summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/gum.nix5
-rw-r--r--makefu/1systems/vbob.nix13
-rw-r--r--makefu/1systems/x.nix55
-rw-r--r--makefu/2configs/audio/jack-on-pulse.nix5
-rw-r--r--makefu/2configs/audio/realtime-audio.nix2
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/deployment/dirctator.nix6
-rw-r--r--makefu/2configs/deployment/led-fader.nix1
-rw-r--r--makefu/2configs/docker.nix4
-rw-r--r--makefu/2configs/hw/exfat-nofuse.nix4
-rw-r--r--makefu/2configs/hw/stk1160.nix3
-rw-r--r--makefu/2configs/hw/tp-x230.nix3
-rw-r--r--makefu/2configs/hw/wwan.nix (renamed from makefu/2configs/wwan.nix)0
-rw-r--r--makefu/2configs/lanparty/lancache-dns.nix55
-rw-r--r--makefu/2configs/lanparty/lancache.nix74
-rw-r--r--makefu/2configs/sources/musnix.nix2
-rw-r--r--makefu/2configs/sshd-totp.nix18
-rw-r--r--makefu/2configs/task-client.nix14
-rw-r--r--makefu/2configs/tools/dev.nix3
-rw-r--r--makefu/2configs/tools/extra-gui.nix5
-rw-r--r--makefu/2configs/urlwatch.nix27
-rw-r--r--makefu/2configs/urlwatch/default.nix45
-rw-r--r--makefu/2configs/urlwatch/hook.py16
-rw-r--r--makefu/5pkgs/arduino-user-env/default.nix35
-rw-r--r--makefu/5pkgs/gen-oath-safe/default.nix37
25 files changed, 363 insertions, 71 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 519313f57..51761d3fd 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -24,7 +24,10 @@ in {
# ../2configs/disable_v6.nix
../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix
- ../2configs/urlwatch.nix
+ ../2configs/urlwatch
+
+ # Security
+ ../2configs/sshd-totp.nix
# Tools
../2configs/tools/core.nix
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 7421125e4..d8e275bf6 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -8,14 +8,23 @@
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
../2configs/main-laptop.nix #< base-gui
+ ../2configs/sshd-totp.nix
+
+ # Tools
+ ../2configs/tools/core.nix
+ ../2configs/tools/core-gui.nix
+ ../2configs/tools/dev.nix
+ ../2configs/tools/extra-gui.nix
+ ../2configs/tools/sec.nix
# environment
../2configs/tinc/retiolum.nix
+ ../2configs/audio/jack-on-pulse.nix
+ ../2configs/audio/realtime-audio.nix
+
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
- # workaround for https://github.com/NixOS/nixpkgs/issues/16641
- services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
nixpkgs.config.allowUnfree = true;
fileSystems."/nix" = {
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index ee3a7bb1b..235862e85 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -13,61 +13,56 @@ with import <stockholm/lib>;
../2configs/tools/all.nix
../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
+ ../2configs/avahi.nix
- # testing
- # ../2configs/openvpn/vpngate.nix
- #../2configs/temp/share-samba.nix
- # ../2configs/mediawiki.nix
- # ../2configs/wordpress.nix
- # ../2configs/nginx/public_html.nix
- # ../2configs/nginx/icecult.nix
-
- # ../2configs/elchos/irc-token.nix
- # ../2configs/elchos/log.nix
-
- #../2configs/elchos/search.nix
- #../2configs/elchos/stats.nix
- #../2configs/elchos/test/ftpservers.nix
-
- # ../2configs/tinc/siem.nix
- #../2configs/torrent.nix
- # temporary modules
-
- # ../2configs/torrent.nix
- #../2configs/temp/elkstack.nix
- # ../2configs/temp/sabnzbd.nix
+ # Debugging
+ # ../2configs/disable_v6.nix
+ # Testing
+ # ../2configs/lanparty/lancache.nix
+ # ../2configs/lanparty/lancache-dns.nix
+ # ../2configs/deployment/dirctator.nix
+ # ../2configs/vncserver.nix
+ # ../2configs/deployment/led-fader
+ # ../2configs/deployment/hound
# development
../2configs/sources
# Krebs
- # ../2configs/disable_v6.nix
../2configs/tinc/retiolum.nix
# applications
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
../2configs/printer.nix
+ ../2configs/task-client.nix
+
+ # Virtualization
../2configs/virtualization.nix
+ ../2configs/docker.nix
../2configs/virtualization-virtualbox.nix
