From 4feafd70204f9c13500bd427d250fac60ca595ef Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Dec 2017 11:18:14 +0100 Subject: ma pkgs.vpn-ws: init at 0.2 --- makefu/5pkgs/vpn-ws/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/5pkgs/vpn-ws/default.nix diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix new file mode 100644 index 000000000..71573384d --- /dev/null +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -0,0 +1,30 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, openssl }: +stdenv.mkDerivation rec { + pname = "vpn-ws"; + version = "9d0e866"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "unbit"; + repo = "vpn-ws"; + rev = version; + sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; + }; + + patchPhase = '' + sed -i 's/-Werror//' Makefile + ''; + + installPhase = '' + mkdir -p $out/bin + cp vpn-ws vpn-ws-client $out/bin + ''; + + buildInputs = [ openssl.dev ]; + + meta = { + homepage = https://github.com/unbit/vpn-ws; + description = "A VPN system over websockets"; + license = lib.licenses.mit; + }; +} -- cgit v1.2.3 From 1fff5ae3724a811c6205e1e7abf5052e05412757 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:26:45 +0100 Subject: ma nginx: add vpn-ws prototype --- makefu/2configs/nginx/euer.blog.vpn.nix | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix new file mode 100644 index 000000000..b3db0bc60 --- /dev/null +++ b/makefu/2configs/nginx/euer.blog.vpn.nix @@ -0,0 +1,35 @@ +{pkgs, options, ... }: +let + pkg = pkgs.vpn-ws; + uid = "nginx"; + gid = "nginx"; + ip = "${pkgs.iproute}/bin/ip"; +in { + services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { + # TODO client auth + extraConfig = '' + uwsgi_pass unix:/run/vpn.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; + systemd.services.vpnws = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + ExecStartPre = pkgs.writeDash "vpnws-pre" '' + ${ip} link set vpnws up + ${ip} addr add 10.244.1.1/24 dev vpnws || : + ''; + ExecStart = pkgs.writeDash "vpnws-start" '' + ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock + ''; + }; + }; +} -- cgit v1.2.3 From 4d4d11a76501246e485ed73f33277ce470d32dfd Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:26:59 +0100 Subject: ma stats: add bamstats --- makefu/2configs/stats/telegraf/bamstats.nix | 35 +++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/2configs/stats/telegraf/bamstats.nix diff --git a/makefu/2configs/stats/telegraf/bamstats.nix b/makefu/2configs/stats/telegraf/bamstats.nix new file mode 100644 index 000000000..ae5301204 --- /dev/null +++ b/makefu/2configs/stats/telegraf/bamstats.nix @@ -0,0 +1,35 @@ +{ pkgs, ...}: + +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); +} -- cgit v1.2.3 From e2369d551e211c0eeb360868c2bba30564e33ca0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:27:26 +0100 Subject: ma vpn: add vpnws client and server --- makefu/2configs/nginx/euer.blog.vpn.nix | 35 --------------------------- makefu/2configs/vpn/vpnws/client.nix | 9 +++++++ makefu/2configs/vpn/vpnws/server.nix | 42 +++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 35 deletions(-) delete mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix create mode 100644 makefu/2configs/vpn/vpnws/client.nix create mode 100644 makefu/2configs/vpn/vpnws/server.nix diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix deleted file mode 100644 index b3db0bc60..000000000 --- a/makefu/2configs/nginx/euer.blog.vpn.nix +++ /dev/null @@ -1,35 +0,0 @@ -{pkgs, options, ... }: -let - pkg = pkgs.vpn-ws; - uid = "nginx"; - gid = "nginx"; - ip = "${pkgs.iproute}/bin/ip"; -in { - services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { - # TODO client auth - extraConfig = '' - uwsgi_pass unix:/run/vpn.sock; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - - networking.interfaces.vpnws = { - virtual = true; - virtualType = "tap"; - }; - systemd.services.vpnws = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - Restart = "always"; - PrivateTmp = true; - ExecStartPre = pkgs.writeDash "vpnws-pre" '' - ${ip} link set vpnws up - ${ip} addr add 10.244.1.1/24 dev vpnws || : - ''; - ExecStart = pkgs.writeDash "vpnws-start" '' - ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock - ''; - }; - }; -} diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix new file mode 100644 index 000000000..d06bc27db --- /dev/null +++ b/makefu/2configs/vpn/vpnws/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ iproute vpn-ws ]; + # vpn-ws-client vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws" + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; +} diff --git a/makefu/2configs/vpn/vpnws/server.nix b/makefu/2configs/vpn/vpnws/server.nix new file mode 100644 index 000000000..6baa5ff11 --- /dev/null +++ b/makefu/2configs/vpn/vpnws/server.nix @@ -0,0 +1,42 @@ +{pkgs, options, ... }: +let + pkg = pkgs.vpn-ws; + uid = "nginx"; + gid = "nginx"; + ip = "${pkgs.iproute}/bin/ip"; + socket = "/run/vpn.sock"; + htpasswd = (toString ) + "/vpn-ws-auth"; + nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth"; +in { + systemd.services.vpn-ws-auth-prepare = { + wantedBy = [ "multi-user.target" ]; + before = [ "nginx.service" ]; + script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}"; + }; + services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { + extraConfig = '' + auth_basic "please stand by..."; + auth_basic_user_file ${nginx-prepared-secrets}; + uwsgi_pass unix:${socket}; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; + systemd.services.vpnws = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + ExecStartPre = pkgs.writeDash "vpnws-pre" '' + ${ip} link set vpnws up + ${ip} addr add 10.244.1.1/24 dev vpnws || : + ''; + ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}"; + }; + }; +} -- cgit v1.2.3 From 96c7074c08e914a230124073ef6209bb9b888108 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:29:13 +0100 Subject: ma remote-build: update to only use hotdog --- makefu/2configs/remote-build/master.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix index 4ad2c5ed8..2a2c68119 100644 --- a/makefu/2configs/remote-build/master.nix +++ b/makefu/2configs/remote-build/master.nix @@ -8,7 +8,7 @@ in { { inherit hostName sshKey; sshUser = "nixBuild"; system = "x86_64-linux"; - maxJobs = 1; - }) [ "omo.r" "gum.r" "latte.r" ]; - # puyak.r "wbob.r" + maxJobs = 8; + }) [ "hotdog.r" ]; + # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r" } -- cgit v1.2.3 From c90f3a34934e5487c32e9424239a0040b4036e44 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Dec 2017 14:20:47 +0100 Subject: l nixpkgs: af7e479 -> ed3b1bc --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index bf992d4d2..403156000 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "af7e479"; + ref = "ed3b1bc"; }; secrets = getAttr builder { buildbot.file = toString ; -- cgit v1.2.3 From 13be61e360e769ad28fc48df20524e483cf00efc Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Dec 2017 01:24:11 +0100 Subject: eximlog: init --- krebs/5pkgs/simple/eximlog.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 krebs/5pkgs/simple/eximlog.nix diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix new file mode 100644 index 000000000..2d64e13e9 --- /dev/null +++ b/krebs/5pkgs/simple/eximlog.nix @@ -0,0 +1,28 @@ +{ jq, systemd, writeDashBin }: + +let + lib = import ; + user = "exim"; # TODO make this configurable +in + +# TODO execute eximlog only if journalctl doesn't fail +# bash's set -o pipefail isn't enough + +writeDashBin "eximlog" '' + ${systemd}/bin/journalctl \ + -u ${lib.shell.escape user} \ + -o short-unix \ + "$@" \ + | + ${jq}/bin/jq -Rr ' + # Only select lines that start with a timestamp + select(test("^[0-9]")) | + + split(" ") | + (.[0] | tonumber) as $time | + (.[3:] | join(" ")) as $message | + + "\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)" + + ' +'' -- cgit v1.2.3 From 9f37a4c4f7fff0246577d233a1497fc5a7ceb8d2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Dec 2017 01:27:07 +0100 Subject: tv exim-*: add eximlog --- tv/2configs/exim-retiolum.nix | 3 +++ tv/2configs/exim-smarthost.nix | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index bf13a388a..8b34b16cf 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -3,6 +3,9 @@ with import ; { + environment.systemPackages = [ + pkgs.eximlog + ]; krebs.exim-retiolum.enable = true; tv.iptables.input-retiolum-accept-tcp = singleton "smtp"; } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 079013c79..68fbcd151 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -3,6 +3,9 @@ with import ; { + environment.systemPackages = [ + pkgs.eximlog + ]; krebs.exim-smarthost = { enable = true; dkim = [ -- cgit v1.2.3 From 28085c8e6d37a0dd31d7627fa01d072723c4f46c Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Dec 2017 21:31:39 +0100 Subject: tv querel: add chromium with flash --- tv/1systems/querel/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 05b4d9133..07ec8e403 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -29,6 +29,7 @@ with import ; }; environment.systemPackages = with pkgs; [ + chromium firefoxWrapper gimp kate @@ -65,6 +66,8 @@ with import ; networking.networkmanager.enable = true; + nixpkgs.config.chromium.enablePepperFlash = true; + programs.ssh.startAgent = false; services.printing = { -- cgit v1.2.3 From b73b1c45e57e3bab0300f5ecbed261c6d45a5d53 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Dec 2017 21:39:14 +0100 Subject: l nixpkgs: ed3b1bc -> 53e6d67 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 403156000..de7351604 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "ed3b1bc"; + ref = "53e6d67"; }; secrets = getAttr builder { buildbot.file = toString ; -- cgit v1.2.3 From 2589f81f9a9f53ccfc40d946ca693a83f2c81900 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Dec 