18 @@ let { alldirs = attrValues dirs ++ map dirOf (attrValues files); in unique (sort lessThan alldirs); - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - if test $# = 0 && test -e "$PWD/.ctrlpignore"; then - set -- +CtrlP - fi - exec ${pkgs.vim}/bin/vim "$@" - ''; + vim = pkgs.concat "vim" [ + pkgs.vim_configurable + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + if test $# = 0 && test -e "$PWD/.ctrlpignore"; then + set -- +CtrlP + fi + # vim-orgmode needs Python, thus vim_configurable instead of just vim + exec ${pkgs.vim_configurable}/bin/vim "$@" + '') + ]; vimrc = pkgs.writeText "vimrc" '' set nocompatible diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 803ed6fbf..56861dc74 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -57,8 +57,8 @@ let { networking.firewall.enable = false; systemd.services.tv-iptables = { - description = "tv-iptables"; - wantedBy = [ "network-pre.target" ]; + wantedBy = [ "sysinit.target" ]; + wants = [ "network-pre.target" ]; before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; @@ -79,6 +79,8 @@ let { ip6tables-restore < ${rules 6} ''; }; + + unitConfig.DefaultDependencies = false; }; }; |