- ../2configs/wwan.nix
- ../2configs/rad1o.nix
- # services
+ # Services
../2configs/git/brain-retiolum.nix
../2configs/tor.nix
../2configs/steam.nix
# ../2configs/buildbot-standalone.nix
- # hardware specifics are in here
+ # Hardware
../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix
- ../2configs/hw/stk1160.nix
+ ../2configs/hw/exfat-nofuse.nix
+ ../2configs/hw/wwan.nix
+ # ../2configs/hw/stk1160.nix
+ # ../2configs/rad1o.nix
- # mount points
+ # Filesystem
../2configs/fs/sda-crypto-root-home.nix
+ # Security
+ ../2configs/sshd-totp.nix
+
];
makefu.server.primary-itf = "wlp3s0";
@@ -76,10 +71,8 @@ with import <stockholm/lib>;
nixpkgs.config.allowUnfree = true;
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
environment.systemPackages = [ pkgs.passwdqc-utils ];
- virtualisation.docker.enable = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix
index 49b61d5a2..a8ee05c7d 100644
--- a/makefu/2configs/audio/jack-on-pulse.nix
+++ b/makefu/2configs/audio/jack-on-pulse.nix
@@ -11,7 +11,10 @@ in
package = pulse;
};
- environment.systemPackages = with pkgs; [ jack2Full ];
+ environment.systemPackages = with pkgs; [
+ jack2Full
+ jack_capture
+ ];
# from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
systemd.user.services = {
diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix
index fbeacd025..6cb18c45c 100644
--- a/makefu/2configs/audio/realtime-audio.nix
+++ b/makefu/2configs/audio/realtime-audio.nix
@@ -10,7 +10,7 @@ in
musnix.enable = true;
musnix.kernel.optimize = true;
musnix.kernel.realtime = true;
- # TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt;
+ musnix.kernel.packages = pkgs.linuxPackages_latest_rt;
users.users."${user}".extraGroups = [ "audio" ];
}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index bcd998826..0b4ef8909 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "7a7c39c"; # unstable @ 2017-05-09 + graceful requests2 + logstash5
+ ref = "06734d1"; # unstable @ 2017-07-03 + graceful requests2 (a772c3aa)
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix
index b8e61955d..4f2f8818d 100644
--- a/makefu/2configs/deployment/dirctator.nix
+++ b/makefu/2configs/deployment/dirctator.nix
@@ -25,6 +25,10 @@ in {
stdout { codec => rubydebug }
exec { command => "${runit} '%{message}" }
'';
- plugins = [ ];
+ extraSettings = ''
+ path.plugins: [ "${pkgs.logstash-output-exec}" ]
+ '';
+ ## NameError: `@path.plugins' is not allowable as an instance variable name
+ # plugins = [ pkgs.logstash-output-exec ];
};
}
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index 50023693d..678370c69 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -31,6 +31,7 @@ in {
};
# after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
diff --git a/makefu/2configs/docker.nix b/makefu/2configs/docker.nix
new file mode 100644
index 000000000..98fd980cc
--- /dev/null
+++ b/makefu/2configs/docker.nix
@@ -0,0 +1,4 @@
+{...}:
+{
+ virtualisation.docker.enable = true;
+}
diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix
new file mode 100644
index 000000000..ca3485e9f
--- /dev/null
+++ b/makefu/2configs/hw/exfat-nofuse.nix
@@ -0,0 +1,4 @@
+{ config, ... }:
+{
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+}
diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix
index b4d033d76..e73741e26 100644
--- a/makefu/2configs/hw/stk1160.nix
+++ b/makefu/2configs/hw/stk1160.nix
@@ -1,9 +1,8 @@
{ pkgs, ... }:
{
# TODO: un-pin linuxPackages somehow
- boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages_4_9;
nixpkgs.config.packageOverrides = pkgs: {
- linux_4_9 = pkgs.linux_4_9.override {
+ linux_latest = pkgs.linux_latest.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index 2de32dd94..c705b52a7 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -44,8 +44,7 @@ with import <stockholm/lib>;
'';