2017 23:20:56 +0100 Subject: x: use nixos-hardware --- makefu/1systems/x/source.nix | 2 ++ makefu/2configs/hw/tp-x230.nix | 30 +++--------------------------- makefu/2configs/hw/tp-x2x0.nix | 2 ++ makefu/source.nix | 18 +++++++++++++++++- 4 files changed, 24 insertions(+), 28 deletions(-) diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6dc17b656..6278877c3 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -1,5 +1,7 @@ import { name="x"; full = true; + python = true; + hw = true; # torrent = true; } diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 14572b35c..ec4e05d1b 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -3,38 +3,14 @@ with import ; { - imports = [ ./tp-x2x0.nix ]; - boot = { - # tp-smapi is not supported bt x230 anymore - kernelModules = [ - "kvm-intel" - "thinkpad_ec" - "acpi_call" - # "thinkpad_acpi" - # "tpm-rng" - ]; - extraModulePackages = [ - config.boot.kernelPackages.acpi_call - ]; - # support backlight adjustment - kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; - }; + imports = [ ./tp-x2x0.nix ]; # configured media keys inside awesomerc # sound.mediaKeys.enable = true; hardware.bluetooth.enable = true; - services.acpid.enable = true; - hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - services.xserver = { - videoDriver = "intel"; - deviceSection = '' - Option "AccelMethod" "sna" - Option "Backlight" "intel_backlight" - ''; - }; - - security.rngd.enable = true; + # possible i915 powersave options: + # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 81c4bf4c8..680545c99 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -17,6 +17,8 @@ with import ; # enable synaptics so we can easily disable the touchpad # enable the touchpad with `synclient TouchpadOff=0` + + services.xserver.libinput.enable = false; services.xserver.synaptics = { enable = true; additionalOptions = ''Option "TouchpadOff" "1"''; diff --git a/makefu/source.nix b/makefu/source.nix index ce5855430..2456dc76e 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -4,7 +4,9 @@ host@{ name, secure ? false, full ? false, torrent ? false, - musnix ? false + hw ? false, + musnix ? false, + python ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -45,6 +47,20 @@ in ref = "d8b989f"; }; }) + + (mkIf ( hw ) { + nixos-hardware.git = { + url = https://github.com/makefu/nixos-hardware.git; + ref = "1fef1c1"; + }; + }) + + (mkIf ( python ) { + python.git = { + url = https://github.com/garbas/nixpkgs-python; + ref = "cac319b"; + }; + }) (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString ; -- cgit v1.2.3 From 6124dfffcf321c52a7a83880ec8a1ce0183009ba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Dec 2017 06:12:07 +0100 Subject: hw/exfat-nofuse -> tools/mobility --- makefu/2configs/hw/exfat-nofuse.nix | 4 ---- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/dev.nix | 3 ++- makefu/2configs/tools/mobility.nix | 8 ++++++++ 4 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 makefu/2configs/hw/exfat-nofuse.nix create mode 100644 makefu/2configs/tools/mobility.nix diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix deleted file mode 100644 index ca3485e9f..000000000 --- a/makefu/2configs/hw/exfat-nofuse.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, ... }: -{ - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; -} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 7755e2872..1ac22e34c 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./mobility.nix ./scanner-tools.nix ./sec.nix ./sec-gui.nix diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 26e9808b2..0f8a76c29 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,8 +2,9 @@ { users.users.makefu.packages = with pkgs;[ - python3Packages.virtualenv + python3 python3Packages.pyserial + python3Packages.virtualenv # embedded gi flashrom diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix new file mode 100644 index 000000000..70d376608 --- /dev/null +++ b/makefu/2configs/tools/mobility.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + users.users.makefu.packages = with pkgs;[ + go-mtpfs + ]; + + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; +} -- cgit v1.2.3 From 04b711f516c978e84b334a82008d40dfaad1de1b Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 27 Dec 2017 15:32:02 +0100 Subject: tv nixpkgs: d0f0657 -> 53e6d67 --- tv/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/source.nix b/tv/source.nix index f3bda2715..31308fc99 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; nixpkgs.git = { # nixos-17.09 - ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; + ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { -- cgit v1.2.3 From 9d4436644115c2cc5c130d9c210c201bb506c789 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 15:10:22 +0100 Subject: ma source: use official nixos-hardware --- makefu/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 2456dc76e..fde1d9680 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -50,8 +50,8 @@ in (mkIf ( hw ) { nixos-hardware.git = { - url = https://github.com/makefu/nixos-hardware.git; - ref = "1fef1c1"; + url = https://github.com/nixos/nixos-hardware.git; + ref = "8a05dc9"; }; }) -- cgit v1.2.3 From 4cc193cffd02ca5352d47ab4772f468acb3973b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:00:14 +0100 Subject: ma hw: add kvm-intel --- makefu/2configs/hw/tp-x2x0.