diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/lass/ssh/shodan.rsa | 2 | ||||
-rw-r--r-- | krebs/5pkgs/kpaste/default.nix | 5 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 3 | ||||
-rw-r--r-- | lass/2configs/default.nix | 6 | ||||
-rw-r--r-- | lass/2configs/hw/tp-x220.nix | 7 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 9 | ||||
-rw-r--r-- | lass/2configs/monitoring/client.nix | 9 | ||||
-rw-r--r-- | lass/2configs/monitoring/server.nix | 12 | ||||
-rw-r--r-- | lass/2configs/mpv.nix | 34 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/paste.nix | 27 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 29 | ||||
-rw-r--r-- | tv/2configs/default.nix | 2 | ||||
-rw-r--r-- | tv/2configs/vim.nix | 4 |
16 files changed, 95 insertions, 58 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6ab8ede56..02aacb665 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -102,6 +102,7 @@ with import <stockholm/lib>; "cgit.prism.r" "cache.prism.r" "paste.r" "paste.retiolum" + "p.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/lass/ssh/shodan.rsa b/krebs/3modules/lass/ssh/shodan.rsa index 3ee08ad41..36a8901fa 100644 --- a/krebs/3modules/lass/ssh/shodan.rsa +++ b/krebs/3modules/lass/ssh/shodan.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDH31q4qmu8dbnu5BJMEW5CAMW9xlZg5dNTREy6vHE5OofmDEzi5YTBYr543ppGYQL/PzepChGl8RKZETeU+pnqTTHgnUh3KkOnX0GmpKgDgFgDrdVwyU137P6RyOo/kLvfbzAu1bFC5Q5hUDdbd5dDAQGN23wsRQxx1EI1uMrrMbMUKxpk/x5+AZi0JfAOY4SJNYIRfnim5v9jAt1JHeOjKy3sT3/ZEaJqK8DAKEHo0/kYyizWn5M7do5bw2+WpG/gHpdtTD0NlKwFUyMzhFJh4ahDt9FtExnmDA45rAcVSsinhUmrPqPwBKEnUxle5tw3A4YRHUvqhHTo6G852iiPHE0DUlCKsDJwr+lw3DXjK+HYOdKMFC6nsh4x+SFrwg6JKCXPzeCH2w7VP5xJGlb3YS+NcvbYWRbiqJ/M2hVdn/Atxq2VUAdKnrNtNW4ZYH6yJTGOkcXkyKJzcTj5JZIvJd1DL0pI9aGWNxnmfyOVMgaKfdafBqU/PB8RPPAZH9RCVRH0g+Cnu0NoJmkwKaq0K+z+FF9eNqVpNnYnjVLsPvjLIXCn8kJl4/2mimDlOarj/I9Hs+k0/gbzx4PKUS87+rUVA4Hfz+MltzZQUGoIBQxciAgVVh7zLrMgnPWwvqHnMKAQ9nzgme3A4ew2Ocyl30+skLstr9e08VqErguYSw== lass@shodan diff --git a/krebs/5pkgs/kpaste/default.nix b/krebs/5pkgs/kpaste/default.nix new file mode 100644 index 000000000..d6823d584 --- /dev/null +++ b/krebs/5pkgs/kpaste/default.nix @@ -0,0 +1,5 @@ +{ curl, writeDashBin }: + +writeDashBin "kpaste" '' + exec ${curl}/bin/curl -sS http://p.r --data-binary @- +'' diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index a7a7f6129..e5cbacfc8 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -45,6 +45,7 @@ in { ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix ../2configs/monitoring/monit-alarms.nix + ../2configs/paste.nix { imports = [ ../2configs/bepasty.nix @@ -157,7 +158,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDiupmvj8gmiqIUTk9t4AOZ6bYvIpMMuNZULwIu/lbq8epK+FyvjRtCxqkLgFw0BfNYHzT9fxJ3kZY+nf/pnpI0j8TRwLAyPnfKuBfehrtzjdNbf1jCB9BQAaLoBHkLUFLJxskIC11nHx5KJVJvZBZZ6Odq1WIb4RZXjtEreQfvF8+YyFgHQ/epmQupKK6agHGkjtqvH+hz//dwDqHU9orj8MCWxNaa2wUgn+5laAvpLS15MQeCDIz8GJtJWToETY6bvldiLp2hIAJmgx8LIecV1h7YPR81Rk80gIk3f0PDfsLnnM6ibkI5p8NGh7nRKAdf+W90HpBIHKMRpRkMYvgL3ejVuKJZyzhYKUArA6egNRAN2d67eOpR/yKV5LjRxv+JBCOln5ynDbAmP4Hq98h+0K9Md7VavrRJzzPRTH3MPx+OKqsnRBRjhKsRFIUaO6/TBjZF4RCbbSSbvBW1u+qbTWX1MGUJNB5huL/OIBdHHcTb6GI3W4Svtgq4in2KI4COBhUJogm5UmaXRHtgqvn8byxutIsXMOTFjjdDK6r7mmOj1mzlu5wEHAV6FRsII92pf4WO2GYEUxz1ABu4HvRsVKlvYoEwwBhpXecTve6nogAiDvuxHjUX1eup3If3s4SvNirNPPUQuzNriYJ4JXiU6pGCJcBgxhl+NQ7ajxCdaw== JuiceSSH" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkmIvB8BekIE2W24+I0gnzkvkEoeulz/zQkDUVJK4oScbIvgTYmcHzQuHJyPueTm67bJCOcYaTwEDNhcR/ZvcyiCQ7Jwa5cLDTkCkcR9LQq8ry5jMNEanvTgrnBIEcwfS7jFpyFb/PRVG6hh2bPOfP+ksFplkq1BTzKt/UTaCBwVEZqi5XuFIlq/MqJg+FIjh+wyeNR5jHtqgAhVjR+YLVNXLgtVPE+dlSfbyRQHuA9FTkUj8BxxnTdwM5Sx33S61ddik1XvRn++IYqFl68fZhzyTME7t/Mvjdz8J7ew2bF2IbJrXt37yQCAOEEp9/RC5OloA7dd/5ZJjZxSzT2HnYROILsYr3S0WV4e+H2G66ZN0ftdUCYh1o5rtY7IrSes6yHsKYbpoij1IAkRkyt2XgEH5EZCk1Omx8AY3ekW1KFIEhz2DZEfnCEjPf4AGCYZ0uy4XEztxzTDkh25TVs/tym1+96qCJ1yAxwWZDbVhS/Z6aSBpsyeDRKcak8qoWVC2dEPdYuTUmwvmo3pmGn/a4UfOLNJTn0jSRjy3kSv1hYzosN4NSYZqEylFB0ABnlqoLpX3tmWtrkiKv19S+djVGxbaaYm3hjPJfds3qCWTJWPvxPPeCE8wGXVLYqOQxa5ZPYeoTwRof5YNSbj5RFYy9sDLTlHl+U4ASTHZM5S3akQ== JuiceSSH" ]; } { diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f4e4cd2cc..b747ccb39 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -64,10 +64,7 @@ with import <stockholm/lib>; ]; } { - services.dnscrypt-proxy = { - enable = true; - resolverName = "d0wn-nl-ns3"; - }; + services.dnscrypt-proxy.enable = true; networking.extraResolvconfConf = '' name_servers='127.0.0.1' ''; @@ -138,6 +135,7 @@ with import <stockholm/lib>; aria2 #neat utils + kpaste krebspaste mosh pciutils diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index 1e75271ca..9be0b6bd2 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -51,6 +51,11 @@ with import <stockholm/lib>; services.xserver.synaptics = { enable = true; - additionalOptions = ''Option "TouchpadOff" "1"''; + horizEdgeScroll = false; + horizontalScroll = false; + vertEdgeScroll = false; + maxSpeed = "0.1"; + minSpeed = "0.01"; + tapButtons = false; }; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index a08dc88da..41c7bceb2 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -113,9 +113,12 @@ let macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar ''; - mutt = pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ - ''; + mutt = pkgs.concat "mutt" [ + pkgs.neomutt + (pkgs.writeDashBin "mutt" '' + exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + '') + ]; in { environment.systemPackages = [ diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix index e2b7dcae6..b8c245215 100644 --- a/lass/2configs/monitoring/client.nix +++ b/lass/2configs/monitoring/client.nix @@ -23,13 +23,4 @@ with import <stockholm/lib>; }; }; }; - - services.journalbeat = { - enable = true; - extraConfig = '' - output.elasticsearch: - hosts: ["prism:9200"] - template.enabled: false - ''; - }; } diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index b6ccf9cc1..d1ff234ee 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -79,21 +79,9 @@ with import <stockholm/lib>; security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} }; - services.elasticsearch = { - enable = true; - listenAddress = "0.0.0.0"; - }; - - services.kibana = { - enable = true; - listenAddress = "0.0.0.0"; - }; - krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } - { predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; } - { predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; } ]; } diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 9988e788f..d9c6274db 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -2,15 +2,17 @@ let - mpv-config = pkgs.writeText "mpv-config" '' - script=${lib.concatStringsSep "," [ - good - delete - ]} - ''; - mpv = pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@" - ''; + scripts = lib.concatStringsSep "," [ + good + delete + ]; + + mpv = pkgs.concat "mpv" [ + pkgs.mpv + (pkgs.writeDashBin "mpv" '' + exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@" + '') + ]; moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' tmp_dir = "${dir}" @@ -31,20 +33,6 @@ let up = moveToDir "U" "./up"; down = moveToDir "Y" "./down"; - deleteCurrentTrack = pkgs.writeText "delete.lua" '' - deleted_tmp = "./.graveyard" - - -- Delete the current track by moving it to the `deleted_tmp` location. - function delete_current_track() - track = mp.get_property("path") - os.execute("mkdir -p '" .. deleted_tmp .. "'") - os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'") - print("'" .. track .. "' deleted.") - end - - mp.add_key_binding("D", "delete_current_track", delete_current_track) - ''; - in { krebs.per-user.lass.packages = [ mpv diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 7f6512552..24437d040 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "ade5837"; + ref = "a563923"; }; } diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix new file mode 100644 index 000000000..293691c0f --- /dev/null +++ b/lass/2configs/paste.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + services.nginx.virtualHosts.paste = { + serverAliases = [ "p.r" ]; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://localhost:9081; + ''; + }; + krebs.htgen.paste = { + port = 9081; + script = toString [ + "PATH=${makeBinPath [ + pkgs.nix + ]}:$PATH" + "STATEDIR=$HOME" + ". ${pkgs.htgen}/examples/paste" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9081"; target = "ACCEPT";} + ]; +} diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 74e508549..775bd7665 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -105,6 +105,7 @@ in { (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote "painload" "https://github.com/krebscode/painload") + (sync-remote "Reaktor" "https://github.com/krebscode/Reaktor") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index fde3f7c2b..a5c51735a 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -21,6 +21,22 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; + restartPhpfpm_o.ubikmedia = pkgs.writeDash "restartPhpfpm_o.ubikmedia.org" '' + ${pkgs.systemd}/bin/systemctl restart phpfpm-o.ubikmedia.de.service + ''; + + restartPhpfpm_o.ubikmedia_wrapper = pkgs.writeDashBin "restartPhpfpm_o.ubikmedia" '' + /run/wrappers/bin/sudo ${restartPhpfpm_o.ubikmedia} + ''; + + restartPhpfpm_ubikmedia = pkgs.writeDash "restartPhpfpm_ubikmedia.org" '' + ${pkgs.systemd}/bin/systemctl restart phpfpm-ubikmedia.de.service + ''; + + restartPhpfpm_ubikmedia_wrapper = pkgs.writeDashBin "restartPhpfpm_ubikmedia" '' + /run/wrappers/bin/sudo ${restartPhpfpm_ubikmedia} + ''; + in { imports = [ ./sqlBackup.nix @@ -116,6 +132,7 @@ in { { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "testuser@lassul.us"; to = "testuser"; } + { from = "testuser@ubikmedia.eu"; to = "testuser"; } ]; sender_domains = [ "jla-trading.com" @@ -162,5 +179,17 @@ in { useDefaultShell = true; createHome = true; }; + + #sudo restart wrappers + security.sudo.extraConfig = '' + domsen ALL= (root) NOPASSWD: ${restartPhpfpm_o.ubikmedia} + domsen ALL= (root) NOPASSWD: ${restartPhpfpm_ubikmedia} + ''; + + krebs.per-user.domsen.packages = [ + restartPhpfpm_ubikmedia_wrapper + restartPhpfpm_o.ubikmedia_wrapper + ]; + } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d17e41351..618dcdccb 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import <stockholm/lib>; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 + ref = "69d9061908162bd973fcf34d0fc6dc9d9f8cf9ed"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 8b83b0503..b534c3f42 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; let { body = { environment.systemPackages = [ - vim + vim-wrapper ]; environment.etc.vimrc.source = vimrc; @@ -297,7 +297,7 @@ let { alldirs = attrValues dirs ++ map dirOf (attrValues files); in unique (sort lessThan alldirs); - vim = pkgs.concat "vim" [ + vim-wrapper = pkgs.concat "vim" [ pkgs.vim_configurable (pkgs.writeDashBin "vim" '' set -efu |