# enable HDMI output switching with pulseaudio
- hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
- ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"}
+ hardware.pulseaudio.extraConfig = ''
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"
'';
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/hw/wwan.nix
index 0eb0c97d7..0eb0c97d7 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/hw/wwan.nix
diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix
new file mode 100644
index 000000000..4b4ebf0a0
--- /dev/null
+++ b/makefu/2configs/lanparty/lancache-dns.nix
@@ -0,0 +1,55 @@
+{ pkgs, lib, config, ... }:
+with import <stockholm/lib>;
+let
+ # see https://github.com/zeropingheroes/lancache for full docs
+ lancache-dns = pkgs.stdenv.mkDerivation rec {
+ name = "lancache-dns-2017-06-28";
+ src = pkgs.fetchFromGitHub {
+ # forked: https://github.com/zeropingheroes/lancache-dns
+ repo = "lancache-dns";
+ owner = "zeropingheroes";
+ rev = "420aa62";
+ sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
+ };
+ phases = [ "unpackPhase" "installPhase" ];
+ # here we can chance to edit `includes/proxy-cache-paths.conf`
+ installPhase = ''
+ mkdir -p $out
+ cp -r * $out/
+ '';
+ };
+ stateDir = "/var/lib/unbound";
+ user = "unbound";
+ upstream-server = "8.8.8.8";
+in {
+ services.unbound = {
+ enable = true;
+ allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ];
+ interfaces = ["0.0.0.0" "::" ];
+ forwardAddresses = [ upstream-server ];
+ extraConfig = ''
+ include: "${stateDir}/lancache/*.conf"
+ '';
+ };
+ services.dnscrypt-proxy.enable = lib.mkForce false;
+ virtualisation.libvirtd.enable = lib.mkForce false;
+ systemd.services.dns-lancache-prepare = {
+ wantedBy = [ "unbound.service" ];
+ before = [ "unbound.service" ];
+ after = [ "network-online.target" ];
+ partOf= [ "unbound.service" ];
+
+ path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
+ script = ''
+ set -xeu
+ current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
+ old_ip=10.1.1.250
+ mkdir -p ${stateDir}
+ rm -rvf ${stateDir}/lancache
+ cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache
+ sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf
+ chown -R unbound ${stateDir}
+ '';
+ };
+ networking.firewall.allowedUDPPorts = [ 53 ];
+}
diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix
new file mode 100644
index 000000000..3df2e3f59
--- /dev/null
+++ b/makefu/2configs/lanparty/lancache.nix
@@ -0,0 +1,74 @@
+{ pkgs, lib, config, ... }:
+with import <stockholm/lib>;
+let
+ # see https://github.com/zeropingheroes/lancache for full docs
+ lancache= pkgs.stdenv.mkDerivation rec {
+ name = "lancache-2017-06-26";
+ src = pkgs.fetchFromGitHub {
+ # origin: https://github.com/multiplay/lancache
+ # forked: https://github.com/zeropingheroes/lancache
+ repo = "lancache";
+ owner = "zeropingheroes";
+ rev = "143f7bb";
+ sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6";
+ };
+ phases = [ "unpackPhase" "installPhase" ];
+ # here we can chance to edit `includes/proxy-cache-paths.conf`
+ installPhase = ''
+ mkdir -p $out
+ cp -r * $out/
+ sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \
+ -e '1 idaemon off;' \
+ $out/nginx.conf
+ '';
+ };
+ cfg = {
+ group = "nginx-lancache";
+ user = "nginx-lancache";
+ statedir = "/var/lancache";
+ package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{
+ configureFlags = old.configureFlags ++ [
+ "--with-http_slice_module"
+ "--with-stream"
+ "--with-pcre"
+ ];
+ });
+ };
+in {
+ systemd.services.nginx-lancache = {
+ description = "Nginx lancache Server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+
+ preStart = ''
+ mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
+ PATH_CACHE=$PATH_BASE/cache
+ PATH_LOGS=$PATH_BASE/logs
+
+ mkdir -p cache/{installers,tmp} logs
+ rm -f conf; ln -s ${lancache} conf
+ chown -R ${cfg.user}:${cfg.group} .