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 680545c99..f33c12a8f 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -5,6 +5,11 @@ with import ; imports = [ ./tpm.nix ]; + + boot.kernelModules = [ + "kvm-intel" + ]; + networking.wireless.enable = lib.mkDefault true; hardware.enableAllFirmware = true; -- cgit v1.2.3 From 4414e50bb84c307627e5c9ec71510ab907d87c62 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:00:40 +0100 Subject: ma vpn-ws: fix sha256 --- makefu/5pkgs/vpn-ws/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix index 71573384d..1f2e45fe4 100644 --- a/makefu/5pkgs/vpn-ws/default.nix +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { owner = "unbit"; repo = "vpn-ws"; rev = version; - sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; + sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj"; }; patchPhase = '' -- cgit v1.2.3 From 4ab161be0aed7598ebbc32ed95d13e979ab2dbcf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:01:57 +0100 Subject: pkgs.Reaktor: add help for shack-correct --- krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh index 3b4d04f80..d500b3cb3 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh @@ -2,5 +2,5 @@ set -eu printf "Sie meinten wohl \"" echo -n $@ | sed 's/Shack/shack/g' -echo "\"" +echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci" echo "${_from}--" -- cgit v1.2.3 From 161c810b7470727da320b617b874002f43c8fd6f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:02:32 +0100 Subject: forticlientsslvpn: use archive.org --- krebs/5pkgs/simple/fortclientsslvpn/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix index cbcfab05f..1f86d6fe4 100644 --- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix +++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix @@ -12,8 +12,8 @@ stdenv.mkDerivation rec { src = fetchurl { # archive.org mirror: - # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz - url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; + url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz; + # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; }; phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; -- cgit v1.2.3 From 14634592a67b874d3fe9b47efd0d06aca72f5e5e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:03:05 +0100 Subject: ma fileleech: retab, use torrent --- makefu/1systems/fileleech/config.nix | 75 +++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix index b5ec370a5..e36afecd5 100644 --- a/makefu/1systems/fileleech/config.nix +++ b/makefu/1systems/fileleech/config.nix @@ -6,18 +6,18 @@ let rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; rootPartition = rootDisk + "-part3"; - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; + dataDisks = let + idpart = dev: byid dev + "-part1"; + in [ + { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} + { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} + { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} + { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} + { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} + { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} + { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} + { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity + ]; disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; in { @@ -25,13 +25,13 @@ in { - # + # - - - + # + # + # ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -42,8 +42,8 @@ in { enable = true; build.host = config.krebs.hosts.fileleech; }; - # git clone https://github.com/makefu/docker-pyload - # docker build . + # git clone https://github.com/makefu/docker-pyload + # docker build . # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload virtualisation.docker.enable = true; # for pyload @@ -60,7 +60,7 @@ in { ]; services.nginx.virtualHosts._download = { default = true; - root = "/media/cryptX"; + root = config.makefu.dl-dir; extraConfig = '' autoindex on; ''; @@ -80,10 +80,11 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + # TODO use users.motd and pam.services.sshd.showMotd services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' Services: - ssh://download@fileleech - ssh via filebitch.shack - ftp://download@fileleech - access to /media/cryptX + ssh://download@fileleech - ssh via filebitch + ftp://download@fileleech - access to ${config.makefu.dl-dir} http://fileleech:8112 - rutorrent http://fileleech:8113 - pyload https://fileleech:9090 - sabnzb @@ -104,13 +105,13 @@ in { cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // cryptMount "crypt4" + // cryptMount "crypt5" + // cryptMount "crypt6" + // cryptMount "crypt7" # this entry sometimes creates issues // { "/media/cryptX" = { @@ -121,10 +122,10 @@ in { } ; + makefu.dl-dir = "/media/cryptX"; users.users.download = { useDefaultShell = true; # name = "download"; - home = "/media/cryptX/"; # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey @@ -132,7 +133,7 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch" ]; }; @@ -142,15 +143,19 @@ in { parity = toMapper 7; }; networking.nameservers = [ "8.8.8.8" ]; - #networking.interfaces.enp6s0f0.ip4 = [{ - # address = "151.217.173.20"; - # prefixLength = 22; - #}]; - #networking.defaultGateway = "151.217.172.1"; + # SPF + networking.defaultGateway = "151.217.176.1"; + networking.interfaces.enp6s0f0.ip4 = [{ + address = "151.217.178.63"; + prefixLength = 22; + }]; + + # Gigabit networking.interfaces.enp8s0f1.ip4 = [{ address = "192.168.126.1"; prefixLength = 24; }]; + #interfaces.enp6s0f1.ip4 = [{ # address = external-ip; # prefixLength = 22; -- cgit v1.2.3 From 6f150a4ab47f037c1b8ec5e8d1675d86b0738155 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:03:38 +0100 Subject: ma gum.r: use wireguard, vpnws --- makefu/1systems/gum/config.nix | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b66ef1ab8..4981872c0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,9 +48,14 @@ in { # - + + # network + + + + # buildbot ## Web @@ -103,15 +108,16 @@ in { #} { # wireguard server networking.firewall.allowedUDPPorts = [ 51820 ]; - #networking.wireguard.interfaces.wg0 = { - # ips = [ "10.244.0.1/24" ]; - # privateKeyFile = (toString ) + "/wireguard.key"; - # allowedIPsAsRoutes = true; - # peers = [{ - # allowedIPs = [ "0.0.0.0/0" "::/0" ]; - # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - # }]; - #}; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + }]; + }; } ]; -- cgit v1.2.3 From 040f6f9f5c7808ea188444f15a704818f94624f7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:04:47 +0100 Subject: ma vbob.r: prepare pppd --- makefu/1systems/vbob/config.nix | 64 ++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 23 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f71634501..f318c0e61 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -3,37 +3,57 @@ krebs.build.host = config.krebs.hosts.vbob; makefu.awesome.modkey = "Mod1"; imports = - [ # Include the results of the hardware scan. + [ - (toString ) - (toString ) + { + imports = [ ]; + boot.loader.grub.device = "/dev/vda"; + } + # { + # imports = [ + # + # ]; + # virtualbox.baseImageSize = 35 * 1024; + # fileSystems."/media/share" = { + # fsType = "vboxsf"; + # device = "share"; + # options = [ "rw" "uid=9001" "gid=9001" ]; + # }; + # } + + # { + # imports = [ + # + # ]; + # fileSystems."/nix" = { + # device ="/dev/disk/by-label/nixstore"; + # fsType = "ext4"; + # }; + # } + + # base gui - + # + # + + # security # Tools - - - + # + # # environment - - - ]; networking.extraHosts = import (toString ); nixpkgs.config.allowUnfree = true; - fileSystems."/nix" = { - device ="/dev/disk/by-label/nixstore"; - fsType = "ext4"; - }; # allow vbob to deploy self users.extraUsers = { @@ -45,9 +65,13 @@ environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; }; - # TODO: for forticleintsslpn - # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd - # ln -s /r/current-system/sw/bin/tail /usr/bin/tail + + system.activationScripts.prepare-fortclientvpnssl = '' + # TODO: for forticlientsslpn + mkdir -p /usr/{s,}bin + ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd + ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail + ''; environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get @@ -55,7 +79,6 @@ # docker #devpi-web #devpi-client - debmirror ansible ]; # virtualisation.docker.enable = true; @@ -67,10 +90,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; - }; } -- cgit v1.2.3 From a7e031c91c65928452b2ba426bfcb22be238262d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:05:12 +0100 Subject: ma vbob.source: do not deploy musnix --- makefu/1systems/vbob/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix index 5b726e40b..5419215e2 100644 --- a/makefu/1systems/vbob/source.nix +++ b/makefu/1systems/vbob/source.nix @@ -1,4 +1,4 @@ import { name="vbob"; - musnix = true; + # musnix = true; } -- cgit v1.2.3 From 555a0ec0f368b5b594446096c7e9b93f6926f7a6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:05:39 +0100 Subject: ma wbob.r: receive bamstats --- makefu/1systems/wbob/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index c30ee4c58..f44211b93 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,10 +32,13 @@ in { + # Sensors + # + (let collectd-port = 25826; -- cgit v1.2.3 From 5af2f438441c46bc508a038303b6e36946f7f5d4 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:06:49 +0100 Subject: ma stats.airsensor: generate Topic receiver --- makefu/2configs/stats/telegraf/airsensor.nix | 36 +++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix index 09d23e7d4..9d481000f 100644 --- a/makefu/2configs/stats/telegraf/airsensor.nix +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -1,11 +1,36 @@ { pkgs, ...