From 3f04bdd19a877020aa6713f166c8aeb756739b7f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:53:48 +0200 Subject: ma mqtt: be more insecure --- makefu/2configs/mqtt.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index c56521812..8b77df962 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -5,6 +5,9 @@ host = "0.0.0.0"; users = {}; # TODO: secure that shit + aclExtraConf = '' + pattern readwrite /# + ''; allowAnonymous = true; }; } -- cgit v1.3.1 From 1a42b74ddd167037c337ec91ad05ba9d044124af Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:54:04 +0200 Subject: ma backup/ssh: add wbob --- makefu/2configs/backup/ssh/wbob.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/2configs/backup/ssh/wbob.pub diff --git a/makefu/2configs/backup/ssh/wbob.pub b/makefu/2configs/backup/ssh/wbob.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/wbob.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x -- cgit v1.3.1 From 98d0dc01af77fa29fe6a1e23369d11e5b7ac7d8d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:54:37 +0200 Subject: ma bureautomation: add thierry --- makefu/2configs/bureautomation/hass.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 02465520c..ace1d10ce 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -146,6 +146,7 @@ in { "device_tracker.ecki_tablet" "device_tracker.daniel_phone" "device_tracker.carsten_phone" + "device_tracker.thierry_phone" # "person.thorsten" # "person.felix" # "person.ecki" -- cgit v1.3.1 From afed4c7e2d31fe5e1200033f4903da12798a3466 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:55:00 +0200 Subject: ma taskd: define dataDir as state --- makefu/2configs/taskd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix index 5ca3b9904..122ad66a7 100644 --- a/makefu/2configs/taskd.nix +++ b/makefu/2configs/taskd.nix @@ -1,5 +1,6 @@ {config, ... }: { + state = [ config.services.taskserver.dataDir ]; services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; services.taskserver.listenHost = "::"; -- cgit v1.3.1 From 6067519d8d12af2b9dc9f8abfd2a86206effd4e4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:55:28 +0200 Subject: ma task-client: remove shell-aliases --- makefu/2configs/task-client.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix index 470193d6c..1fdddb9b1 100644 --- a/makefu/2configs/task-client.nix +++ b/makefu/2configs/task-client.nix @@ -4,11 +4,4 @@ pkgs.taskwarrior ]; - environment.shellAliases = { - tshack = "task project:shack"; - twork = "task project:soc"; - tpki = "task project:pki"; - tkrebs = "task project:krebs"; - t = "task project: "; - }; } -- cgit v1.3.1 From 6f82bc0e459db88bc9a671565e43aee504dd0e8f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:56:04 +0200 Subject: ma zsh.nix: manually load direnv --- makefu/2configs/home-manager/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 267a2e878..d24969ef0 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -25,12 +25,12 @@ then [ -d .direnv ] || mkdir .direnv local tmp=$(nix-shell --show-trace "$@" \ - --run "\"$direnv\" dump bash") + --run "\"$direnv\" dump zsh") echo "$tmp" > "$cache" fi local path_backup=$PATH term_backup=$TERM - direnv_load cat "$cache" + . "$cache" export PATH=$PATH:$path_backup TERM=$term_backup -- cgit v1.3.1 From 795ba0b57fec8fd5c7ce732a8d478c7cada762f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:56:33 +0200 Subject: ma pkgs.prison-break: bump to 1.0.1 --- krebs/5pkgs/simple/prison-break/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/prison-break/default.nix b/krebs/5pkgs/simple/prison-break/default.nix index 051a46184..8c7fc65c3 100644 --- a/krebs/5pkgs/simple/prison-break/default.nix +++ b/krebs/5pkgs/simple/prison-break/default.nix @@ -3,12 +3,12 @@ with pkgs.python3.pkgs; buildPythonPackage rec { pname = "prison-break"; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "makefu"; repo = pname; - rev = "1.0.0"; - sha256 = "0ab42z6qr42vz4fc077irn9ykrrylagx1dzlw8dqcanf49dxd961"; + rev = version; + sha256 = "1q9bw1hbz0cayclixplyc85kaq05mg6n2zz8mbydljvknidd4p6a"; }; propagatedBuildInputs = [ docopt -- cgit v1.3.1 From 28f095aa0940166b6628882b539d55cdabff9828 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:57:29 +0200 Subject: ma stats/arafetch: use latest version --- makefu/2configs/stats/arafetch.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index c16629cc5..6ab9d3774 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -2,7 +2,7 @@ with import ; let pkg = with pkgs.python3Packages;buildPythonPackage rec { - rev = "762d747"; + rev = "775d0c2"; name = "arafetch-${rev}"; propagatedBuildInputs = [ requests @@ -13,7 +13,7 @@ let src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/arafetch"; inherit rev; - sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + sha256 = "0z35avn7vmbd1661ca1zkc9i4lwcm03kpwgiqxddpkp1yxhl548p"; }; }; home = "/var/lib/arafetch"; @@ -34,7 +34,7 @@ in { path = [ pkg pkgs.git pkgs.wget ]; serviceConfig = { User = "arafetch"; - Restart = "always"; + # Restart = "always"; WorkingDirectory = home; PrivateTmp = true; ExecStart = pkgs.writeDash "start-weekrun" '' -- cgit v1.3.1 From 4ee6d7e34e0d5546ab2d74a26a6e64edc85e43e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:58:28 +0200 Subject: ma vim: disable languageClient again --- makefu/2configs/editor/vim.nix | 1 - makefu/2configs/editor/vimrc | 11 ----------- 2 files changed, 12 deletions(-) diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index 8a58e44de..d14a611b4 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -23,7 +23,6 @@ in { vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" # "YouCompleteMe" - "LanguageClient-neovim" "vim-better-whitespace" ]; } # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index 96c505ba8..8cdab55db 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -96,14 +96,3 @@ augroup Binary au BufWritePost *.bin if &bin | %!xxd au BufWritePost *.bin set nomod | endif augroup END - -let g:LanguageClient_serverCommands = { -\ 'python': ['pyls'] -\ } -nnoremap :call LanguageClient_contextMenu() -nnoremap gh :call LanguageClient_textDocument_hover() -nnoremap gd :call LanguageClient_textDocument_definition() -nnoremap gr :call LanguageClient_textDocument_references() -nnoremap gs :call LanguageClient_textDocument_documentSymbol() -nnoremap :call LanguageClient_textDocument_rename() -nnoremap gf :call LanguageClient_textDocument_formatting() -- cgit v1.3.1 From f6a0f6bfd274927bfaafdc411f93827ebf029358 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:58:51 +0200 Subject: ma fs: more documentation --- makefu/2configs/fs/sda-crypto-root-home.nix | 26 +++++++++++++++++++++++++- makefu/2configs/fs/sda-crypto-root.nix | 3 +-- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index e790ed6a8..4f0cf8c6b 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -8,7 +8,31 @@ # / (main-root) # /home (main-home) -with import ; +# clean the boot sector: +# dd if=/dev/zero of=/dev/sda count=2048 +# Installation Instruction on ISO: +# fdisk /dev/sda + # boot 500M + # rest rest +# cryptsetup luksFormat /dev/sda2 +# mkfs.ext4 -L nixboot /dev/sda1 +# cryptsetup luksOpen /dev/sda2 cryptoluks +# pvcreate /dev/mapper/cryptoluks +# vgcreate main /dev/mapper/cryptoluks +# lvcreate -L 200Gib main -n root +# lvcreate -L 800Gib main -n home +# mkfs.ext4 /dev/main/root +# mkfs.ext4 /dev/main/home +# mount /dev/mapper/main-root /mnt +# mkdir -p /mnt/{boot,home,var/src} /var/src +# mount /dev/sda1 /mnt/boot +# mount /dev/mapper/main-home /mnt/home +# touch /mnt/var/src/.populate +# mount -o bind /mnt/var/src /var/src +# nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs && # nix-channel --update +# nix-env -iA nixpkgs.gitMinimal +# (on deploy-host) $(nix-build ~/stockholm/makefu/krops.nix --no-out-link --argstr name x --argstr target 10.42.22.91 -A deploy --show-trace) +# NIXOS_CONFIG=/var/src/nixos-config nixos-install -I /var/src --no-root-passwd --no-channel-copy { imports = [ diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index 55cfd74f5..e49843cfe 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -9,8 +9,7 @@ # boot 500M # rest rest # cryptsetup luksFormat /dev/sda2 -# -with import ; +# mkfs.ext4 -L nixboot /dev/sda1 { boot = { loader.grub.enable = true; -- cgit v1.3.1 From da44703a861c56e954cb350ec65b87b30b6e4ace Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 13:59:13 +0200 Subject: ma printer: cups as state dir --- makefu/2configs/printer.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 0889ebbc1..d297483b2 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -32,4 +32,5 @@ in { tcp 192.168.1.5 ''; #home printer SCX-3205W }; + state = [ "/var/lib/cups" ]; } -- cgit v1.3.1 From 8de1b7553ced70a449655024fbcbad431ab0a1ca Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 May 2019 14:00:01 +0200 Subject: ma mail.euer: use new mailserver release, set state --- makefu/2configs/mail/mail.euer.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix index f8f82e76b..d27b888a7 100644 --- a/makefu/2configs/mail/mail.euer.nix +++ b/makefu/2configs/mail/mail.euer.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { imports = [ - (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz") + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz") ]; mailserver = { @@ -32,8 +32,12 @@ }; services.dovecot2.extraConfig = '' - ssl_dh = Date: Wed, 8 May 2019 22:34:01 +0200 Subject: ma pkgs.pico2wave: init --- makefu/5pkgs/pico2wave/default.nix | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 makefu/5pkgs/pico2wave/default.nix diff --git a/makefu/5pkgs/pico2wave/default.nix b/makefu/5pkgs/pico2wave/default.nix new file mode 100644 index 000000000..5302e8bf3 --- /dev/null +++ b/makefu/5pkgs/pico2wave/default.nix @@ -0,0 +1,44 @@ +{ stdenv, lib, fetchurl +, popt +, libredirect +, dpkg +, makeWrapper +, autoPatchelfHook +, ... +}: +# https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=svox-pico-bin +let + pkgrel="8"; + _arch = "amd64"; +in +stdenv.mkDerivation rec { + name = "pico2wave"; # svox-pico-bin + version = "1.0+git20130326"; + srcs = [ + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico0_${version}-${pkgrel}_${_arch}.deb"; sha256 = "0b8r7r8by5kamnm960bsicimnj1a40ghy3475nzy1jvwj5xgqhrj"; }) + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-dev_${version}-${pkgrel}_${_arch}.deb"; sha256 = "1knjiwi117h02nbf7k6ll080vl65gxwx3rpj0fq5xkvxbqpjjbvz"; }) + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-data_${version}-${pkgrel}_all.deb"; sha256 = "0k0x5jh5qzzasrg766pfmls3ksj18wwdbssysvpxkq98aqg4fgmx"; }) + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-utils_${version}-${pkgrel}_${_arch}.deb"; sha256 = "11yk25fh4n7qz4xjg0dri68ygc3aapj1bk9cvhcwkfvm46j5lrjv"; }) + ] ; + + nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook ]; + + dontBuild = true; + + buildInputs = [ popt ]; + + unpackPhase = lib.concatMapStringsSep ";" (src: "dpkg-deb -x ${src} .") srcs; + + installPhase = '' + mkdir -p $out + cp -r usr/. $out/ + + mv $out/lib/*-linux-gnu/* $out/lib/ + rmdir $out/lib/*-linux-gnu + + wrapProgram "$out/bin/pico2wave" \ + --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS /usr/share/pico/lang=$out/share/pico/lang + ''; + +} -- cgit v1.3.1 From c07c0412418e3979e609fd5200a34dd1830e9334 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 May 2019 08:42:23 +0200 Subject: prison-break: finish move from makefu to krebs namespace --- makefu/2configs/hw/network-manager.nix | 5 ++++- makefu/2configs/nur.nix | 6 +++--- makefu/5pkgs/default.nix | 1 + 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index d7b262b91..e781c7ed1 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -1,4 +1,7 @@ { pkgs, lib, ... }: +let + prison-break = pkgs.callPackage ../../../krebs/5pkgs/simple/prison-break {}; +in { users.users.makefu = { extraGroups = [ "networkmanager" ]; @@ -31,6 +34,6 @@ "/etc/NetworkManager/system-connections" #NM stateful config files ]; networking.networkmanager.dispatcherScripts = [ - { source = "${pkgs.prison-break}/bin/prison-break"; } + { source = "${prison-break}/bin/prison-break"; } ]; } diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix index dda00063a..3cb4981e0 100644 --- a/makefu/2configs/nur.nix +++ b/makefu/2configs/nur.nix @@ -1,7 +1,7 @@ { pkgs, ... }:{ nixpkgs.config.packageOverrides = pkgs: { - nur = pkgs.callPackage (import (builtins.fetchGit { - url = "https://github.com/nix-community/NUR"; - })) {}; + nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { + inherit pkgs; + }; }; } diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 1ae10459f..a3c489ccc 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -40,6 +40,7 @@ in { qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; + prison-break = abort "`prison-break` moved from this namespace to `nur.repos.krebs.prison-break`"; } // (mapAttrs (_: flip callPackage {}) -- cgit v1.3.1 From 8f87254a2aa47630bc711c34a6322a974c6c040f Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 May 2019 21:03:36 +0200 Subject: puyak.r: allow access from raute and ulrich --- krebs/1systems/puyak/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 67257eacd..af11c6944 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -73,6 +73,13 @@ system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan ''; + + # to access vorstand vm + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey + ]; + users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.3.1 From b65e9c07628aab89478ca634ae682ea7d07d338c Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 11 May 2019 11:34:15 +0200 Subject: pkgs.prison-break: 1.0.1 -> 1.2.0 --- krebs/5pkgs/simple/prison-break/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/prison-break/default.nix b/krebs/5pkgs/simple/prison-break/default.nix index 8c7fc65c3..672e0b3a0 100644 --- a/krebs/5pkgs/simple/prison-break/default.nix +++ b/krebs/5pkgs/simple/prison-break/default.nix @@ -3,12 +3,12 @@ with pkgs.python3.pkgs; buildPythonPackage rec { pname = "prison-break"; - version = "1.0.1"; + version = "1.2.0"; src = fetchFromGitHub { owner = "makefu"; repo = pname; rev = version; - sha256 = "1q9bw1hbz0cayclixplyc85kaq05mg6n2zz8mbydljvknidd4p6a"; + sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9"; }; propagatedBuildInputs = [ docopt -- cgit v1.3.1 From 135dc5297ab71045a1f58e053c4584f694988146 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 May 2019 09:18:08 +0200 Subject: ma pkgs.prison-break: move back to own namespace, use nur.repos.makefu.prison-break for krebs --- krebs/5pkgs/default.nix | 1 + krebs/5pkgs/simple/prison-break/default.nix | 20 -------------------- .../5pkgs/simple/prison-break/straight-plugin.nix | 22 ---------------------- makefu/5pkgs/prison-break/default.nix | 20 ++++++++++++++++++++ makefu/5pkgs/prison-break/straight-plugin.nix | 22 ++++++++++++++++++++++ 5 files changed, 43 insertions(+), 42 deletions(-) delete mode 100644 krebs/5pkgs/simple/prison-break/default.nix delete mode 100644 krebs/5pkgs/simple/prison-break/straight-plugin.nix create mode 100644 makefu/5pkgs/prison-break/default.nix create mode 100644 makefu/5pkgs/prison-break/straight-plugin.nix diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 4cdaedebf..3cb471c77 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -16,6 +16,7 @@ foldl' mergeAttrs {} reaktor2 = self.haskellPackages.reaktor2; ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; + prison-break = nur.repos.makefu.prison-break; # https://github.com/proot-me/PRoot/issues/106 proot = self.writeDashBin "proot" '' diff --git a/krebs/5pkgs/simple/prison-break/default.nix b/krebs/5pkgs/simple/prison-break/default.nix deleted file mode 100644 index 672e0b3a0..000000000 --- a/krebs/5pkgs/simple/prison-break/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{pkgs, fetchFromGitHub}: -with pkgs.python3.pkgs; - -buildPythonPackage rec { - pname = "prison-break"; - version = "1.2.0"; - src = fetchFromGitHub { - owner = "makefu"; - repo = pname; - rev = version; - sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9"; - }; - propagatedBuildInputs = [ - docopt - requests - beautifulsoup4 - (callPackage ./straight-plugin.nix {}) - ]; - checkInputs = [ black ]; -} diff --git a/krebs/5pkgs/simple/prison-break/straight-plugin.nix b/krebs/5pkgs/simple/prison-break/straight-plugin.nix deleted file mode 100644 index 606c60b5d..000000000 --- a/krebs/5pkgs/simple/prison-break/straight-plugin.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -}: - -buildPythonPackage rec { - pname = "straight-plugin"; - version = "1.5.0"; - - src = fetchPypi { - pname = "straight.plugin"; - inherit version; - sha256 = "818a7641068932ed6436d0af0a3bb77bbbde29df0a7142c8bd1a249e7c2f0d38"; - }; - - meta = with lib; { - description = "A simple namespaced plugin facility"; - homepage = https://github.com/ironfroggy/straight.plugin; - license = licenses.mit; - maintainers = [ maintainers.makefu ]; - }; -} diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix new file mode 100644 index 000000000..672e0b3a0 --- /dev/null +++ b/makefu/5pkgs/prison-break/default.nix @@ -0,0 +1,20 @@ +{pkgs, fetchFromGitHub}: +with pkgs.python3.pkgs; + +buildPythonPackage rec { + pname = "prison-break"; + version = "1.2.0"; + src = fetchFromGitHub { + owner = "makefu"; + repo = pname; + rev = version; + sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9"; + }; + propagatedBuildInputs = [ + docopt + requests + beautifulsoup4 + (callPackage ./straight-plugin.nix {}) + ]; + checkInputs = [ black ]; +} diff --git a/makefu/5pkgs/prison-break/straight-plugin.nix b/makefu/5pkgs/prison-break/straight-plugin.nix new file mode 100644 index 000000000..606c60b5d --- /dev/null +++ b/makefu/5pkgs/prison-break/straight-plugin.nix @@ -0,0 +1,22 @@ +{ lib +, buildPythonPackage +, fetchPypi +}: + +buildPythonPackage rec { + pname = "straight-plugin"; + version = "1.5.0"; + + src = fetchPypi { + pname = "straight.plugin"; + inherit version; + sha256 = "818a7641068932ed6436d0af0a3bb77bbbde29df0a7142c8bd1a249e7c2f0d38"; + }; + + meta = with lib; { + description = "A simple namespaced plugin facility"; + homepage = https://github.com/ironfroggy/straight.plugin; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; +} -- cgit v1.3.1 From 1340e3fb77beaf1d35d21bd885ce3673a84307a7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 May 2019 09:30:48 +0200 Subject: ma network-manager: use prison-break from pkgs --- makefu/2configs/hw/network-manager.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index e781c7ed1..d7b262b91 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -1,7 +1,4 @@ { pkgs, lib, ... }: -let - prison-break = pkgs.callPackage ../../../krebs/5pkgs/simple/prison-break {}; -in { users.users.makefu = { extraGroups = [ "networkmanager" ]; @@ -34,6 +31,6 @@ in "/etc/NetworkManager/system-connections" #NM stateful config files ]; networking.networkmanager.dispatcherScripts = [ - { source = "${prison-break}/bin/prison-break"; } + { source = "${pkgs.prison-break}/bin/prison-break"; } ]; } -- cgit v1.3.1 From 66ade66c5d1932ebac8aa73d9078c73599da8cde Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 May 2019 20:34:20 +0200 Subject: pkgs.prison-break: drop from krebs namespace --- krebs/5pkgs/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 3cb471c77..4cdaedebf 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -16,7 +16,6 @@ foldl' mergeAttrs {} reaktor2 = self.haskellPackages.reaktor2; ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; - prison-break = nur.repos.makefu.prison-break; # https://github.com/proot-me/PRoot/issues/106 proot = self.writeDashBin "proot" '' -- cgit v1.3.1 From f541eae020a229b99afe531139be246f8aecb695 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 15 May 2019 16:06:44 +0200 Subject: external/hosts: add horisa host of ulrich which weirdly is in the krebs/retiolum repo, but not in our hosts --- krebs/3modules/external/default.nix | 14 ++++++++++++++ krebs/3modules/external/tinc/horisa.pub | 8 ++++++++ 2 files changed, 22 insertions(+) create mode 100644 krebs/3modules/external/tinc/horisa.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 9bfc920a3..080c259aa 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -167,6 +167,20 @@ in { }; }; }; + horisa = { + cores = 2; + owner = config.krebs.users.ulrich; # main laptop + nets = { + retiolum = { + ip4.addr = "10.243.226.213"; + ip6.addr = "42:0:e644:9099:4f8:b9aa:3856:4e85"; + aliases = [ + "horisa.r" + ]; + tinc.pubkey = tinc-for "horisa"; + }; + }; + }; idontcare = { owner = config.krebs.users.Mic92; nets = rec { diff --git a/krebs/3modules/external/tinc/horisa.pub b/krebs/3modules/external/tinc/horisa.pub new file mode 100644 index 000000000..06d686ce3 --- /dev/null +++ b/krebs/3modules/external/tinc/horisa.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40 +Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn +XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT ++EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP +sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo +M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB +-----END RSA PUBLIC KEY----- -- cgit v1.3.1 From 4630d10b3151f689247c0e8e7488917ee6313c7f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 12:50:48 +0200 Subject: github-hosts-sync: import 1.0.0 from painload --- krebs/5pkgs/simple/github-hosts-sync/default.nix | 4 +- .../5pkgs/simple/github-hosts-sync/src/hosts-sync | 66 ++++++++++++++++++++++ 2 files changed, 68 insertions(+), 2 deletions(-) create mode 100755 krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix index cdfed468c..8caa5e1ef 100644 --- a/krebs/5pkgs/simple/github-hosts-sync/default.nix +++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix @@ -3,7 +3,7 @@ stdenv.mkDerivation { name = "github-hosts-sync"; - src = pkgs.painload; + src = ./src; phases = [ "unpackPhase" @@ -29,7 +29,7 @@ stdenv.mkDerivation { sed \ 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \ - < ./retiolum/scripts/github_hosts_sync/hosts-sync \ + < hosts-sync \ > $out/bin/github-hosts-sync chmod +x $out/bin/github-hosts-sync diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync new file mode 100755 index 000000000..f36c700d8 --- /dev/null +++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync @@ -0,0 +1,66 @@ +#! /bin/sh +# TODO do_work should retry until success +set -euf + +port=${port-1028} +local_painload=$HOME/painload +remote_painload="https://github.com/krebscode/painload" +local_hosts=$HOME/hosts +remote_hosts="git@github.com:krebscode/hosts.git" + +main() { + ensure_local_painload + ensure_local_hosts + is_worker && do_work || become_server +} + +ensure_local_painload() { + test -d "$local_painload" || git clone "$remote_painload" "$local_painload" +} + +ensure_local_hosts() { + test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts" +} + +become_server() { + exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0" +} + +is_worker() { + test "${SOCAT_SOCKPORT-}" = "$port" +} + +do_work() { + # read request + req_line="$(read line && echo "$line")" + req_hdrs="$(sed -n '/^\r$/q;p')" + + set -x + + cd "$local_hosts" + git pull >&2 + + cd "$local_hosts" + find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null + + cd "$local_painload" + git pull >&2 + + find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \; + + cd "$local_hosts" + find . -name .git -prune -o -type f -exec git add \{\} \; >&2 + if git status --porcelain | grep -q .; then + git config user.email "$LOGNAME@$(hostname)" + git config user.name "$LOGNAME" + git commit -m bump >&2 + git push >&2 + fi + + echo "HTTP/1.1 200 OK" + echo + echo "https://github.com/krebscode/hosts/archive/master.tar.gz" + echo "https://github.com/krebscode/hosts/archive/master.zip" +} + +main "$@" -- cgit v1.3.1 From acb3f95fa6586a9c9b1b1ffa76368c1b39edb8aa Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 13:06:36 +0200 Subject: github-hosts-sync: 1.0.0 -> 2.0.0 --- krebs/3modules/github-hosts-sync.nix | 25 +++++-- krebs/5pkgs/simple/github-hosts-sync/default.nix | 36 ++++------ .../5pkgs/simple/github-hosts-sync/src/hosts-sync | 81 ++++++---------------- 3 files changed, 56 insertions(+), 86 deletions(-) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 3b626dc46..233cea68d 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -11,17 +11,25 @@ let api = { enable = mkEnableOption "krebs.github-hosts-sync"; - port = mkOption { - type = types.int; # TODO port type - default = 1028; - }; dataDir = mkOption { type = types.str; # TODO path (but not just into store) default = "/var/lib/github-hosts-sync"; }; + srcDir = mkOption { + type = types.str; + default = "${config.krebs.tinc.retiolum.confDir}/hosts"; + }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; - default = toString ; + default = toString ; + }; + url = mkOption { + type = types.str; + default = "git@github.com:krebscode/hosts.git"; + }; + workTree = mkOption { + type = types.absolute-pathname; + default = "${cfg.dataDir}/cache"; }; }; @@ -30,13 +38,16 @@ let after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { - port = toString cfg.port; + GITHUB_HOST_SYNC_SRCDIR = cfg.srcDir; + GITHUB_HOST_SYNC_WORKTREE = cfg.workTree; + GITHUB_HOST_SYNC_URL = cfg.url; }; serviceConfig = { PermissionsStartOnly = "true"; SyslogIdentifier = "github-hosts-sync"; User = user.name; - Restart = "always"; + Type = "oneshot"; + RemainAfterExit = true; ExecStartPre = pkgs.writeDash "github-hosts-sync-init" '' set -euf install -m 0711 -o ${user.name} -d ${cfg.dataDir} diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix index 8caa5e1ef..5caf225cb 100644 --- a/krebs/5pkgs/simple/github-hosts-sync/default.nix +++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix @@ -1,7 +1,8 @@ { pkgs, stdenv, ... }: -stdenv.mkDerivation { - name = "github-hosts-sync"; +stdenv.mkDerivation rec { + name = "github-hosts-sync-${version}"; + version = "2.0.0"; src = ./src; @@ -10,28 +11,21 @@ stdenv.mkDerivation { "installPhase" ]; - installPhase = - let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - path = stdenv.lib.makeBinPath (with pkgs; [ - coreutils - findutils - git - gnugrep - gnused - nettools - openssh - socat - ]); - in + installPhase = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + path = stdenv.lib.makeBinPath [ + pkgs.git + pkgs.openssh + pkgs.rsync + ]; + in '' mkdir -p $out/bin - sed \ - 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \ - < hosts-sync \ - > $out/bin/github-hosts-sync + cp hosts-sync $out/bin/github-hosts-sync - chmod +x $out/bin/github-hosts-sync + sed -i \ + '1s,$,\nPATH=${path}''${PATH+:$PATH} GIT_SSL_CAINFO=${ca-bundle},' \ + $out/bin/github-hosts-sync ''; } diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync index f36c700d8..4bae44bef 100755 --- a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync +++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync @@ -1,66 +1,31 @@ #! /bin/sh -# TODO do_work should retry until success -set -euf +set -efu +exec >&2 -port=${port-1028} -local_painload=$HOME/painload -remote_painload="https://github.com/krebscode/painload" -local_hosts=$HOME/hosts -remote_hosts="git@github.com:krebscode/hosts.git" +hosts_srcdir=$GITHUB_HOST_SYNC_SRCDIR +hosts_worktree=${GITHUB_HOST_SYNC_WORKTREE-/tmp/hosts} +hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebscode/hosts.git} -main() { - ensure_local_painload - ensure_local_hosts - is_worker && do_work || become_server -} +test -d "$hosts_worktree" || git clone "$hosts_url" "$hosts_worktree" -ensure_local_painload() { - test -d "$local_painload" || git clone "$remote_painload" "$local_painload" -} +cd "$hosts_worktree" -ensure_local_hosts() { - test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts" -} +git pull -become_server() { - exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0" -} +rsync \ + --chmod D755,F644 \ + --delete-excluded \ + --filter 'protect .git' \ + --recursive \ + --verbose \ + "$hosts_srcdir/" \ + . -is_worker() { - test "${SOCAT_SOCKPORT-}" = "$port" -} +git add . -do_work() { - # read request - req_line="$(read line && echo "$line")" - req_hdrs="$(sed -n '/^\r$/q;p')" - - set -x - - cd "$local_hosts" - git pull >&2 - - cd "$local_hosts" - find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null - - cd "$local_painload" - git pull >&2 - - find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \; - - cd "$local_hosts" - find . -name .git -prune -o -type f -exec git add \{\} \; >&2 - if git status --porcelain | grep -q .; then - git config user.email "$LOGNAME@$(hostname)" - git config user.name "$LOGNAME" - git commit -m bump >&2 - git push >&2 - fi - - echo "HTTP/1.1 200 OK" - echo - echo "https://github.com/krebscode/hosts/archive/master.tar.gz" - echo "https://github.com/krebscode/hosts/archive/master.zip" -} - -main "$@" +if test -n "$(git status --porcelain)"; then + git config user.email "$LOGNAME@$(hostname)" + git config user.name "$LOGNAME" + git commit -m bump + git push +fi -- cgit v1.3.1 From 866e94b4fa70181b9ae753b51d59c27ce42c9497 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 13:36:13 +0200 Subject: hotdog.r: enable github-hosts-sync --- krebs/1systems/hotdog/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index f68c8ce50..32e416831 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -18,6 +18,7 @@ ]; krebs.build.host = config.krebs.hosts.hotdog; + krebs.github-hosts-sync.enable = true; boot.isContainer = true; networking.useDHCP = false; -- cgit v1.3.1 From c7cfc7d6a3988615fd40369d0e02bd570a52bc7f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 13:43:13 +0200 Subject: github-hosts-sync: update default URL --- krebs/3modules/github-hosts-sync.nix | 2 +- krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 233cea68d..6ffaf5503 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -25,7 +25,7 @@ let }; url = mkOption { type = types.str; - default = "git@github.com:krebscode/hosts.git"; + default = "git@github.com:krebs/hosts.git"; }; workTree = mkOption { type = types.absolute-pathname; diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync index 4bae44bef..d2017ef63 100755 --- a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync +++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync @@ -4,7 +4,7 @@ exec >&2 hosts_srcdir=$GITHUB_HOST_SYNC_SRCDIR hosts_worktree=${GITHUB_HOST_SYNC_WORKTREE-/tmp/hosts} -hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebscode/hosts.git} +hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebs/hosts.git} test -d "$hosts_worktree" || git clone "$hosts_url" "$hosts_worktree" -- cgit v1.3.1 From e91f56a4092b47aea6dd62e015176c0a45b6e0e6 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 13:48:48 +0200 Subject: krebs: add dummy github-hosts-sync.ssh.id_ed25519 --- krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519 | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519 diff --git a/krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519 b/krebs/0tests/data/secrets/github-hosts-sync.ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb -- cgit v1.3.1 From 2950b893b03253ef8000e939915bb9c8c1f1f524 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 13:53:55 +0200 Subject: github-hosts-sync: add nettools --- krebs/5pkgs/simple/github-hosts-sync/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix index 5caf225cb..fbc48fa3f 100644 --- a/krebs/5pkgs/simple/github-hosts-sync/default.nix +++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix @@ -15,6 +15,7 @@ stdenv.mkDerivation rec { ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; path = stdenv.lib.makeBinPath [ pkgs.git + pkgs.nettools pkgs.openssh pkgs.rsync ]; -- cgit v1.3.1 From a666abeaabbed73749cd5e2f1745b4a4527c4bc6 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 14:02:22 +0200 Subject: github-hosts-sync: make user name/mail overridable --- krebs/3modules/github-hosts-sync.nix | 3 +++ krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 6ffaf5503..0b7d56098 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -38,6 +38,8 @@ let after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { + GITHUB_HOST_SYNC_USER_MAIL = user.mail; + GITHUB_HOST_SYNC_USER_NAME = user.name; GITHUB_HOST_SYNC_SRCDIR = cfg.srcDir; GITHUB_HOST_SYNC_WORKTREE = cfg.workTree; GITHUB_HOST_SYNC_URL = cfg.url; @@ -67,6 +69,7 @@ let }; user = rec { + mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; }; diff --git a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync index d2017ef63..a8973e72b 100755 --- a/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync +++ b/krebs/5pkgs/simple/github-hosts-sync/src/hosts-sync @@ -5,6 +5,8 @@ exec >&2 hosts_srcdir=$GITHUB_HOST_SYNC_SRCDIR hosts_worktree=${GITHUB_HOST_SYNC_WORKTREE-/tmp/hosts} hosts_url=${GITHUB_HOST_SYNC_URL-git@github.com:krebs/hosts.git} +user_mail=${GITHUB_HOST_SYNC_USER_MAIL-$LOGNAME@$(hostname)} +user_name=${GITHUB_HOST_SYNC_USER_NAME-$LOGNAME} test -d "$hosts_worktree" || git clone "$hosts_url" "$hosts_worktree" @@ -24,8 +26,8 @@ rsync \ git add . if test -n "$(git status --porcelain)"; then - git config user.email "$LOGNAME@$(hostname)" - git config user.name "$LOGNAME" + git config user.email "$user_mail" + git config user.name "$user_name" git commit -m bump git push fi -- cgit v1.3.1 From 87e1da05aa253a629e5e188fac4c1a572e9e61de Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 20 May 2019 14:18:40 +0200 Subject: tv x220: define all the lidSwitch* T_T --- tv/2configs/hw/x220.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 35e7d8941..699b4a87e 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -57,6 +57,11 @@ HandleSuspendKey=ignore ''; + # because extraConfig is not extra enough: + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + services.logind.lidSwitchExternalPower = "ignore"; + services.xserver = { videoDriver = "intel"; }; -- cgit v1.3.1 From eb9c9b80cafbb69d858a9914eda1d5aa65745ae5 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 10:39:18 +0200 Subject: github-known-hosts: add new hosts --- krebs/3modules/github-known-hosts.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index def06f17a..bae8b96bf 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -28,12 +28,22 @@ "140.82.125.*" "140.82.126.*" "140.82.127.*" + "13.114.40.48" "13.229.188.59" + "13.234.176.102" + "13.234.210.38" + "13.236.229.21" + "13.237.44.5" "13.250.177.223" + "15.164.81.167" "18.194.104.89" "18.195.85.27" "35.159.8.160" + "52.192.72.89" + "52.64.108.95" + "52.69.186.44" "52.74.223.119" + "52.78.231.108" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; -- cgit v1.3.1 From 8837981c5972d745af6ce0a6a5a7d956b579575e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:47:43 +0200 Subject: tv pkgs: add vim overlay --- tv/5pkgs/vim/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 tv/5pkgs/vim/default.nix diff --git a/tv/5pkgs/vim/default.nix b/tv/5pkgs/vim/default.nix new file mode 100644 index 000000000..5582be3fd --- /dev/null +++ b/tv/5pkgs/vim/default.nix @@ -0,0 +1,7 @@ +with import ; + +self: super: { + tv = super.tv // { + vimPlugins = mapNixDir (path: self.callPackage path {}) ./.; + }; +} -- cgit v1.3.1 From 36ecf283d253a24f2ff3c434a5cda4f69119beff Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:48:36 +0200 Subject: tv vim: move fzf to overlay --- tv/2configs/vim.nix | 10 +--------- tv/5pkgs/vim/fzf.nix | 11 +++++++++++ 2 files changed, 12 insertions(+), 9 deletions(-) create mode 100644 tv/5pkgs/vim/fzf.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index a45e040e6..948058216 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -14,15 +14,7 @@ let { }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg - (pkgs.vimUtils.buildVimPlugin { - name = "fzf-2018-11-14"; - src = pkgs.fetchgit { - url = https://github.com/junegunn/fzf.vim; - rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc"; - sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m"; - }; - }) + pkgs.tv.vimPlugins.fzf pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree (pkgs.vimUtils.buildVimPlugin { diff --git a/tv/5pkgs/vim/fzf.nix b/tv/5pkgs/vim/fzf.nix new file mode 100644 index 000000000..14b6900b5 --- /dev/null +++ b/tv/5pkgs/vim/fzf.nix @@ -0,0 +1,11 @@ +{ pkgs }: + +# cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg +pkgs.vimUtils.buildVimPlugin { + name = "fzf-2018-11-14"; + src = pkgs.fetchgit { + url = https://github.com/junegunn/fzf.vim; + rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc"; + sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m"; + }; +} -- cgit v1.3.1 From d808a760e15a2ede3699c05f160eddaf81f1efbf Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:51:13 +0200 Subject: tv vim: move elixir to overlay --- tv/2configs/vim.nix | 9 +-------- tv/5pkgs/vim/elixir.nix | 9 +++++++++ 2 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 tv/5pkgs/vim/elixir.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 948058216..934704295 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -14,17 +14,10 @@ let { }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.tv.vimPlugins.elixir pkgs.tv.vimPlugins.fzf pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - (pkgs.vimUtils.buildVimPlugin { - name = "vim-elixir-2018-08-17"; - src = pkgs.fetchgit { - url = https://github.com/elixir-editors/vim-elixir; - rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b"; - sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04"; - }; - }) (pkgs.vimUtils.buildVimPlugin { name = "vim-syntax-jq"; src = pkgs.fetchgit { diff --git a/tv/5pkgs/vim/elixir.nix b/tv/5pkgs/vim/elixir.nix new file mode 100644 index 000000000..2ffbbc82f --- /dev/null +++ b/tv/5pkgs/vim/elixir.nix @@ -0,0 +1,9 @@ +{ pkgs }: +pkgs.vimUtils.buildVimPlugin { + name = "vim-elixir-2018-08-17"; + src = pkgs.fetchgit { + url = https://github.com/elixir-editors/vim-elixir; + rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b"; + sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04"; + }; +} -- cgit v1.3.1 From b46cb34eed46dab1cb77f00c3d42efce3e075431 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:52:20 +0200 Subject: tv vim: move jq to overlay --- tv/2configs/vim.nix | 9 +-------- tv/5pkgs/vim/jq.nix | 10 ++++++++++ 2 files changed, 11 insertions(+), 8 deletions(-) create mode 100644 tv/5pkgs/vim/jq.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 934704295..234602aa4 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -16,16 +16,9 @@ let { extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.tv.vimPlugins.elixir pkgs.tv.vimPlugins.fzf + pkgs.tv.vimPlugins.jq pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - (pkgs.vimUtils.buildVimPlugin { - name = "vim-syntax-jq"; - src = pkgs.fetchgit { - url = https://github.com/vito-c/jq.vim; - rev = "99d55a300047946a82ecdd7617323a751199ad2d"; - sha256 = "09c94nah47wx0cr556w61h6pfznxld18pfblc3nv51ivbw7cjqyx"; - }; - }) (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchgit { diff --git a/tv/5pkgs/vim/jq.nix b/tv/5pkgs/vim/jq.nix new file mode 100644 index 000000000..523f49f02 --- /dev/null +++ b/tv/5pkgs/vim/jq.nix @@ -0,0 +1,10 @@ +{ pkgs }: + +pkgs.vimUtils.buildVimPlugin { + name = "vim-syntax-jq"; + src = pkgs.fetchgit { + url = https://github.com/vito-c/jq.vim; + rev = "99d55a300047946a82ecdd7617323a751199ad2d"; + sha256 = "09c94nah47wx0cr556w61h6pfznxld18pfblc3nv51ivbw7cjqyx"; + }; +} -- cgit v1.3.1 From be42a7069de8a328a6363282151ea21050745910 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:53:17 +0200 Subject: tv vim: move file-line to overlay --- tv/2configs/vim.nix | 9 +-------- tv/5pkgs/vim/file-line.nix | 10 ++++++++++ 2 files changed, 11 insertions(+), 8 deletions(-) create mode 100644 tv/5pkgs/vim/file-line.