+ '';
+ serviceConfig = {
+ ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}";
+ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+ Restart = "always";
+ RestartSec = "10s";
+ StartLimitInterval = "1min";
+ };
+ };
+
+ environment.etc.nginx.source = lancache;
+ users.extraUsers = (singleton
+ { name = cfg.user;
+ group = cfg.group;
+ uid = genid cfg.group;
+ });
+
+ users.extraGroups = (singleton
+ { name = "${cfg.group}";
+ gid = genid cfg.group;
+ });
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/makefu/2configs/sources/musnix.nix b/makefu/2configs/sources/musnix.nix
index d02dd4a48..a5be303e9 100644
--- a/makefu/2configs/sources/musnix.nix
+++ b/makefu/2configs/sources/musnix.nix
@@ -1,6 +1,6 @@
{
krebs.build.source.musnix.git = {
url = https://github.com/musnix/musnix.git;
- ref = "37a8378";
+ ref = "f0ec1f3";
};
}
diff --git a/makefu/2configs/sshd-totp.nix b/makefu/2configs/sshd-totp.nix
new file mode 100644
index 000000000..f9984e245
--- /dev/null
+++ b/makefu/2configs/sshd-totp.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+# Enables second factor for ssh password login
+
+## Usage:
+# gen-oath-safe <username> totp
+## scan the qrcode with google authenticator (or FreeOTP)
+## copy last line into secrets/<host>/users.oath (chmod 700)
+{
+ security.pam.oath = {
+ # enabling it will make it a requisite of `all` services
+ # enable = true;
+ digits = 6;
+ # TODO assert existing
+ usersFile = (toString <secrets>) + "/users.oath";
+ };
+ # I want TFA only active for sshd with password-auth
+ security.pam.services.sshd.oathAuth = true;
+}
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
new file mode 100644
index 000000000..330616f4a
--- /dev/null
+++ b/makefu/2configs/task-client.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+ krebs.per-user.makefu.packages = [
+ pkgs.taskwarrior
+ ];
+
+ environment.shellAliases = {
+ tshack = "task project:shack";
+ twork = "task project:soc";
+ tpki = "task project:pki";
+ tkrebs = "task project:krebs";
+ t = "task project: ";
+ };
+}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 4fe7f8bf4..42006eb22 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -12,5 +12,8 @@
cac-api
cac-panel
ovh-zone
+ whatsupnix
+ brain
+ gen-oath-safe
];
}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 56cdccd1f..1e68e935c 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -2,13 +2,16 @@
{
krebs.per-user.makefu.packages = with pkgs;[
+ # media
gimp
inkscape
libreoffice
- saleae-logic
skype
synergy
tdesktop
virtmanager
+ # Dev
+ saleae-logic
+ arduino-user-env
];
}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
deleted file mode 100644
index 9493b2b7b..000000000
--- a/makefu/2configs/urlwatch.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, ... }:
-
-{
- krebs.urlwatch = {
- enable = true;
- mailto = config.krebs.users.makefu.mail;
- onCalendar = "*-*-* 05:00:00";
- urls = [
- ## nixpkgs maintenance
- https://api.github.com/repos/ovh/python-ovh/tags
- https://api.github.com/repos/embray/d2to1/tags
- https://api.github.com/repos/Mic92/vicious/tags
- https://pypi.python.org/simple/bepasty/
- https://pypi.python.org/simple/xstatic/
- http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
- http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
- https://github.com/amadvance/snapraid/releases.atom
- https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
- https://api.github.com/repos/embray/d2to1/tags
- https://api.github.com/repos/dorimanx/exfat-nofuse/commits
- https://api.github.com/repos/dorimanx/exfat-nofuse/tags
- https://api.github.com/repos/radare/radare2/tags
- https://api.github.com/repos/rapid7/metasploit-framework/tags
- ];
- };
-}
-
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
new file mode 100644