}: - -{ +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { services.udev.extraRules = '' SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" ''; users.users.telegraf.extraGroups = [ "input" ]; - services.telegraf.extraConfig.inputs.exec = [ + services.telegraf.extraConfig.inputs.exec = [ { commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; timeout = "10s"; @@ -16,4 +41,9 @@ tags.unit="VOC"; } ]; + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); } -- cgit v1.2.3 From ce8efbc80bc05f27f55ea87be2d826134afec6fd Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:10:07 +0100 Subject: ma torrent: set workDir instead of downloadDir --- makefu/2configs/torrent.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index d063ad3e3..a076479c2 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -8,13 +8,13 @@ let peer-port = 51412; web-port = 8112; daemon-port = 58846; - dl-dir = config.makefu.dl-dir; + torrent-dir = config.makefu.dl-dir; in { users.users = { download = { name = "download"; - home = dl-dir; + home = torrent-dir; uid = mkDefault (genid "download"); createHome = true; useDefaultShell = true; @@ -26,9 +26,9 @@ in { # todo: race condition, do this after download user has been created system.activationScripts."download-dir-chmod" = '' for i in finished watch torrents; do - mkdir -p "${dl-dir}/$i" - chown download:download "${dl-dir}/$i" - chmod 770 "${dl-dir}/$i" + mkdir -p "${torrent-dir}/$i" + chown download:download "${torrent-dir}/$i" + chmod 770 "${torrent-dir}/$i" done ''; @@ -54,9 +54,8 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = dl-dir + "/finished"; + workDir = torrent-dir; # dump old torrents into watch folder to have them re-added - watchDir = dl-dir +"/watch"; }; networking.firewall.extraCommands = '' -- cgit v1.2.3 From b7954ebe00060a93191253d40ad5869e65b50966 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Dec 2017 00:12:37 +0100 Subject: ma mosh: init --- makefu/1systems/gum/config.nix | 1 + makefu/1systems/omo/config.nix | 1 + makefu/2configs/mosh.nix | 3 +++ makefu/2configs/tools/mobility.nix | 1 + 4 files changed, 6 insertions(+) create mode 100644 makefu/2configs/mosh.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 4981872c0..1fe0b62f9 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,6 +48,7 @@ in { # + # network diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4af87dc10..aaecebadc 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -47,6 +47,7 @@ in { + # # # diff --git a/makefu/2configs/mosh.nix b/makefu/2configs/mosh.nix new file mode 100644 index 000000000..1c2e34e0b --- /dev/null +++ b/makefu/2configs/mosh.nix @@ -0,0 +1,3 @@ +{ + programs.mosh.enable = true; +} diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 70d376608..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -2,6 +2,7 @@ { users.users.makefu.packages = with pkgs;[ go-mtpfs + mosh ]; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; -- cgit v1.2.3 From a6891271f1bfd3b130dedec51961288f37853420 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Dec 2017 02:44:11 +0100 Subject: ma tools: add tig --- makefu/2configs/tools/dev.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 0f8a76c29..04a65df26 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,5 +21,7 @@ gen-oath-safe cdrtools stockholm + # git-related + tig ]; } -- cgit v1.2.3 From dd817f9e26ee2aeae839dddc73b869d218a337cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Dec 2017 15:27:06 +0100 Subject: l nixpkgs: 53e6d67 -> 3aec59c --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index de7351604..473dd2cf2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "53e6d67"; + ref = "3aec59c"; }; secrets = getAttr builder { buildbot.file = toString ; -- cgit v1.2.3 From 181bd547f370848df1a49f886355e6fe8853c02f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 30 Dec 2017 14:11:43 +0100 Subject: ma x.r: remove exfat-nofuse --- makefu/1systems/x/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1dd1a070f..3686acb6e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,6 @@ with import ; # Hardware - # # -- cgit v1.2.3 From a1a2ab22950e3217a4a0496b3ae350de861e595e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:37:32 +0100 Subject: hw x220: force rngd off --- krebs/2configs/hw/x220.