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 234602aa4..657d7a6a6 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -15,18 +15,11 @@ let { extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.tv.vimPlugins.elixir + pkgs.tv.vimPlugins.file-line pkgs.tv.vimPlugins.fzf pkgs.tv.vimPlugins.jq pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "hack"; in { diff --git a/tv/5pkgs/vim/file-line.nix b/tv/5pkgs/vim/file-line.nix new file mode 100644 index 000000000..22597265a --- /dev/null +++ b/tv/5pkgs/vim/file-line.nix @@ -0,0 +1,10 @@ +{ pkgs }: + +pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; +} -- cgit v1.3.1 From ec45998cb5665ae005d366e87b2e04fb935906d4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:55:28 +0200 Subject: tv vim: move hack to overlay --- tv/2configs/vim.nix | 44 +------------------------------------------- tv/5pkgs/vim/hack.nix | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 43 deletions(-) create mode 100644 tv/5pkgs/vim/hack.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 657d7a6a6..7419eb674 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -17,52 +17,10 @@ let { pkgs.tv.vimPlugins.elixir pkgs.tv.vimPlugins.file-line pkgs.tv.vimPlugins.fzf + pkgs.tv.vimPlugins.hack pkgs.tv.vimPlugins.jq pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=255 - hi Identifier ctermfg=253 - hi Function ctermfg=253 - hi Statement ctermfg=253 - hi PreProc ctermfg=251 - hi Type ctermfg=251 - hi Delimiter ctermfg=251 - hi Special ctermfg=255 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=040 - hi NixData ctermfg=046 - hi NixQuote ctermfg=071 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - - hi Search cterm=NONE ctermbg=216 - ''; - }))) ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "vim"; in { diff --git a/tv/5pkgs/vim/hack.nix b/tv/5pkgs/vim/hack.nix new file mode 100644 index 000000000..2145cc166 --- /dev/null +++ b/tv/5pkgs/vim/hack.nix @@ -0,0 +1,46 @@ +with import ; +{ pkgs }: + +(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; +in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=255 + hi Identifier ctermfg=253 + hi Function ctermfg=253 + hi Statement ctermfg=253 + hi PreProc ctermfg=251 + hi Type ctermfg=251 + hi Delimiter ctermfg=251 + hi Special ctermfg=255 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=040 + hi NixData ctermfg=046 + hi NixQuote ctermfg=071 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + + hi Search cterm=NONE ctermbg=216 + ''; +})) -- cgit v1.3.1 From 9b573a35f24b4d259f909fc191c8123a1aeec7b3 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:56:25 +0200 Subject: tv vim: move vim to overlay --- tv/2configs/vim.nix | 14 +------------- tv/5pkgs/vim/vim.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 13 deletions(-) create mode 100644 tv/5pkgs/vim/vim.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 7419eb674..18b69313f 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -19,21 +19,9 @@ let { pkgs.tv.vimPlugins.fzf pkgs.tv.vimPlugins.hack pkgs.tv.vimPlugins.jq + pkgs.tv.vimPlugins.vim pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "showsyntax"; in { diff --git a/tv/5pkgs/vim/vim.nix b/tv/5pkgs/vim/vim.nix new file mode 100644 index 000000000..216ab6abb --- /dev/null +++ b/tv/5pkgs/vim/vim.nix @@ -0,0 +1,16 @@ +with import ; +{ pkgs }: + +(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; +in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; +})) -- cgit v1.3.1 From 35dcd45cd5245b7976ce68d63cbf0510f432808e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:57:24 +0200 Subject: tv vim: move showsyntax to overlay --- tv/2configs/vim.nix | 25 +------------------------ tv/5pkgs/vim/showsyntax.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 24 deletions(-) create mode 100644 tv/5pkgs/vim/showsyntax.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 18b69313f..819578661 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -19,33 +19,10 @@ let { pkgs.tv.vimPlugins.fzf pkgs.tv.vimPlugins.hack pkgs.tv.vimPlugins.jq + pkgs.tv.vimPlugins.showsyntax pkgs.tv.vimPlugins.vim pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { # # Haskell diff --git a/tv/5pkgs/vim/showsyntax.nix b/tv/5pkgs/vim/showsyntax.nix new file mode 100644 index 000000000..a5547e46a --- /dev/null +++ b/tv/5pkgs/vim/showsyntax.nix @@ -0,0 +1,26 @@ +{ pkgs }: + +(rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; +in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; +})) -- cgit v1.3.1 From 86972b5b600e261f6474f61eaf0c7eb8feb91f55 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:58:16 +0200 Subject: tv vim: move tv to overlay --- tv/2configs/vim.nix | 52 +--------------------------------------------------- tv/5pkgs/vim/tv.nix | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 51 deletions(-) create mode 100644 tv/5pkgs/vim/tv.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 819578661..b9509bca3 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -20,60 +20,10 @@ let { pkgs.tv.vimPlugins.hack pkgs.tv.vimPlugins.jq pkgs.tv.vimPlugins.showsyntax + pkgs.tv.vimPlugins.tv pkgs.tv.vimPlugins.vim pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { - # - # Haskell - # - "/ftplugin/haskell.vim".text = '' - if exists("g:vim_tv_ftplugin_haskell_loaded") - finish - endif - let g:vim_tv_ftplugin_haskell_loaded = 1 - - setlocal iskeyword+=' - ''; - # - # TODO - # - "/ftdetect/todo.vim".text = '' - au BufRead,BufNewFile TODO set ft=todo - ''; - "/ftplugin/todo.vim".text = '' - setlocal foldmethod=syntax - ''; - "/syntax/todo.vim".text = '' - syn match todoComment /#.*/ - - syn match todoDate /^[1-9]\S*/ - \ nextgroup=todoSummary - - syn region todoSummary - \ contained - \ contains=todoTag - \ start="." end="$\n" - \ nextgroup=todoBlock - - syn match todoTag /\[[A-Za-z]\+\]/hs=s+1,he=e-1 - \ contained - - syn region todoBlock - \ contained - \ contains=Comment - \ fold - \ start="^[^1-9]" end="^[1-9 ]"re=s-1,he=s-1,me=s-1 - - syn sync minlines=1000 - - hi link todoComment Comment - hi todoDate ctermfg=255 - hi todoSummary ctermfg=229 - hi todoBlock ctermfg=248 - hi todoTag ctermfg=217 - ''; - })) ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { "/syntax/haskell.vim".text = '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ diff --git a/tv/5pkgs/vim/tv.nix b/tv/5pkgs/vim/tv.nix new file mode 100644 index 000000000..ae6245b87 --- /dev/null +++ b/tv/5pkgs/vim/tv.nix @@ -0,0 +1,53 @@ +{ pkgs }: + +(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { + # + # Haskell + # + "/ftplugin/haskell.vim".text = '' + if exists("g:vim_tv_ftplugin_haskell_loaded") + finish + endif + let g:vim_tv_ftplugin_haskell_loaded = 1 + + setlocal iskeyword+=' + ''; + # + # TODO + # + "/ftdetect/todo.vim".text = '' + au BufRead,BufNewFile TODO set ft=todo + ''; + "/ftplugin/todo.vim".text = '' + setlocal foldmethod=syntax + ''; + "/syntax/todo.vim".text = '' + syn match todoComment /#.*/ + + syn match todoDate /^[1-9]\S*/ + \ nextgroup=todoSummary + + syn region todoSummary + \ contained + \ contains=todoTag + \ start="." end="$\n" + \ nextgroup=todoBlock + + syn match todoTag /\[[A-Za-z]\+\]/hs=s+1,he=e-1 + \ contained + + syn region todoBlock + \ contained + \ contains=Comment + \ fold + \ start="^[^1-9]" end="^[1-9 ]"re=s-1,he=s-1,me=s-1 + + syn sync minlines=1000 + + hi link todoComment Comment + hi todoDate ctermfg=255 + hi todoSummary ctermfg=229 + hi todoBlock ctermfg=248 + hi todoTag ctermfg=217 + ''; +}) -- cgit v1.3.1 From 06f8c8986b01bd805191fa452c09369cdafb0777 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 21 May 2019 21:59:18 +0200 Subject: tv vim: move nix to overlay --- tv/2configs/vim.nix | 218 +------------------------------------------------- tv/5pkgs/vim/nix.nix | 222 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 223 insertions(+), 217 deletions(-) create mode 100644 tv/5pkgs/vim/nix.nix diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index b9509bca3..f8d599f7e 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -19,228 +19,12 @@ let { pkgs.tv.vimPlugins.fzf pkgs.tv.vimPlugins.hack pkgs.tv.vimPlugins.jq + pkgs.tv.vimPlugins.nix pkgs.tv.vimPlugins.showsyntax pkgs.tv.vimPlugins.tv pkgs.tv.vimPlugins.vim pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { - "/syntax/haskell.vim".text = '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - "/syntax/nix.vim".text = '' - "" Quit when a (custom) syntax file was already loaded - "if exists("b:current_syntax") - " finish - "endif - - "setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (name: { - extraStart ? null, - lang ? name - }: - let - startAlts = filter isString [ - ''/\* ${name} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - if exists("b:current_syntax") - unlet b:current_syntax - endif - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - " This is required because containedin isn't transitive. - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') (let - - capitalize = s: let - xs = stringToCharacters s; - in - toUpper (head xs) + concatStrings (tail xs); - - alts = xs: ''\(${concatStringsSep ''\|'' xs}\)''; - def = k: ''${k}[ \t\r\n]*=''; - writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''; - - writerExt = k: writerName ''[^"]*\.${k}''; - writerName = k: ''write[^ \t\r\n]*[ \t\r\n]*"${k}"''; - - in { - c = {}; - cabal = {}; - diff = {}; - haskell = {}; - jq.extraStart = alts [ - (writer "Jq") - (writerExt "jq") - ]; - javascript.extraStart = ''/\* js \*/''; - lua = {}; - python.extraStart = ''/\* py \*/''; - sed.extraStart = writer "Sed"; - sh.extraStart = let - phases = [ - "unpack" - "patch" - "configure" - "build" - "check" - "install" - "fixup" - "installCheck" - "dist" - ]; - shells = [ - "ash" - "bash" - "dash" - ]; - in alts [ - (def "shellHook") - (def "${alts phases}Phase") - (def "${alts ["pre" "post"]}${alts (map capitalize phases)}") - (writer (alts (map capitalize shells))) - ]; - yaml = {}; - vim.extraStart = alts [ - (def ''"[^"]*\.vim"\.text'') - (writerExt "vim") - (writerName ''\([^"]*\.\)\?vimrc'') - ]; - xdefaults = {}; - xmodmap = {}; - }))} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\(''$\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /'''\('\|\\.\)/he=s+1 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - ''; - "/syntax/sed.vim".text = '' - syn region sedBranch - \ matchgroup=sedFunction start="T" - \ matchgroup=sedSemicolon end=";\|$" - \ contains=sedWhitespace - ''; - "/syntax/xmodmap.vim".text = '' - syn match xmodmapComment /^\s*!.*/ - ''; - })) ]; dirs = { diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix new file mode 100644 index 000000000..a58a45b2d --- /dev/null +++ b/tv/5pkgs/vim/nix.nix @@ -0,0 +1,222 @@ +with import ; +{ pkgs }: + +(rtp: rtp // { inherit rtp; }) (pkgs.write "vim-syntax-nix-nested" { + "/syntax/haskell.vim".text = '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + "/syntax/nix.vim".text = '' + "" Quit when a (custom) syntax file was already loaded + "if exists("b:current_syntax") + " finish + "endif + + "setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (name: { + extraStart ? null, + lang ? name + }: + let + startAlts = filter isString [ + ''/\* ${name} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + if exists("b:current_syntax") + unlet b:current_syntax + endif + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + " This is required because containedin isn't transitive. + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') (let + + # TODO move this higher + capitalize = s: let + xs = stringToCharacters s; + in + toUpper (head xs) + concatStrings (tail xs); + + alts = xs: ''\(${concatStringsSep ''\|'' xs}\)''; + def = k: ''${k}[ \t\r\n]*=''; + writer = k: ''write${k}[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''; + + writerExt = k: writerName ''[^"]*\.${k}''; + writerName = k: ''write[^ \t\r\n]*[ \t\r\n]*"${k}"''; + + in { + c = {}; + cabal = {}; + diff = {}; + haskell = {}; + jq.extraStart = alts [ + (writer "Jq") + (writerExt "jq") + ]; + javascript.extraStart = ''/\* js \*/''; + lua = {}; + #nginx = {}; + python.extraStart = ''/\* py \*/''; + sed.extraStart = writer "Sed"; + sh.extraStart = let + phases = [ + "unpack" + "patch" + "configure" + "build" + "check" + "install" + "fixup" + "installCheck" + "dist" + ]; + shells = [ + "ash" + "bash" + "dash" + ]; + in alts [ + (def "shellHook") + (def "${alts phases}Phase") + (def "${alts ["pre" "post"]}${alts (map capitalize phases)}") + (writer (alts (map capitalize shells))) + ]; + yaml = {}; + vim.extraStart = alts [ + (def ''"[^"]*\.vim"\.text'') + (writerExt "vim") + (writerName ''\([^"]*\.\)\?vimrc'') + ]; + xdefaults = {}; + xmodmap = {}; + }))} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\(''$\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /'''\('\|\\.\)/he=s+1 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; + "/syntax/sed.vim".text = '' + syn region sedBranch + \ matchgroup=sedFunction start="T" + \ matchgroup=sedSemicolon end=";\|$" + \ contains=sedWhitespace + ''; + "/syntax/xmodmap.vim".text = '' + syn match xmodmapComment /^\s*!.*/ + ''; +}) -- cgit v1.3.1 From 08ddffd7812f9ec42f9946dd2c4f8cc4eb7b656c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 28 May 2019 09:33:37 +0200 Subject: nixpkgs: 705986f -> e2883c3 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 811eb826e..340b926ce 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "705986f5a986be5c5ae13193b487c7ec8ca05f16", - "date": "2019-05-18T20:38:59-04:00", - "sha256": "0zpch2cpl2yx0mp7hnyjd03hqs7rxza9wc2p97njsdzhi56gxwxp", + "rev": "e2883c31628ea0f3e00f899062327468a20d1aa1", + "date": "2019-05-27T17:09:30-04:00", + "sha256": "1xrpd8ykr8g3h4b33z69vngh6hfayi51jajbnfm6phhpwgd6mmld", "fetchSubmodules": false } -- cgit v1.3.1 From f846ad7bea7bfb201d3e8c7adbc7e4a4c21c604e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:01:10 +0200 Subject: kruck.r: add video.kruck.r alias --- krebs/3modules/external/palo.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index cefac0959..8510cb9ae 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -34,7 +34,10 @@ in { retiolum = { ip4.addr = "10.243.23.3"; tinc.port = 720; - aliases = [ "kruck.r" ]; + aliases = [ + "kruck.r" + "video.kruck.r" + ]; tinc.pubkey = tinc-for "palo"; }; }; -- cgit v1.3.1 From c8784043f10e6c5456816e2704f9e01cf1c366ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:01:49 +0200 Subject: schasch.r: add syncthing.id --- krebs/3modules/external/palo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index 8510cb9ae..05808714c 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -52,6 +52,7 @@ in { tinc.pubkey = tinc-for "palo"; }; }; + syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; workhorse = { owner = config.krebs.users.palo; -- cgit v1.3.1 From 64539ffaa463db7a8d9f01953fba3fd9a2bba0ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:02:30 +0200 Subject: l prism.r: add codi.lassul.us --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 41f3852b9..f4c8f5c6a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -35,6 +35,7 @@ in { default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} -- cgit v1.3.1 From 441ae45dc78e188493ad1bb5e9e075a5e4fbe86a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:04:11 +0200 Subject: l daedalus.r: add altcoins pkgs --- lass/1systems/daedalus/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 6e3df12f0..df8868034 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -57,6 +57,8 @@ with import ; { krebs.per-user.bitcoin.packages = [ pkgs.electrum + pkgs.electron-cash + pkgs.altcoins.litecoin ]; users.extraUsers = { bitcoin = { -- cgit v1.3.1 From 34791532ac850fd575f5b23cc25296409a19eed2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:05:02 +0200 Subject: l mors.r: add free_music sync --- lass/1systems/mors/config.nix | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f911b79d6..5076beeef 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -49,14 +49,31 @@ with import ; ]; } { - krebs.syncthing.folders."the_playlist" = { - path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + krebs.syncthing = { + peers.schasch.addresses = [ "schasch.r:22000" ]; + folders = { + the_playlist = { + path = "/home/lass/tmp/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + free_music = { + id = "mu9mn-zgvsw"; + path = "/home/lass/tmp/free_music"; + peers = [ "mors" "schasch" ]; + }; + }; }; - krebs.permown."/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; + krebs.permown = { + "/home/lass/tmp/free_music" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; + "/home/lass/tmp/the_playlist" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; }; } { -- cgit v1.3.1 From ac0749765211031c9ac677b2f9c6907457ae60a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:18:24 +0200 Subject: syncthing: add more options, remove uneeded id --- krebs/3modules/syncthing.nix | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 897ba1e7f..9c6acfb0c 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -22,7 +22,7 @@ let getApiKey = pkgs.writeDash "getAPIKey" '' ${pkgs.libxml2}/bin/xmllint \ --xpath 'string(configuration/gui/apikey)'\ - ${config.services.syncthing.dataDir}/config.xml + ${config.services.syncthing.configDir}/config.xml ''; updateConfig = pkgs.writeDash "merge-syncthing-config" '' @@ -31,9 +31,9 @@ let ${pkgs.untilport}/bin/untilport localhost 8384 API_KEY=$(${getApiKey}) CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) - echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { - "devices": ${builtins.toJSON devices}, - "folders": ${builtins.toJSON folders} + echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] as $in | $in * { + "devices": (${builtins.toJSON devices}${optionalString (! cfg.overridePeers) " + $in.devices"}), + "folders": (${builtins.toJSON folders}${optionalString (! cfg.overrideFolders) " + $in.folders"}) }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST ''; @@ -45,11 +45,6 @@ in enable = mkEnableOption "syncthing-init"; - id = mkOption { - type = types.str; - default = config.krebs.build.host.name; - }; - cert = mkOption { type = types.nullOr types.absolute-pathname; default = null; @@ -60,6 +55,13 @@ in default = null; }; + overridePeers = mkOption { + type = types.bool; + default = true; + description = '' + Whether to delete the peers which are not configured via the peers option + ''; + }; peers = mkOption { default = {}; type = types.attrsOf (types.submodule ({ @@ -80,6 +82,13 @@ in })); }; + overrideFolders = mkOption { + type = types.bool; + default = true; + description = '' + Whether to delete the folders which are not configured via the peers option + ''; + }; folders = mkOption { default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { @@ -135,14 +144,14 @@ in systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { preStart = '' ${optionalString (cfg.cert != null) '' - cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem - chmod 400 ${config.services.syncthing.dataDir}/cert.pem + cp ${toString cfg.cert} ${config.services.syncthing.configDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.configDir}/cert.pem + chmod 400 ${config.services.syncthing.configDir}/cert.pem ''} ${optionalString (cfg.key != null) '' - cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem - chmod 400 ${config.services.syncthing.dataDir}/key.pem + cp ${toString cfg.key} ${config.services.syncthing.configDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.configDir}/key.pem + chmod 400 ${config.services.syncthing.configDir}/key.pem ''} ''; }; -- cgit v1.3.1 From e0af72f1f3531576caee2608cf407b8bb4c05ea2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:19:37 +0200 Subject: l mors.r: switch wifi card --- lass/1systems/mors/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 25425f146..6828d70de 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -22,7 +22,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0" + SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0" ''; -- cgit v1.3.1 From 86e5815ba3b05acbd49aa910dbabdfbb21de0e23 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:20:45 +0200 Subject: l prism.r: enable codimd --- lass/1systems/prism/config.nix | 1 + lass/2configs/codimd.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 lass/2configs/codimd.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d7b0b701a..57a12be22 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,7 @@ with import ; }; } + { services.taskserver = { enable = true; diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix new file mode 100644 index 000000000..5f802148b --- /dev/null +++ b/lass/2configs/codimd.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +with import ; + +{ + services.nginx.virtualHosts.codimd = { + enableACME = true; + addSSL = true; + serverName = "codi.lassul.us"; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://localhost:3091; + ''; + }; + + services.codimd = { + enable = true; + configuration = { + db = { + dialect = "sqlite"; + storage = "/var/lib/codimd/db.codimd.sqlite"; + useCDN = false; + }; + port = 3091; + }; + }; +} + -- cgit v1.3.1 From 418e9f566511af814a4b3bf4c653cca036796a73 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:24:31 +0200 Subject: l prism.r: export download/finished directly --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 57a12be22..e33d1ca9f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -383,7 +383,7 @@ with import ; ''; fileSystems."/export/download" = { - device = "/var/lib/containers/yellow/var/download"; + device = "/var/lib/containers/yellow/var/download/finished"; options = [ "bind" ]; }; services.nfs.server = { -- cgit v1.3.1 From 65907391192875d0051f92950516a70919272c26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:25:20 +0200 Subject: l prism.r: allow nfs mount from retiolum --- lass/1systems/prism/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e33d1ca9f..dbbcbc5d1 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -396,6 +396,12 @@ with import ; statdPort = 4000; }; krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } -- cgit v1.3.1 From 4d48a1e10942f2885f9728d736f7c87b58780982 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:32:59 +0200 Subject: l prism.r: add rsa hostKey --- lass/1systems/prism/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index dbbcbc5d1..eec8e34b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -463,4 +463,10 @@ with import ; enable = true; freeMemThreshold = 5; }; + + # prism rsa hack + services.openssh.hostKeys = [{ + path = toString + "ssh.id_rsa"; + type = "rsa"; + }]; } -- cgit v1.3.1 From 14b4c59c5bcc9c6414ecd147436f234f5aa3f133 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:34:59 +0200 Subject: l browsers: remove broken krebsgold :( --- lass/2configs/browsers.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d214e224d..c0085995d 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -66,7 +66,6 @@ in { extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium - "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold ]; }; -- cgit v1.3.1 From 74d0821e3a1207952cf639ac24009e7533aeff17 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:35:43 +0200 Subject: l: add more mail addresses --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4216bd67a..d1e6b195b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -103,6 +103,9 @@ with import ; { from = "lobsters@lassul.us"; to = lass.mail; } { from = "fysitech@lassul.us"; to = lass.mail; } { from = "threema@lassul.us"; to = lass.mail; } + { from = "ubisoft@lassul.us"; to = lass.mail; } + { from = "kottezeller@lassul.us"; to = lass.mail; } + { from = "pie@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.3.1 From a5160c8d4f17fd9baf66aabcc8c5535e4f471a3e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:37:05 +0200 Subject: l radio: add correct hostname headers --- lass/2configs/radio.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 88899c554..7960db564 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -97,7 +97,7 @@ in { services.icecast = { enable = true; - hostname = "config.krebs.build.host.name"; + hostname = "radio.lassul.us"; admin.password = admin-password; extraConf = '' @@ -218,6 +218,11 @@ in { forceSSL = true; enableACME = true; locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; locations."/recent".extraConfig = '' -- cgit v1.3.1 From ab0d80fde8a990c3522ac13e4ddd91c23e349391 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:37:33 +0200 Subject: l network-manager: randomize mac addresses --- lass/2configs/network-manager.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index 5b890b591..ab27eb841 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -15,6 +15,8 @@ }; }; networking.networkmanager = { + ethernet.macAddress = "random"; + wifi.macAddress = "random"; enable = true; unmanaged = [ "docker*" -- cgit v1.3.1 From 4c7f444c70c48b0230019d4b2e7f17519a4f3d1a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:38:23 +0200 Subject: l radio: secure radio mounts with password --- lass/2configs/radio.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7960db564..49d093a6d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -100,9 +100,14 @@ in { hostname = "radio.lassul.us"; admin.password = admin-password; extraConf = '' - - ${source-password} - + + /radio.mp3 + ${source-password} + + + /radio.ogg + ${source-password} + ''; }; -- cgit v1.3.1 From 78a3cfb6fff1488437d22834709ffd04b287b819 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:39:56 +0200 Subject: l radio: fix Reaktor pattern --- lass/2configs/radio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 49d093a6d..b4efd42fc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -199,8 +199,8 @@ in { workdir = config.krebs.reaktor2.the_playlist.stateDir; hooks.PRIVMSG = [ { - activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + #activate = "match"; + pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; command = 1; arguments = [2]; commands = { -- cgit v1.3.1 From a122fec9e559e8050f03e6cd0c348490636bc9dd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:40:24 +0200 Subject: l retiolum: remove dishfire as supernode --- lass/2configs/retiolum.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index fb76c5735..5a87d52af 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -20,7 +20,6 @@ "prism" "gum" "ni" - "dishfire" ]; }; -- cgit v1.3.1 From 65c2a882482a8c9ceeebff68dc38be83ab44ee12 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:40:44 +0200 Subject: l retiolum: enable localDiscovery --- lass/2configs/retiolum.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 5a87d52af..9932f8172 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -21,6 +21,9 @@ "gum" "ni" ]; + extraConfig = '' + LocalDiscovery = yes + ''; }; nixpkgs.config.packageOverrides = pkgs: { -- cgit v1.3.1 From b216553984b5b3fadb297bdf2f8f019daa1c957b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:47:34 +0200 Subject: l syncthing: don't share sync with phone --- lass/2configs/syncthing.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 48f2625c1..25712f4f3 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: with import ; let - peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); + all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; + own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers; + mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); in { services.syncthing = { enable = true; @@ -14,8 +16,8 @@ in { enable = true; cert = toString ; key = toString ; - peers = peers; - folders."/home/lass/sync".peers = attrNames peers; + peers = mk_peers all_peers; + folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers); }; system.activationScripts.syncthing-home = '' -- cgit v1.3.1 From dda92fcf0bc438186d6880b6bd6650f799d249b5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:47:58 +0200 Subject: l syncthing: fix permissions of sync --- lass/2configs/syncthing.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 25712f4f3..d4df17b9a 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -25,8 +25,9 @@ in { ''; krebs.permown."/home/lass/sync" = { + file-mode = "u+rw,g+rw"; owner = "lass"; group = "syncthing"; - umask = "0007"; + umask = "0002"; }; } -- cgit v1.3.1 From 0c9a0c690e6ec575f7e72af3a8a91096c60c21e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:48:42 +0200 Subject: l domsen: add jarugadesign user, mail & page --- lass/2configs/websites/domsen.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2131c7c62..865186481 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,6 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "jarugadesign.de" "www.jarugadesign.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -141,6 +142,7 @@ in { { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } + { from = "hallo@jarugadesign.de"; to ="kasia"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -150,6 +152,7 @@ in { "ubikmedia.eu" "ubikmedia.de" "alewis.de" + "jarugadesign.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -235,6 +238,12 @@ in { }; krebs.on-failure.plans.restic-backups-domsen = {}; + users.users.kasia = { + uid = genid_uint31 "kasia"; + home = "/home/kasia"; + useDefaultShell = true; + createHome = true; + }; services.restic.backups.domsen = { initialize = true; extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; -- cgit v1.3.1 From d68e0e2e2d9f2aa07e5daf950971f4f6ff1634b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:49:10 +0200 Subject: l domsen: set nextcloud overwriteProtocol --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 865186481..912d56925 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -94,6 +94,7 @@ in { hostName = "o.xanf.org"; config = { adminpassFile = toString + "/nextcloud_pw"; + overwriteProtocol = "https"; }; https = true; nginx.enable = true; -- cgit v1.3.1 From f8164a8e32b646464376afa951232085c9f1322b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:49:29 +0200 Subject: l domsen: increase journalctl lines in backup errors --- lass/2configs/websites/domsen.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 912d56925..c99bd7b15 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -238,13 +238,18 @@ in { createHome = true; }; - krebs.on-failure.plans.restic-backups-domsen = {}; users.users.kasia = { uid = genid_uint31 "kasia"; home = "/home/kasia"; useDefaultShell = true; createHome = true; }; + + krebs.on-failure.plans.restic-backups-domsen = { + journalctl = { + lines = 1000; + }; + }; services.restic.backups.domsen = { initialize = true; extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; -- cgit v1.3.1 From 70a58ef2e310521029de794caba6c8351ac99e86 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:49:45 +0200 Subject: l domsen: use permown for permissions --- lass/2configs/websites/domsen.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c99bd7b15..9980e0501 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -262,11 +262,41 @@ in { "/home/ms/Mail" "/home/klabusterbeere/Mail" "/home/jms/Mail" + "/home/kasia/Mail" "/home/bruno/Mail" "/home/akayguen/Mail" "/backups/sql_dumps" ]; }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.permown = { + "/srv/http/ubikmedia.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0007"; + }; + "/srv/http/o.ubikmedia.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0007"; + }; + "/srv/http/freemonkey.art" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + "/srv/http/jarugadesign.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + "/srv/http/reich-gebaeudereinigung.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + }; + } -- cgit v1.3.1 From 4caeb3d3f8525721cefa7a74e79781a3b9787eb6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 09:56:07 +0200 Subject: wolf.r: add declarative gitlab-runner --- krebs/1systems/wolf/config.nix | 1 + krebs/2configs/shack/gitlab-runner.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 krebs/2configs/shack/gitlab-runner.nix diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec8830711..995e49669 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,6 +26,7 @@ in + { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix new file mode 100644 index 000000000..57d670ea3 --- /dev/null +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + runner-src = builtins.fetchTarball { + url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; + sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; + }; +in +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + imports = [ + "${runner-src}/gitlab-runner.nix" + ]; + services.gitlab-runner2.enable = true; + ## registrationConfigurationFile contains: + # CI_SERVER_URL= + # REGISTRATION_TOKEN= + services.gitlab-runner2.registrationConfigFile = ; +} -- cgit v1.3.1 From 30a90e48b91ba9d09da7cafe8ad81dcc153554d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 20:53:02 +0200 Subject: wolf.r: add documentation for imports --- krebs/1systems/wolf/config.nix | 84 +++++++++++------------------------------- 1 file changed, 21 insertions(+), 63 deletions(-) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 995e49669..f629c5984 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -11,84 +11,42 @@ in - - - + # handle the worlddomination map via coap + + # drivedroid.shack for shackphone # - + # Say if muell will be collected - + + # create samba share for anonymous usage with the laser and 3d printer pc + + # mobile.lounge.mpd.shack + # connect to git.shackspace.de as group runner for rz - { - systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - systemd.services.telegraf.environment = { - MIBDIRS = pkgs.fetchgit { - url = "http://git.shackspace.de/makefu/modem-mibs.git"; - sha256 = - "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; - }; # extra mibs like ADSL - }; - services.telegraf = { - enable = true; - extraConfig = { - inputs = { - snmp = { - agents = [ "10.0.1.3:161" ]; - version = 2; - community = "shack"; - name = "snmp"; - field = [ - { - name = "hostname"; - oid = "RFC1213-MIB::sysName.0"; - is_tag = true; - } - { - name = "load-percent"; #cisco - oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; - } - { - name = "uptime"; - oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; - } - ]; - table = [{ - name = "snmp"; - inherit_tags = [ "hostname" ]; - oid = "IF-MIB::ifXTable"; - field = [{ - name = "ifName"; - oid = "IF-MIB::ifName"; - is_tag = true; - }]; - }]; - }; - }; - outputs = { - influxdb = { - urls = [ "http://${influx-host}:8086" ]; - database = "telegraf"; - write_consistency = "any"; - timeout = "5s"; - }; - }; - }; - }; - } + # Statistics collection and visualization + + ## Collect data from mqtt.shack and store in graphite database + + ## Collect radioactive data and put into graphite + + ## Collect local statistics via collectd and send to collectd + + ## write collectd statistics to wolf.shack + + { services.influxdb.enable = true; } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - services.influxdb.enable = true; # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; @@ -157,10 +115,10 @@ in # fallout of ipv6calypse networking.extraHosts = '' hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4a6f".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey -- cgit v1.3.1 From 27f3c2cd53adce6a0dcc6e2b9e917b8da9486d24 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:17:45 +0200 Subject: wolf.r: add netbox docker-compose --- krebs/1systems/wolf/config.nix | 2 ++ krebs/2configs/shack/netbox.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 krebs/2configs/shack/netbox.nix diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index f629c5984..7ca0f0ec1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -43,6 +43,8 @@ in ## write collectd statistics to wolf.shack { services.influxdb.enable = true; } + + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix new file mode 100644 index 000000000..4fb5a7dbc --- /dev/null +++ b/krebs/2configs/shack/netbox.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.docker-compose ]; + virtualisation.docker.enable = true; + services.nginx = { + enable = true; + virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080"; + }; + # we store the netbox config there: + # state = [ "/var/lib/netbox" ]; + systemd.services.backup-netbox = { + after = [ "netbox-docker-compose.service" ]; + startAt = "daily"; + path = with pkgs; [ docker-compose docker gzip coreutils ]; + script = '' + cd /var/lib/netbox + mkdir -p backup + docker-compose exec -T -upostgres postgres pg_dumpall \ + | gzip > backup/netdata_$(date -Iseconds).dump.gz + ''; + }; + + systemd.services.netbox-docker-compose = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "docker.service" ]; + environment.VERSION = "v2.5.13"; + serviceConfig = { + WorkingDirectory = "/var/lib/netbox"; + # TODO: grep -q NAPALM_SECRET env/netbox.env + # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml + ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull"; + ExecStart = "${pkgs.docker-compose}/bin/docker-compose up"; + Restart = "always"; + RestartSec = "10"; + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; + }; +} -- cgit v1.3.1 From df8e811695bae334879981c6b2696be226e73f72 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:28:32 +0200 Subject: external: add 0x4a6f --- krebs/3modules/external/default.nix | 4 ++++ krebs/3modules/external/ssh/0x4a6f.pub | 1 + 2 files changed, 5 insertions(+) create mode 100644 krebs/3modules/external/ssh/0x4a6f.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259aa..70c49cfcf 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -487,6 +487,10 @@ in { mail = "shackspace.de@myvdr.de"; pubkey = ssh-for "ulrich"; }; + "0x4a6f" = { + mail = "0x4a6f@shackspace.de"; + pubkey = ssh-for "0x4a6f"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub new file mode 100644 index 000000000..1ea084bad --- /dev/null +++ b/krebs/3modules/external/ssh/0x4a6f.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS -- cgit v1.3.1 From 592d157eba8f1b5ba35f1fca64c2905897468f83 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:43:32 +0200 Subject: wolf secrets: add shackspace-gitlab-ci --- krebs/0tests/data/secrets/shackspace-gitlab-ci | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/shackspace-gitlab-ci diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci new file mode 100644 index 000000000..e69de29bb -- cgit v1.3.1 From 4e7af580d81f02f6d07d38917f124f4b99483603 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Jun 2019 23:30:54 +0200 Subject: krops: get correct secrets --- krebs/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/krops.nix b/krebs/krops.nix index 94418fdc2..8d38ed5b0 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -50,7 +50,7 @@ { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = if test then { - file = toString ; + file = toString ./0tests/data/secrets; } else { pass = { dir = "${lib.getEnv "HOME"}/brain"; -- cgit v1.3.1 From b6caea7a6219792d6c3a10567e15a0144a5c994b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 14 Jun 2019 23:56:07 +0200 Subject: ma wiregrill: update gum, add rockit --- krebs/3modules/makefu/wiregrill/gum.pub | 2 +- krebs/3modules/makefu/wiregrill/rockit.pub | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/makefu/wiregrill/rockit.pub diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub index 4a5f666cc..67d6c7216 100644 --- a/krebs/3modules/makefu/wiregrill/gum.pub +++ b/krebs/3modules/makefu/wiregrill/gum.pub @@ -1 +1 @@ -yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo= +A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0= diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub new file mode 100644 index 000000000..6cb0d960d --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/rockit.pub @@ -0,0 +1 @@ +YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc= -- cgit v1.3.1 From df9b3fa1be5eb3e812f605ea78ac3f7363b52211 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 14 Jun 2019 23:58:24 +0200 Subject: shack/gitlab-runner: remove trailing whitespace --- krebs/2configs/shack/gitlab-runner.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index 57d670ea3..0fd06426a 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -10,7 +10,7 @@ in "/run/wrappers" # /run/wrappers/bin/su "/" # /bin/sh ]; - imports = [ + imports = [ "${runner-src}/gitlab-runner.nix" ]; services.gitlab-runner2.enable = true; -- cgit v1.3.1 From ec93824f05c8f89e738831c2c059e934cbffafb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 00:53:35 +0200 Subject: external: add rilke.w --- krebs/3modules/external/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259aa..beff63dfa 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -241,6 +241,13 @@ in { }; }; }; + rilke = { + owner = config.krebs.users.kmein; + nets.wiregrill = { + aliases = [ "rilke.w" ]; + wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; + }; + }; rock = { owner = config.krebs.users.Mic92; nets = { @@ -493,4 +500,3 @@ in { }; }; } - -- cgit v1.3.1 From eda35fc0a6e9f9a4d65d4ed6d47ef527bf612e0d Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 15 Jun 2019 01:05:01 +0200 Subject: ma: add rockit, wiregrill for gum --- krebs/3modules/makefu/default.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index b38c9104f..dc9ade199 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -143,11 +143,19 @@ in { ci = true; cores = 4; nets = { + lan = { + ip4.addr = "192.168.8.11"; + aliases = [ + "wbob.lan" + "log.wbob.lan" + ]; + }; retiolum = { ip4.addr = "10.243.214.15"; aliases = [ "wbob.r" "hydra.wbob.r" + "log.wbob.r" ]; }; }; @@ -182,6 +190,7 @@ in { wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. + mediengewitter IN CNAME over.dose.io. ''; }; cores = 8; @@ -196,13 +205,9 @@ in { }; wiregrill = { via = internet; + ip4.addr = "10.245.0.1"; ip6.addr = w6 "1"; - wireguard = { - subnets = [ - (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR - (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR - ]; - }; + wireguard.port = 51821; }; retiolum = { via = internet; @@ -247,7 +252,6 @@ in { cores = 1; extraZones = { "krebsco.de" = '' - mediengewitter IN A ${nets.internet.ip4.addr} flap IN A ${nets.internet.ip4.addr} ''; }; @@ -281,6 +285,10 @@ in { }; }; }; + rockit = rec { # router@home + cores = 1; + nets.wiregrill.ip4.addr = "10.245.0.2"; + }; senderechner = rec { cores = 2; -- cgit v1.3.1 From cdd1c018ec4a0022cc5d8ddf3ad355952131e8a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 15 Jun 2019 01:25:27 +0200 Subject: ma wiregrill: ipv4 for wiregrill LOL! --- krebs/3modules/makefu/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index dc9ade199..601762b93 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -205,9 +205,13 @@ in { }; wiregrill = { via = internet; - ip4.addr = "10.245.0.1"; + ip4.addr = "10.244.245.1"; ip6.addr = w6 "1"; wireguard.port = 51821; + wireguard.subnets = [ + (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + "10.244.245.0/24" # required for routing directly to gum via rockit + ]; }; retiolum = { via = internet; @@ -287,7 +291,7 @@ in { }; rockit = rec { # router@home cores = 1; - nets.wiregrill.ip4.addr = "10.245.0.2"; + nets.wiregrill.ip4.addr = "10.244.245.2"; }; senderechner = rec { -- cgit v1.3.1 From 3fa17455eff14e2f6c6bf4fef06c776a94014938 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 12:20:18 +0200 Subject: nixpkgs: e2883c3 -> 1601f55 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 340b926ce..d294ca6d1 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e2883c31628ea0f3e00f899062327468a20d1aa1", - "date": "2019-05-27T17:09:30-04:00", - "sha256": "1xrpd8ykr8g3h4b33z69vngh6hfayi51jajbnfm6phhpwgd6mmld", + "rev": "1601f559e89ba71091faa26888711d4dd24c2d4d", + "date": "2019-06-14T16:14:30-04:00", + "sha256": "0iayyz9617mz6424spwbi9qvmcl8hiql42czxg8mi4ycq4p1k0dx", "fetchSubmodules": false } -- cgit v1.3.1 From ff283af7b255418e2ca75bc54dadaf354d3a4dd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 18:24:06 +0200 Subject: external: add wilde.r (kmein) --- krebs/3modules/external/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index bdbfd1cb8..ac656f463 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -43,6 +43,31 @@ in { }; }; }; + wilde = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.4"; + aliases = [ "wilde.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk + g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg + 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay + uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L + a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo + IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM + C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q + sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq + 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo + 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57 + lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0 + QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; dpdkm = { owner = config.krebs.users.Mic92; nets = rec { -- cgit v1.3.1 From 3dd3da513c7b28a44a12a86fc8d380f684088aad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Jun 2019 11:36:55 +0200 Subject: nixpkgs: 1601f55 -> f01ed7b --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index d294ca6d1..53340de9e 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "1601f559e89ba71091faa26888711d4dd24c2d4d", - "date": "2019-06-14T16:14:30-04:00", - "sha256": "0iayyz9617mz6424spwbi9qvmcl8hiql42czxg8mi4ycq4p1k0dx", + "rev": "f01ed7b38aaa1d5e52951ecf92d06b600eb9e3c8", + "date": "2019-06-18T11:50:10+02:00", + "sha256": "0pnnzss0pig7xh9x9jyyphrnir7smln71ig3h6asv2y3jl6xs9p6", "fetchSubmodules": false } -- cgit v1.3.1 From ad7800ecce810ff4b2e4b300509e628195444274 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Jun 2019 15:22:37 +0200 Subject: nixpkgs: f01ed7b -> d77e3bd --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 53340de9e..4118a1dd6 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "f01ed7b38aaa1d5e52951ecf92d06b600eb9e3c8", - "date": "2019-06-18T11:50:10+02:00", - "sha256": "0pnnzss0pig7xh9x9jyyphrnir7smln71ig3h6asv2y3jl6xs9p6", + "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09", + "date": "2019-06-18T23:08:17+02:00", + "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866", "fetchSubmodules": false } -- cgit v1.3.1 From 153505206cba1896685bf1fd7252cffeae19e290 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 28 Apr 2019 14:35:10 +0200 Subject: krops: 1.11.1 -> 1.14.0 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 5b8fb8dc0..ee41207df 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 5b8fb8dc0ee14672d7fd533bd98635b8725dbb29 +Subproject commit ee41207df1ce718e0b154ed8047384118a0133a4 -- cgit v1.3.1 From 43141c67fdafed29b1f6e40b9a77f4efb5302a07 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 21 Jun 2019 23:56:07 +0200 Subject: syncthing folders: add ignoreDelete option --- krebs/3modules/syncthing.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 897ba1e7f..3ec0fe09d 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -16,6 +16,7 @@ let rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; fsWatcherDelayS = folder.watchDelay; + ignoreDelete = folder.ignoreDelete; ignorePerms = folder.ignorePerms; }) cfg.folders; @@ -120,6 +121,11 @@ in default = 10; }; + ignoreDelete = mkOption { + type = types.bool; + default = false; + }; + ignorePerms = mkOption { type = types.bool; default = true; -- cgit v1.3.1 From f76f819cd7ea3345d9e40778a83209a7adb831b7 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 02:10:29 +0200 Subject: syncthing: alias config.services.syncthing --- krebs/3modules/syncthing.nix | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 3ec0fe09d..23d05b7d4 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -2,28 +2,29 @@ let - cfg = config.krebs.syncthing; + kcfg = config.krebs.syncthing; + scfg = config.services.syncthing; devices = mapAttrsToList (name: peer: { name = name; deviceID = peer.id; addresses = peer.addresses; - }) cfg.peers; + }) kcfg.peers; folders = mapAttrsToList ( _: folder: { inherit (folder) path id type; - devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; + devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; fsWatcherDelayS = folder.watchDelay; ignoreDelete = folder.ignoreDelete; ignorePerms = folder.ignorePerms; - }) cfg.folders; + }) kcfg.folders; getApiKey = pkgs.writeDash "getAPIKey" '' ${pkgs.libxml2}/bin/xmllint \ --xpath 'string(configuration/gui/apikey)'\ - ${config.services.syncthing.dataDir}/config.xml + ${scfg.dataDir}/config.xml ''; updateConfig = pkgs.writeDash "merge-syncthing-config" '' @@ -136,19 +137,19 @@ in }; }; - config = (mkIf cfg.enable) { + config = mkIf kcfg.enable { - systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { + systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) { preStart = '' - ${optionalString (cfg.cert != null) '' - cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem - chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ${optionalString (kcfg.cert != null) '' + cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem + chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem + chmod 400 ${scfg.dataDir}/cert.pem ''} - ${optionalString (cfg.key != null) '' - cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem - chmod 400 ${config.services.syncthing.dataDir}/key.pem + ${optionalString (kcfg.key != null) '' + cp ${toString kcfg.key} ${scfg.dataDir}/key.pem + chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem + chmod 400 ${scfg.dataDir}/key.pem ''} ''; }; @@ -158,7 +159,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = config.services.syncthing.user; + User = scfg.user; RemainAfterExit = true; Type = "oneshot"; ExecStart = updateConfig; -- cgit v1.3.1 From f63aa737e6c8c693b67af930a8d7286ad60ce942 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 01:36:50 +0200 Subject: syncthing: get GUI address from config --- krebs/3modules/syncthing.nix | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 23d05b7d4..f653f7fa5 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -29,15 +29,36 @@ let updateConfig = pkgs.writeDash "merge-syncthing-config" '' set -efu + + # XXX this assumes the GUI address to be "IPv4 address and port" + host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)} + port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)} + # wait for service to restart - ${pkgs.untilport}/bin/untilport localhost 8384 + ${pkgs.untilport}/bin/untilport "$host" "$port" + API_KEY=$(${getApiKey}) - CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) - echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { - "devices": ${builtins.toJSON devices}, - "folders": ${builtins.toJSON folders} - }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- - ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST + + _curl() { + ${pkgs.curl}/bin/curl \ + -Ss \ + -H "X-API-Key: $API_KEY" \ + "http://$host:$port/rest""$@" + } + + old_config=$(_curl /system/config) + patch=${shell.escape (toJSON { + inherit devices folders; + })} + new_config=$(${pkgs.jq}/bin/jq -en \ + --argjson old_config "$old_config" \ + --argjson patch "$patch" \ + ' + $old_config * $patch + ' + ) + echo $new_config | _curl /system/config -d @- + _curl /system/restart -X POST ''; in -- cgit v1.3.1 From 167176b41790541bd6a03f0ba1358b3d70a0531f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 12:43:32 +0200 Subject: exim-retiolum module: drop api and imp --- krebs/3modules/exim-retiolum.nix | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index e08024977..bf37a1ef7 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,15 +1,8 @@ -{ config, pkgs, lib, ... }: - with import ; -let +{ config, pkgs, lib, ... }: let cfg = config.krebs.exim-retiolum; - - out = { - options.krebs.exim-retiolum = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { +in { + options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; local_domains = mkOption { type = with types; listOf hostname; @@ -29,8 +22,7 @@ let ]; }; }; - - imp = { + config = lib.mkIf cfg.enable { krebs.exim = { enable = true; config = @@ -118,4 +110,4 @@ let ''; }; }; -in out +} -- cgit v1.3.1 From aca9d77a733b2e30c68d95eb804ee143d45aa60f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 12:52:36 +0200 Subject: tv vim nix: add nested exim --- tv/5pkgs/vim/nix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index a58a45b2d..747ab0bc0 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -130,6 +130,7 @@ with import ; c = {}; cabal = {}; diff = {}; + exim = {}; haskell = {}; jq.extraStart = alts [ (writer "Jq") -- cgit v1.3.1 From 3d4d39eecc86b9b67c74ec3c9997099c3f243970 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 12:55:16 +0200 Subject: exim modules: mark nested syntax --- krebs/3modules/exim-retiolum.nix | 2 +- krebs/3modules/exim-smarthost.nix | 6 +++--- krebs/3modules/exim.nix | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index bf37a1ef7..dbd98d059 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -29,7 +29,7 @@ in { # This configuration makes only sense for retiolum-enabled hosts. # TODO modular configuration assert config.krebs.tinc.retiolum.enable; - '' + /* exim */ '' keep_environment = primary_hostname = ${cfg.primary_hostname} diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 5f93ae937..e988fb563 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -121,7 +121,7 @@ let }; krebs.exim = { enable = true; - config = '' + config = /* exim */ '' keep_environment = primary_hostname = ${cfg.primary_hostname} @@ -233,7 +233,7 @@ let remote_smtp: driver = smtp - ${optionalString (cfg.dkim != []) (indent '' + ${optionalString (cfg.dkim != []) (indent /* exim */ '' dkim_canon = relaxed dkim_domain = $sender_address_domain dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} @@ -262,7 +262,7 @@ let begin rewrite begin authenticators - ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${concatStringsSep "\n" (mapAttrsToList (name: text: /* exim */ '' ${name}: ${indent text} '') cfg.authenticators)} diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..83d88cb0d 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -37,7 +37,7 @@ in { }; config = lib.mkIf cfg.enable { environment = { - etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' + etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" /* exim */ '' exim_user = ${cfg.user.name} exim_group = ${cfg.group.name} exim_path = /run/wrappers/bin/exim -- cgit v1.3.1 From bd12c487c31b448b87e37efbae74953df689e7f4 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jun 2019 21:06:48 +0200 Subject: exim-retiolum module: integrate rspamd --- krebs/3modules/exim-retiolum.nix | 47 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index dbd98d059..854fdd70e 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -21,7 +21,32 @@ in { "*.r" ]; }; + rspamd = { + enable = mkEnableOption "krebs.exim-retiolum.rspamd" // { + default = false; + }; + local_networks = mkOption { + type = types.listOf types.cidr; + default = [ + config.krebs.build.host.nets.retiolum.ip4.prefix + config.krebs.build.host.nets.retiolum.ip6.prefix + ]; + }; + }; }; + imports = [ + { + config = lib.mkIf cfg.rspamd.enable { + services.rspamd.enable = true; + services.rspamd.locals."options.inc".text = '' + local_networks = ${toJSON cfg.rspamd.local_networks}; + ''; + users.users.${config.krebs.exim.user.name}.extraGroups = [ + config.services.rspamd.group + ]; + }; + } + ]; config = lib.mkIf cfg.enable { krebs.exim = { enable = true; @@ -36,6 +61,10 @@ in { domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + ${optionalString cfg.rspamd.enable /* exim */ '' + spamd_address = /run/rspamd/rspamd.sock variant=rspamd + ''} + acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data @@ -64,6 +93,24 @@ in { acl_check_data: + ${optionalString cfg.rspamd.enable /* exim */ '' + accept condition = ''${if eq{$interface_port}{587}} + + warn remove_header = ${concatStringsSep " : " [ + "x-spam" + "x-spam-report" + "x-spam-score" + ]} + + warn + spam = nobody:true + + warn + condition = ''${if !eq{$spam_action}{no action}} + add_header = X-Spam: Yes + add_header = X-Spam-Report: $spam_report + add_header = X-Spam-Score: $spam_score + ''} accept -- cgit v1.3.1 From 3d639bcf8787c35f34d6e6add4a03f67a2435a52 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jun 2019 21:18:58 +0200 Subject: tv exim-retiolum: enable rspamd at nomic --- tv/2configs/exim-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index 8b34b16cf..3d4ada46b 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -7,5 +7,6 @@ with import ; pkgs.eximlog ]; krebs.exim-retiolum.enable = true; + krebs.exim-retiolum.rspamd.enable = config.krebs.build.host.name == "nomic"; tv.iptables.input-retiolum-accept-tcp = singleton "smtp"; } -- cgit v1.3.1 From 8a48f8dd6802c3239d433d381228e86fc2781e29 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 24 Jun 2019 03:15:34 +0200 Subject: exim-retiolum module: replace UCL by "JSON" --- krebs/3modules/exim-retiolum.nix | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 854fdd70e..89a05c8fc 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,6 +1,15 @@ with import ; { config, pkgs, lib, ... }: let cfg = config.krebs.exim-retiolum; + + # Due to improvements to the JSON notation, braces around top-level objects + # are not necessary^Wsupported by rspamd's parser when including files: + # https://github.com/rspamd/rspamd/issues/2674 + toMostlyJSON = value: + assert typeOf value == "set"; + (s: substring 1 (stringLength s - 2) s) + (toJSON value); + in { options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; @@ -25,12 +34,16 @@ in { enable = mkEnableOption "krebs.exim-retiolum.rspamd" // { default = false; }; - local_networks = mkOption { - type = types.listOf types.cidr; - default = [ - config.krebs.build.host.nets.retiolum.ip4.prefix - config.krebs.build.host.nets.retiolum.ip6.prefix - ]; + locals = { + options = { + local_networks = mkOption { + type = types.listOf types.cidr; + default = [ + config.krebs.build.host.nets.retiolum.ip4.prefix + config.krebs.build.host.nets.retiolum.ip6.prefix + ]; + }; + }; }; }; }; @@ -38,9 +51,12 @@ in { { config = lib.mkIf cfg.rspamd.enable { services.rspamd.enable = true; - services.rspamd.locals."options.inc".text = '' - local_networks = ${toJSON cfg.rspamd.local_networks}; - ''; + services.rspamd.locals = + mapAttrs' + (name: value: nameValuePair "${name}.inc" { + text = toMostlyJSON value; + }) + cfg.rspamd.locals; users.users.${config.krebs.exim.user.name}.extraGroups = [ config.services.rspamd.group ]; -- cgit v1.3.1 From d343910e98736a94431fcac3da21274d2ecec449 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 24 Jun 2019 03:16:02 +0200 Subject: exim-retiolum module: optionalize rspamd log level --- krebs/3modules/exim-retiolum.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 89a05c8fc..118a8b2d5 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -35,6 +35,19 @@ in { default = false; }; locals = { + logging = { + level = mkOption { + type = types.enum [ + "error" + "warning" + "notice" + "info" + "debug" + "silent" + ]; + default = "notice"; + }; + }; options = { local_networks = mkOption { type = types.listOf types.cidr; -- cgit v1.3.1 From b951f7a50ba93cda19787540b8cb8008d64e6b82 Mon Sep 17 00:00:00 2001 From: zx9w Date: Tue, 25 Jun 2019 17:34:55 +0000 Subject: external: Added uppreisn to the VPN (Ilmu) --- krebs/3modules/external/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index ac656f463..17fe941f4 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -411,6 +411,31 @@ in { }; }; }; + uppreisn = { + owner = config.krebs.users.ilmu; + nets = { + retiolum = { + ip4.addr = "10.243.42.313"; + aliases = [ "ilmu.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAweAz7KtgYVuAfqP7Zoax + BrQ++qig30Aabnou5C62bYIf1Fn8Z9RbDROTmkGeF7No7mZ7wH0hNpRXo1N/sLNt + gr4bX7fXAvQ3NeeoMmM6VcC+pExnE4NMMnu0Dm3Z/WcQkCsJukkcvpC1gWkjPXea + gn3ODl2wbKMiRBhQDA2Ro0zDQ+gAIsgtS9fDA85Rb0AToLwifHHavz81SXF+9piv + qIl3rJZVBo1kOiolv5BCh4/O+R5boiFfPGAiqEcob0cTcmSCXaMqis8UNorlm08j + ytNG7kazeRQb9olJ/ovCA1b+6iAZ4251twuQkHfNdfC3VM32jbGq7skMyhX3qN/b + WoHHeBZR8eH5MpTTIODI+r4cLswAJqlCk816bGMmg6MuZutTlQCRTy1S/wXY/8ei + STAZ1IZH6dnwCJ9HXgMC6hcYuOs/KmvSdaa7F+yTEq83IAASewbRgn/YHsMksftI + d8db17rEOT5uC1jOGKF98d7e30MX5saTJZLB6XmNDsql/lFoooGzTz/L80JUYiJ0 + fQFADznZpA+NE+teOH9aXsucDQkX6BOPSO4XKXV86RIejHUSEx5WdaqGOUfmhFUo + 9hZhr0qiiKNlXlP8noM9n+hPNKNkOlctQcpnatgdU3uQMtITPyKSLMUDoQIJlSgq + lak5LCqzwU9qa9EQSU4nLZ0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; inspector = { owner = config.krebs.users.Mic92; nets = rec { -- cgit v1.3.1 From a60cb265359e5055e83d6d65a5f6fcd73fb9454b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Jun 2019 20:42:11 +0200 Subject: uppreisn fixup --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 17fe941f4..1f39f93cc 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -415,7 +415,7 @@ in { owner = config.krebs.users.ilmu; nets = { retiolum = { - ip4.addr = "10.243.42.313"; + ip4.addr = "10.243.42.13"; aliases = [ "ilmu.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- -- cgit v1.3.1 From 0820daacaaf47d040307e62161e50204c783b6da Mon Sep 17 00:00:00 2001 From: zx9w Date: Tue, 25 Jun 2019 17:36:51 +0000 Subject: external: Put Matchbox and Inspector in alphabetic order --- krebs/3modules/external/default.nix | 106 ++++++++++++++++++------------------ 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1f39f93cc..d734e38ad 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -229,6 +229,35 @@ in { }; }; }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -241,6 +270,30 @@ in { }; }; }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -436,59 +489,6 @@ in { }; }; }; - inspector = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - matchbox = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.176"; - aliases = [ "matchbox.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m - VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w - nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u - TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE - TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 - yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO - 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 - Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ - bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 - nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR - /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; miaoski = { owner = config.krebs.users.miaoski; nets = { -- cgit v1.3.1 From f58c0e336659fc85f16dc0852dfd051e593ec2c5 Mon Sep 17 00:00:00 2001 From: zx9w Date: Tue, 25 Jun 2019 17:37:56 +0000 Subject: external: Added user ilmu, and email. --- krebs/3modules/external/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index d734e38ad..7e8b2e745 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -520,6 +520,9 @@ in { mail = "dickbutt@excogitation.de"; pubkey = ssh-for "exco"; }; + ilmu = { + mail = "ilmu@rishi.is"; + }; jan = { mail = "jan.heidbrink@posteo.de"; }; -- cgit v1.3.1 From 1d23dceb5d2c536790a00fcde30743b958f1018f Mon Sep 17 00:00:00 2001 From: name Date: Tue, 25 Jun 2019 20:46:28 +0200 Subject: external: Add pie --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7e8b2e745..1720811d9 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -489,6 +489,31 @@ in { }; }; }; + unnamed = { + owner = config.krebs.users.pie_; + nets = { + retiolum = { + ip4.addr = "10.243.3.14"; + aliases = [ "unnamed.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvGXVl+WV/bDxFAnYnAhZ + 2rHCU5dqtBvSg0sywV1j++lEuELBx4Zq14qyjDRGkkIGdgzCZBLK2cCgxPJ3MRFx + ZwiO3jPscTu3I7zju7ULO/LqGQG+Yf86estfGh394zFJ2rnFSwegeMNqCpOaurOH + GuYtNdjkxn/2wj00s+JEJjCNRMg8bkTMT3czuTr2k+6ICI8SgLZMDH7TjRfePHEW + X9/v4O3kMSZccT/wZWmezXuYlO7CJs7f4VV98z+sgubmIZz3uLfQFY8y9gmGp46y + 5n5QyD0iIqkLNGIldNnToVJPToRaW5OdNKtZFayU4pWZ296sEcJI0NWLYqy7yZfD + PG2FlCQmebUxMYk+iK0cYRLFzOgnr14uXihXxhuHYJ8R1VIbWuto1YFGUv5J/Jct + 3vgjwOlHwZKC9FTqnRjgp58QtnKneXGNZ446eKHUCmSRDKl8fc/m9ePHrISnGROY + gXMieAmOZtsQIxwRpBGCLjrr3sx8RRNY8ROycqPaQWp3upp61jAvvQW3SIvkp1+M + jGvfebJOSkEZurwGcWUar9w9t/oDfsV+R9Nm9n2IkdkNlnvXD1rcj7KqbFPtGf1a + MmB3AmwyIVv9Rk1Vpjkz4EtL4kPqiuhPrf1bHQhAdcwqwFGyo8HXsoMedb3Irhwm + OxwCRYLtEweku7HLhUVTnDkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; miaoski = { owner = config.krebs.users.miaoski; nets = { @@ -555,5 +580,6 @@ in { }; filly = { }; + pie_ = {}; }; } -- cgit v1.3.1