index 000000000..f17bcdc3a
--- /dev/null
+++ b/makefu/2configs/urlwatch/default.nix
@@ -0,0 +1,45 @@
+{ config, lib, ... }:
+
+{
+ krebs.urlwatch = {
+ enable = true;
+ mailto = config.krebs.users.makefu.mail;
+ onCalendar = "*-*-* 05:00:00";
+ hooksFile = ./hook.py;
+ urls = [
+ ## nixpkgs maintenance
+ # github
+ ## No rate limit
+ https://github.com/amadvance/snapraid/releases.atom
+ https://github.com/radare/radare2/releases.atom
+ https://github.com/ovh/python-ovh/releases.atom
+ https://github.com/embray/d2to1/releases.atom
+ https://github.com/Mic92/vicious/releases.atom
+ https://github.com/embray/d2to1/releases.atom
+ https://github.com/dorimanx/exfat-nofuse/releases.atom
+ https://github.com/rapid7/metasploit-framework/releases.atom
+ ## rate limited
+ # https://api.github.com/repos/dorimanx/exfat-nofuse/commits
+ # https://api.github.com/repos/mcepl/gen-oath-safe/commits
+ https://api.github.com/repos/naim94a/udpt/commits
+ https://api.github.com/repos/dirkvdb/ps3netsrv--/commits
+
+ # pypi
+ https://pypi.python.org/simple/bepasty/
+ https://pypi.python.org/simple/xstatic/
+ https://pypi.python.org/simple/devpi-client/
+ # weird shit
+ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
+ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
+ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
+ https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
+
+ {
+ url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ;
+ filter = "grep:Software/Linux/dymo-cups-drivers";
+ }
+ # TODO: dymo cups
+ ];
+ };
+}
+
diff --git a/makefu/2configs/urlwatch/hook.py b/makefu/2configs/urlwatch/hook.py
new file mode 100644
index 000000000..7d9282c7e
--- /dev/null
+++ b/makefu/2configs/urlwatch/hook.py
@@ -0,0 +1,16 @@
+import logging
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger()
+log.setLevel(level=logging.INFO)
+
+import re
+import json
+
+from urlwatch import filters
+
+
+class JsonFilter(filters.RegexMatchFilter):
+ MATCH = {'url': re.compile('https?://api.github.com/.*')}
+
+ def filter(self, data):
+ return json.dumps(json.loads(data),indent=2,sort_keys=True)
diff --git a/makefu/5pkgs/arduino-user-env/default.nix b/makefu/5pkgs/arduino-user-env/default.nix
new file mode 100644
index 000000000..7339c50a2
--- /dev/null
+++ b/makefu/5pkgs/arduino-user-env/default.nix
@@ -0,0 +1,35 @@
+{ lib, pkgs, ... }: let
+
+#TODO: make sure env exists prior to running
+env_nix = pkgs.writeText "env.nix" ''
+ { pkgs ? import <nixpkgs> {} }:
+
+ (pkgs.buildFHSUserEnv {
+ name = "arduino-user-env";
+ targetPkgs = pkgs: with pkgs; [
+ coreutils
+ ];
+ multiPkgs = pkgs: with pkgs; [
+ arduino
+ alsaLib
+ zlib
+ xorg.libXxf86vm
+ curl
+ openal
+ openssl_1_0_2
+ xorg.libXext
+ xorg.libX11
+ xorg.libXrandr
+ xorg.libXcursor
+ xorg.libXinerama
+ xorg.libXi
+ mesa_glu
+ ];
+ runScript = "zsh";
+ }).env
+'';
+
+
+in pkgs.writeDashBin "arduino-user-env" ''
+ nix-shell ${env_nix}
+''
diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix
new file mode 100644
index 000000000..245e65174
--- /dev/null
+++ b/makefu/5pkgs/gen-oath-safe/default.nix
@@ -0,0 +1,37 @@
+{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
+
+stdenv.mkDerivation {
+ name = "geno-oath-safe-2017-06-30";
+ src = fetchFromGitHub {
+ owner = "mcepl";
+ repo = "gen-oath-safe";
+ rev = "fb53841";
+ sha256 = "0018kqmhg0861r5xkbis2a1rx49gyn0dxcyj05wap5ms7zz69m0m";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ "fixupPhase"
+ ];
+
+ buildInputs = [ makeWrapper ];
+
+ installPhase =
+ let
+ path = stdenv.lib.makeBinPath [
+ coreutils
+ openssl
+ qrencode
+ yubikey-manager
+ libcaca
+ python
+ ];
+ in
+ ''
+ mkdir -p $out/bin
+ cp gen-oath-safe $out/bin/
+ wrapProgram $out/bin/gen-oath-safe \
+ --prefix PATH : ${path}
+ '';
+}