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 44743b87d..09b10fcbb 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -23,7 +23,7 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = true; + security.rngd.enable = mkForce true; services.xserver = { videoDriver = "intel"; -- cgit v1.2.3 From 9babbab936696b12ee850274529492a57cff523b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:39:22 +0100 Subject: init bitlbee-discord --- krebs/5pkgs/simple/bitlbee-discord/default.nix | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 krebs/5pkgs/simple/bitlbee-discord/default.nix diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix new file mode 100644 index 000000000..da6a58801 --- /dev/null +++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix @@ -0,0 +1,29 @@ +{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoconf, automake, libtool, pkgconfig, glib }: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "bitlbee-discord-2017-12-27"; + + src = fetchFromGitHub { + rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; + owner = "sm00th"; + repo = "bitlbee-discord"; + sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ bitlbee autoconf automake libtool glib ]; + + preConfigure = '' + export BITLBEE_PLUGINDIR=$out/lib/bitlbee + ./autogen.sh + ''; + + meta = { + description = "Bitlbee plugin for Discord"; + + homepage = https://github.com/sm00th/bitlbee-discord; + license = licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} -- cgit v1.2.3 From f53dac60601ee2d10731e859f09f541342979b82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:40:30 +0100 Subject: l bitlbee: add more plugins --- lass/2configs/bitlbee.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index b23628dc5..e7be0a61c 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -7,6 +7,8 @@ plugins = [ pkgs.bitlbee-facebook pkgs.bitlbee-steam + pkgs.bitlbee-discord ]; + libpurple_plugins = [ pkgs.telegram-purple ]; }; } -- cgit v1.2.3 From 91e13324ec4d16f15ab2f4113802752f0cb4d7e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:42:01 +0100 Subject: l weechat: add service --- lass/2configs/weechat.nix | 52 ++++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index d5496ac09..b94cb0634 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,12 +1,24 @@ +with (import ); { config, lib, pkgs, ... }: let - inherit (import ) genid; + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - ]; users.extraUsers.chat = { home = "/home/chat"; @@ -24,24 +36,22 @@ in { # mosh krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} ]; - #systemd.services.chat = { - # description = "chat environment setup"; - # after = [ "network.target" ]; - # wantedBy = [ "multi-user.target" ]; + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; - # path = with pkgs; [ - # weechat - # tmux - # ]; + restartIfChanged = false; - # restartIfChanged = true; - - # serviceConfig = { - # User = "chat"; - # Restart = "always"; - # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat"; - # }; - #}; + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; } -- cgit v1.2.3 From 5ff41af39e8ce98b8ba9f3e4f3f76bffda7e096d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:43:36 +0100 Subject: l news: default ircServer is localhost --- lass/3modules/news.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix index 06b80df8d..b6061736c 100644 --- a/lass/3modules/news.nix +++ b/lass/3modules/news.nix @@ -38,7 +38,7 @@ let }; ircServer = mkOption { type = types.str; - default = "echelon.r"; + default = "localhost"; description = "to which server the bot should connect"; }; }; -- cgit v1.2.3 From 448746ebbc7c8c0258fe88185f32b94c7fcc728d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:44:20 +0100 Subject: l: force timesyncd off --- lass/2configs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 0e00dc2fd..c68aee330 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: with import ; +{ config, pkgs, ... }: { imports = [ ../2configs/binary-cache/client.nix @@ -78,7 +78,7 @@ with import ; users.mutableUsers = false; - services.timesyncd.enable = true; + services.timesyncd.enable = mkForce true; #why is this on in the first place? services.nscd.enable = false; -- cgit v1.2.3 From ae028952a605666e2e7f1c7c063381c775a42df3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:45:43 +0100 Subject: l: enable ssh-agent --- lass/1systems/helios/config.nix | 2 -- lass/2configs/baseX.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 8bd9735a9..fc30a3478 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -120,8 +120,6 @@ with import ; ]; }; - programs.ssh.startAgent = lib.mkForce true; - services.tlp.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 6f5533b0d..59ea0ecb7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,7 +53,7 @@ in { time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; + programs.ssh.startAgent = true; services.openssh.forwardX11 = true; services.printing = { -- cgit v1.2.3 From e66f702fc62331a1c06169179929bf2510d41604 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:47:21 +0100 Subject: l mails: add more aliases --- lass/2configs/exim-smarthost.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 2d848773f..94191fcb7 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -49,6 +49,11 @@ with import ; { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } { from = "payeer@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "bitwala@lassul.us"; to = lass.mail; } + { from = "bitstamp@lassul.us"; to = lass.mail; } + { from = "bitcoin.de@lassul.us"; to = lass.mail; } + { from = "ableton@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 9084e063938558e31c1e4342c7a3352d7db3b955 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:48:02 +0100 Subject: l xmonad: float pinentry --- lass/5pkgs/xmonad-lass.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index d3f76903d..2dd352bd4 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -66,7 +66,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -80,6 +80,14 @@ myLayoutHook = defLayout where defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) +floatHooks = composeAll . concat $ + [ [ title =? t --> doFloat | t <- myTitleFloats] + , [ className =? c --> doFloat | c <- myClassFloats ] ] + where + myTitleFloats = [] -- for the KDE "open link" popup from konsole + myClassFloats = ["Pinentry"] -- for gpg passphrase entry + + myKeyMap :: [([Char], X ())] myKeyMap = [ ("M4-", spawn "${config.lass.screenlock.command}") -- cgit v1.2.3 From efb159a059e9bf1652ccfc86a81f5bbe5785814a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:49:09 +0100 Subject: l vim: save x-ed text in clipboard again --- lass/2configs/vim.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f6c736fbc..5fe9e1450 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -103,7 +103,6 @@ let cnoreabbrev Ack Ack! " copy/paste from/to xclipboard - noremap x "_x set clipboard=unnamedplus ''; -- cgit v1.2.3 From 8bee3a7b1a463665bc69f25d3d119ef2b5c587d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:49:38 +0100 Subject: l reaktor-coders: add sed-plugin --- lass/2configs/reaktor-coders.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 61cc7cfe0..f9cf0d96a 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -21,6 +21,7 @@ with import ; -XFlexibleInstances -XMultiParamTypeClasses \ -XOverloadedStrings -XFunctionalDependencies \''; in [ + sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P.*)$$"; -- cgit v1.2.3 From d5a69ce257d44c804d1edb679e5667eae6a71853 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:52:18 +0100 Subject: l: merge bitlbee and weechat into IM.nix --- lass/1systems/prism/config.nix | 3 +-- lass/2configs/IM.nix | 57 ++++++++++++++++++++++++++++++++++++++++++ lass/2configs/bitlbee.nix | 14 ----------- lass/2configs/weechat.nix | 57 ------------------------------------------ 4 files changed, 58 insertions(+), 73 deletions(-) create mode 100644 lass/2configs/IM.nix delete mode 100644 lass/2configs/bitlbee.nix delete mode 100644 lass/2configs/weechat.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1cca76331..593a1fc9c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -234,8 +234,7 @@ in { } - - + diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix new file mode 100644 index 000000000..b94cb0634 --- /dev/null +++ b/lass/2configs/IM.nix @@ -0,0 +1,57 @@ +with (import ); +{ config, lib, pkgs, ... }: + +let + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; +in { + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-android.pubkey + ]; + }; + + # mosh + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} + ]; + + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; +} diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix deleted file mode 100644 index e7be0a61c..000000000 --- a/lass/2configs/bitlbee.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - pkgs.bitlbee-discord - ]; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; -} diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix deleted file mode 100644 index b94cb0634..000000000 --- a/lass/2configs/weechat.nix +++ /dev/null @@ -1,57 +0,0 @@ -with (import ); -{ config, lib, pkgs, ... }: - -let - tmux = pkgs.writeDash "tmux" '' - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g prefix ` - unbind-key C-b - bind ` send-prefix - - set-option -g status off - set-option -g default-terminal screen-256color - - #use session instead of windows - bind-key c new-session - bind-key p switch-client -p - bind-key n switch-client -n - bind-key C-s switch-client -l - ''} "$@" - ''; -in { - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-android.pubkey - ]; - }; - - # mosh - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} - ]; - - systemd.services.chat = { - description = "chat environment setup"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = false; - - serviceConfig = { - User = "chat"; - RemainAfterExit = true; - Type = "oneshot"; - ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; - ExecStop = "${tmux} kill-session -t IM"; - }; - }; -} -- cgit v1.2.3 From 073c2a9cb18725f82e45c9e74e51fdea17c73fa3 Mon Sep 17 00:00:00 2001 From: