From d63de0f8604a5155a62c88f04c94905238d00011 Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 12 Jan 2018 12:01:08 +0100 Subject: jeschli enklave: import IMw --- jeschli/1systems/enklave/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 010089017..76e718699 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -4,6 +4,7 @@ imports = [ + { networking.dhcpcd.allowInterfaces = [ -- cgit v1.2.3 From 05b3e4b0cb4e83dcc84939919ca0a83e694606bf Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 12 Jan 2018 12:03:01 +0100 Subject: jeschli: +irc alias --- jeschli/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 6d788d283..0ac3708bb 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -23,6 +23,9 @@ with import ; proot populate + # aliases + (writeDashBin "irc" "ssh chat@enklave -t tmux a") + #style most rxvt_unicode.terminfo -- cgit v1.2.3 From 3131b72a7c2a260e2f985a0fc8abccae7cce9280 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 19 Jan 2018 10:36:35 +0100 Subject: j bln: +virtualbox --- jeschli/1systems/bln/config.nix | 1 + jeschli/2configs/virtualbox.nix | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 jeschli/2configs/virtualbox.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9e5f8c52e..9c491c8a1 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix # ./dcso-vpn.nix ]; diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix new file mode 100644 index 000000000..b2cb851a1 --- /dev/null +++ b/jeschli/2configs/virtualbox.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.markus; + +in { + #services.virtualboxHost.enable = true; + virtualisation.virtualbox.host.enable = true; + + users.extraUsers = { + virtual = { + name = "virtual"; + description = "user for running VirtualBox"; + home = "/home/virtual"; + useDefaultShell = true; + extraGroups = [ "vboxusers" "audio" ]; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(virtual) NOPASSWD: ALL + ''; +} -- cgit v1.2.3 From 7b4bb4646815beafb56782b7934fbc755602dcc4 Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 19 Jan 2018 13:30:41 +0100 Subject: jeschli: +IM --- jeschli/2configs/IM.nix | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 jeschli/2configs/IM.nix diff --git a/jeschli/2configs/IM.nix b/jeschli/2configs/IM.nix new file mode 100644 index 000000000..171b78242 --- /dev/null +++ b/jeschli/2configs/IM.nix @@ -0,0 +1,56 @@ +with (import ); +{ config, lib, pkgs, ... }: +let + tmux = pkgs.writeDashBin "tmux" '' + export TERM=xterm-256color + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g default-terminal screen-256color + ''} "$@" + ''; +in { + + services.bitlbee = { + enable = true; + portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + pkgs.bitlbee-discord + ]; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-brauerei.pubkey + ]; + packages = [ tmux ]; + }; + + + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.rxvt_unicode.terminfo + ]; + + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux}/bin/tmux kill-session -t IM"; + }; + }; +} -- cgit v1.2.3 From 2398bc71ee5cf5fc8a28eae825792bc5c14ab4ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 20 Jan 2018 12:49:37 +0100 Subject: l radio: force play regularly --- lass/2configs/radio.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7f531bf3a..a83d51f1d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -118,6 +118,7 @@ in { if test $(timeLeft) -le $LIMIT; then ${add_random}/bin/add_random fi + ${pkgs.mpc_cli}/bin/mpc play > /dev/null ''; in { description = "radio playlist autoadder"; -- cgit v1.2.3 From 247aad46d30a6baa79e3b489e57c63ee8f9a430e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 20 Jan 2018 13:03:21 +0100 Subject: l mors.r: use nixUnstable --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c231a0b10..936666a73 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -192,7 +192,7 @@ with import ; ''; }; - #nix.package = pkgs.nixUnstable; + nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" ]; } -- cgit v1.2.3 From 3bd62207d4b60db4ca5f89bb84dc842b62bdfbaf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 20 Jan 2018 13:03:51 +0100 Subject: l: set ssh agentTimeout to 10m --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 5cb7eb03f..5ca024574 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,6 +53,7 @@ in { time.timeZone = "Europe/Berlin"; + programs.ssh.agentTimeout = "10m"; programs.ssh.startAgent = true; services.openssh.forwardX11 = true; -- cgit v1.2.3 From baf4fc520b9faae6ad07c1b9f6d6623b92768ce6 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 20 Jan 2018 20:49:48 +0000 Subject: j: +bolide --- jeschli/1systems/bolide/config.nix | 134 +++++++++++++++++++++ jeschli/1systems/bolide/hardware-configuration.nix | 32 +++++ jeschli/1systems/bolide/source.nix | 4 + krebs/3modules/jeschli/default.nix | 40 ++++++ 4 files changed, 210 insertions(+) create mode 100644 jeschli/1systems/bolide/config.nix create mode 100644 jeschli/1systems/bolide/hardware-configuration.nix create mode 100644 jeschli/1systems/bolide/source.nix diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix new file mode 100644 index 000000000..cb3eb0396 --- /dev/null +++ b/jeschli/1systems/bolide/config.nix @@ -0,0 +1,134 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + + + ]; + + krebs.build.host = config.krebs.hosts.bolide; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only + boot.initrd.luks.devices = [ { + name = "bla"; + device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0"; + preLVM = true; + allowDiscards = true; + } ]; +# networking.hostName = "bolide"; # Define your hostname. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + wget vim + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + # rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + +} + diff --git a/jeschli/1systems/bolide/hardware-configuration.nix b/jeschli/1systems/bolide/hardware-configuration.nix new file mode 100644 index 000000000..183b29e42 --- /dev/null +++ b/jeschli/1systems/bolide/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + fileSystems."/" = + { device = "/dev/bolide-pool/bolide-root"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/bolide-pool/bolide-home"; + fsType = "ext4"; + }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3aeb67c4-5b6e-4df2-8013-607fe0fb8525"; + fsType = "ext4"; + }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/jeschli/1systems/bolide/source.nix b/jeschli/1systems/bolide/source.nix new file mode 100644 index 000000000..0bd7af50f --- /dev/null +++ b/jeschli/1systems/bolide/source.nix @@ -0,0 +1,4 @@ +import { + name = "bolide"; + secure = true; +} diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index c7e882742..ed9bfad29 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -163,6 +163,43 @@ with import ; }; }; + bolide = { + nets = { + retiolum = { + ip4.addr = "10.243.27.31"; + ip6.addr = "42::31"; + aliases = [ + "bolide.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAn9mkcX4WvyClMxiHgpvM7nNFbGuUVIxM71luzhfroTxMxcWBcik+ + m7ensF256uQeUw4+y/d3wVj06ARnJubdGa1zrM54ghLp6dDTULnUhPfgIbCeP+Zz + A9hlZsD+yx9ZkPmSMhaakz5dKVlx9KFy4IrS42uGCquXIZ979loZ0372MxYxmPEY + sIiuZXQcLOiJa5ajJMHS2UEkr4rCvpa/nOJ3AcEl0QbCjX1WALjPZEw9Ogrwergy + tv0d8dkXHB80DZ4sEjA7+BxB/sVrI4YpT9diTqEHNlkhjYjk6x9o0aBAIfJoyFYK + Yo2eb8SYN4qwoNbtXr5JLvT0i6thT2R+jXm9h11NIGS91x4cJc2P7eIZI2J33gsV + VOfcZ4BfJSQSbd1G12EpgzM6UlorNGMqG2DfH3XPbQ0Ez19tNlEUqlbT3dnvVA5y + kpwWDEJrZB3SDvwtHQf9/4j/jXFlMNu4GE1kcwm+a4LvGFne37atY3irv3xZ9ih4 + ygRbKfFFmxTqK3Cl2Vwxf/dsUm/P+hVF5nzROu7v7wkyU90nYp/AnpXywc4rEAVj + M8/7H6OlY59yqElJkSdsMum7HtytpsvvenQWW85Ycz+/Ti3nmYuaILgme2Q6JfA3 + c6aNRv8A31m4GIuacHNGJOi2WfJab076bYw82HnX4bVoft9i2SxjZrXr75euz/4k + jGC4A4YQnrUi4wTBiSc3jm69wb3NXHYoKHjDIwDUUI91vUOKaTO/09RlAYr5EWT3 + nekSaOu9nCrpTR6dq+yc4MktFjHBKPs2ReFKfDHkYzKiNSn5Ei9g3QhpCMF1LE19 + RDvBbFawXtH3M8JHofalwsek44eso0tWA3RzFmiH2WzSLD2UV8a2la9vIfJbMvw3 + LqunwCgC0QWtSTjh+X6H0MBKcGcie5bisKfkXQExx0cnNERDoXpe1E8g5EmJBt2B + 8anRC6thNhpAuMTB8hZy+RP9AsRBxUE9lr9oKDH3JrHRBk1S4LktuNL3Zf8UqnRO + s7hGPzr8nw5yXV61xXFmXwA0snBsNfo83XpuiWJgz2qrz6/EWLZBgnLNyq22udxl + O9EGExulbija5rmrSp1MGi7K2K2qAx06KP3C1TerpSY0BW6ZhX/4MK/WIRihDBG4 + JLg/gxX/4FES2qGmjCkW74TQDHq6B8xFuJQ3y5nD1cZBN4+VDNb1+mQbR06Zn0Sc + pDASYWimJzqxR+s/cr0a8PwoE/RdjwOYlXIOW4tDcK12Am6XRRf87cycG9ueNzhy + RwrvUJ4JMyUA5sbo2sbumAMqiytNZ7ReRVK6S5IiMpysr4/lHb2OQSPhQArDCprg + KXNgncRZsrL9VgVueVmOp45qkAkapeQ8wQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { @@ -176,5 +213,8 @@ with import ; jeschli-brauerei = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"; }; + jeschli-bolide = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnLjnFw3OYJJy/ID9RCWHTtnVcKRfROIj1tJdJZoOWzGMY+kgyCN/WNBg7JJtCW22yU5O3ftSdN851URCBZ6FgYmcvURBxUOKPlyX5EoxUrrnbmtxJM9+OIT3Dt2RWfrqX6aEQ57nwe/qIFKo9UaoedB/FOzsw1f3U5zBxVuWVRQrsnPxkbPWHmPAGB4CvL897tb83uecDexmGZpLe/0dN4768i2nYaSwrNL+HtqZCvkEqEmnfHlmqqXhiuq83q8su/WSXAtDbUVucG3frgOir14YCbrWKf59+MugxhYOEYBqp+KME5+niFGoulg+NBW/HzH6U+DiH4RFBJhCu1Gr jeschli@bolide"; + }; }; } -- cgit v1.2.3 From 767122003dd4389692e0a736ececd0a3372d4008 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Jan 2018 19:57:36 +0100 Subject: l nixpkgs: d9a2891 -> 5141f28 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index eaae841fd..223954a51 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d9a2891"; + ref = "5141f28"; }; secrets = getAttr builder { buildbot.file = toString ; -- cgit v1.2.3 From 697b202e25d9c738e6d5ebf265f1005520cfb1ac Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 22 Jan 2018 18:05:43 +0100 Subject: l zsh: use zsh in nix-shell & better prompt --- lass/2configs/zsh.nix | 64 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 25 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 7b0ef79f3..f2c32ba26 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -72,25 +72,6 @@ alias la='ls -la' #fancy window title magic - case $TERM in - (*xterm* | *rxvt*) - function precmd { - if test -n "$SSH_CLIENT"; then - echo -ne "\033]0;$$ $USER@$HOST $PWD\007" - else - echo -ne "\033]0;$$ $USER@$PWD\007" - fi - } - # This is seen while the shell waits for a command to complete. - function preexec { - if test -n "$SSH_CLIENT"; then - echo -ne "\033]0;$$ $USER@$HOST $PWD $1\007" - else - echo -ne "\033]0;$$ $USER@$PWD $1\007" - fi - } - ;; - esac ''; promptInit = '' # TODO: figure out why we need to set this here @@ -101,27 +82,60 @@ autoload -U promptinit promptinit - error='%(?..%F{red}%?%f )' + p_error='%(?..%F{red}%?%f )' + t_error='%(?..%? )' case $UID in 0) - username='%F{red}root%f ' + p_username='%F{red}root%f' + t_username='root' ;; 1337) - username="" + p_username="" + t_username="" ;; *) - username='%F{blue}%n%f ' + p_username='%F{blue}%n%f' + t_username='%n' ;; esac if test -n "$SSH_CLIENT"; then - PROMPT="$error$username@%F{magenta}%M%f %~ " + p_hostname='@%F{magenta}%M%f ' + t_hostname='@%M ' + else + p_hostname="" + t_hostname="" + fi + + #check if in nix shell + if test -n "$buildInputs"; then + p_nixshell='%F{green}[s]%f ' + t_nixshell='[s] ' else - PROMPT="$error$username%~ " + p_nixshell="" + t_nixshell="" fi + + PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " + TITLE="$t_error$t_username$t_hostname$t_nixshell%~" + case $TERM in + (*xterm* | *rxvt*) + function precmd { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED\007" + } + # This is seen while the shell waits for a command to complete. + function preexec { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + } + ;; + esac ''; }; + environment.shellAliases.ns = "nix-shell --command zsh"; + users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; users.users.root.shell = "/run/current-system/sw/bin/zsh"; } -- cgit v1.2.3 From 10f27ee8bd7a7f56f634dc8ea2bc4d40db9e655a Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 23 Jan 2018 19:35:46 +0100 Subject: j vim: refactoring --- jeschli/2configs/vim.nix | 148 +++++++++++++++++++++++++++++------------------ 1 file changed, 92 insertions(+), 56 deletions(-) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 1a2231a86..65ce7dfa4 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: +with import ; let customPlugins.vim-javascript = pkgs.vimUtils.buildVimPlugin { name = "vim-javascript"; @@ -16,72 +17,76 @@ let owner = "mxw"; repo = "vim-jsx"; rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; in { -# { environment.systemPackages = [ (pkgs.vim_configurable.customize { name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - :map nf :NERDTreeToggle - set autowrite - set number - set ruler - set path+=** - set wildmenu - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif + vimrcConfig.customRC = let + colorscheme = ''colorscheme molokai''; + setStatements = '' + set autowrite + set clipboard=unnamedplus + set nocompatible + set path+=** + set ruler + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + set undofile "turn on the feature + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set listchars=trail:¶ + ''; + remapStatements = '' + imap jk + map gr :GoRun " Map gr to execute go run + map nf :NERDTreeToggle + nnoremap + nnoremap :bnext + noremap x "_x + vmap v v + ''; + settingsForGo = '' + let g:go_decls_includes = "func,type" + let g:go_def_mode = 'godef' + let g:go_fmt_command = "goimports" + let g:go_highlight_extra_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_types = 1 + let g:go_list_type = "quickfix" + let g:go_metalinter_autosave = 1 + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:go_snippet_case_type = "camelcase" + let g:go_test_timeout = '10s' + let g:jsx_ext_required = 0 + let g:molokai_original = 1 + let g:rehash256 = 1 ''; + in '' + ${colorscheme} + ${remapStatements} + ${setStatements} + ${settingsForGo} + " I dont know what this line is about + autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 + ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { names = [ + "ctrlp" + "easymotion" + "molokai" + "nerdtree" + "snipmate" + "surround" + "Syntastic" + "undotree" + ]; + } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } @@ -89,4 +94,35 @@ in { ]; }) ]; + + # set up the directories up if they are not there. +# Needs to be changed. +# vim = let +# dirs = { +# backupdir = "$HOME/.cache/vim/backup"; +# swapdir = "$HOME/.cache/vim/swap"; +# undodir = "$HOME/.cache/vim/undo"; +# }; +# files = { +# viminfo = "$HOME/.cache/vim/info"; +# }; +# +# mkdirs = let +# dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); +# in assert out != ""; out; +# alldirs = attrValues dirs ++ map dirOf (attrValues files); +# in unique (sort lessThan alldirs); +# in +# pkgs.symlinkJoin { +# name = "vim"; +# paths = [ +# (pkgs.writeDashBin "vim" '' +# set -efu +# (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) +# exec ${pkgs.vim}/bin/vim "$@" +# '') +# pkgs.vim +# ]; +# }; + } -- cgit v1.2.3 From dcae1c81a715081dfbf9b06b40c1ac78c2438a02 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 23 Jan 2018 19:40:10 +0100 Subject: jeschli brauerei: +aliases --- jeschli/1systems/brauerei/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 2dec45795..e4109c638 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -35,6 +35,13 @@ time.timeZone = "Europe/Amsterdam"; nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget + environment.shellAliases = { + n = "nix-shell"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"' + ''; + }; environment.systemPackages = with pkgs; [ # system helper ag -- cgit v1.2.3 From 59518f2fbdddfe64764b4a549eeabda76b671576 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Jan 2018 19:56:36 +0100 Subject: krebs: disable CI --- krebs/1systems/puyak/config.nix | 1 - krebs/1systems/wolf/config.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index d2664ef84..67257eacd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -7,7 +7,6 @@ - diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 9d6955e7e..1b269e39a 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -12,7 +12,6 @@ in - -- cgit v1.2.3 From 31fc8a8e2e8109eb2b262e907014cdacf58ed9cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Jan 2018 20:00:14 +0100 Subject: l git: show diff of prism/master --- lass/2configs/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 59c0f5220..1fe87c666 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -79,9 +79,9 @@ let nick = config.krebs.build.host.name; channel = "#xxx"; server = "irc.r"; - verbose = false; + verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" "staging*" ]; + branches = [ "master" ]; }; }; }; -- cgit v1.2.3 From 7368b6a9dace5de4a798100066b3583faabb6f7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Jan 2018 23:21:47 +0100 Subject: l mail: template with nix --- lass/2configs/mail.nix | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 962efaf3f..a26f3fcbb 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -1,3 +1,4 @@ +with import ; { pkgs, ... }: let @@ -19,6 +20,14 @@ let text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; ''; + inboxes = [ + { l = "wireguard"; q = [ "wireguard@lists.zx2c4" ]; } + { l = "c-base"; q = [ "c-base.org" ]; } + { l = "security"; q = [ "seclists.org" "security" "bugtraq" ]; } + { l = "nix-devel"; q = [ "nix-devel@googlegroups.com" ]; } + { l = "shack"; q = [ "shackspace.de" ]; } + ]; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -72,22 +81,15 @@ let ''} %r |" virtual-mailboxes \ - "Unread" "notmuch://?query=tag:unread"\ - "INBOX" "notmuch://?query=tag:inbox \ - and NOT to:nix-devel\ - and NOT to:shackspace\ - and NOT to:security\ - and NOT to:c-base" \ - "shack" "notmuch://?query=to:shackspace"\ - "c-base" "notmuch://?query=to:c-base"\ - "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ - "nix" "notmuch://?query=to:nix-devel"\ - "radio" "notmuch://?query=to:radio or tag:radio"\ - "TODO" "notmuch://?query=tag:TODO"\ - "Starred" "notmuch://?query=tag:*"\ - "Archive" "notmuch://?query=tag:archive"\ - "Sent" "notmuch://?query=tag:sent"\ - "Junk" "notmuch://?query=tag:junk" + "Unread" "notmuch://?query=tag:unread"\ + "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (concatMap (l: l.q) inboxes)}"\ + ${concatMapStringsSep "\n" (i: ''${" "}"${i.l}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.q}"\'') inboxes} + "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (concatMap (l: l.q) inboxes)}"\ + "TODO" "notmuch://?query=tag:TODO"\ + "Starred" "notmuch://?query=tag:*"\ + "Archive" "notmuch://?query=tag:archive"\ + "Sent" "notmuch://?query=tag:sent"\ + "Junk" "notmuch://?query=tag:junk" tag-transforms "junk" "k" \ "unread" "u" \ -- cgit v1.2.3 From 22c6aff64698eec5231a9c43b4fb3642d2b97f97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Jan 2018 23:41:16 +0100 Subject: l mail: use attrSets --- lass/2configs/mail.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index a26f3fcbb..7c58e8c5f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -20,13 +20,13 @@ let text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; ''; - inboxes = [ - { l = "wireguard"; q = [ "wireguard@lists.zx2c4" ]; } - { l = "c-base"; q = [ "c-base.org" ]; } - { l = "security"; q = [ "seclists.org" "security" "bugtraq" ]; } - { l = "nix-devel"; q = [ "nix-devel@googlegroups.com" ]; } - { l = "shack"; q = [ "shackspace.de" ]; } - ]; + mailboxes = { + wireguard = [ "wireguard@lists.zx2c4" ]; + c-base = [ "c-base.org" ]; + security = [ "seclists.org" "security" "bugtraq" ]; + nix-devel = [ "nix-devel@googlegroups.com" ]; + shack = [ "shackspace.de" ]; + }; muttrc = pkgs.writeText "muttrc" '' # gpg @@ -82,9 +82,9 @@ let virtual-mailboxes \ "Unread" "notmuch://?query=tag:unread"\ - "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (concatMap (l: l.q) inboxes)}"\ - ${concatMapStringsSep "\n" (i: ''${" "}"${i.l}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.q}"\'') inboxes} - "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (concatMap (l: l.q) inboxes)}"\ + "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\ + ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)} + "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\ "TODO" "notmuch://?query=tag:TODO"\ "Starred" "notmuch://?query=tag:*"\ "Archive" "notmuch://?query=tag:archive"\ -- cgit v1.2.3 From 4851c2fe0e2f4df65b06ece3e0a84c6bab88a525 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 24 Jan 2018 14:49:09 +0100 Subject: nixpkgs: 0b30c1d -> b222a0 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index b952aa2a2..2a45a0092 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -17,6 +17,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04 + ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 }; } -- cgit v1.2.3 From 83b5966b184effe9cfa192a06575c2b145915132 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 24 Jan 2018 14:49:50 +0100 Subject: l nixpkgs: follow krebs --- lass/source.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lass/source.nix b/lass/source.nix index 223954a51..e3332c5de 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -8,10 +8,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "5141f28"; - }; + nixpkgs = (import host).nixpkgs; secrets = getAttr builder { buildbot.file = toString ; lass.pass = { -- cgit v1.2.3 From e00acc20944364ba185cbdedab9347179d2004d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 24 Jan 2018 17:26:24 +0100 Subject: source: enable override --- krebs/source.nix | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/krebs/source.nix b/krebs/source.nix index 2a45a0092..fcc7fb74f 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -1,22 +1,25 @@ with import ; -host@{ name, secure ? false }: let +host@{ name, secure ? false, override ? {} }: let builder = if getEnv "dummy_secrets" == "true" then "buildbot" else "krebs"; _file = + "/krebs/1systems/${name}/source.nix"; in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = getAttr builder { - buildbot.file = toString ; - krebs.pass = { - dir = "${getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; + secrets = getAttr builder { + buildbot.file = toString ; + krebs.pass = { + dir = "${getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; }; - }; - stockholm.file = toString ; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 - }; - } + stockholm.file = toString ; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 + }; + } + override + ] -- cgit v1.2.3 From e55897eb6a195dba6353f79baf7517df99bea379 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Jan 2018 15:53:41 +0100 Subject: l eddi.r: public ip change --- krebs/3modules/lass/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 37bb31563..1634a62ac 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -458,7 +458,8 @@ with import ; external = true; nets = rec { internet = { - ip4.addr = "129.215.90.4"; + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; aliases = [ "eddie.i" ]; }; retiolum = rec { -- cgit v1.2.3 From 7d30101dd3f4b6e1191e37ea6a81c1c33fa535de Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 13:57:55 +0100 Subject: Revert "ma hw/stk1160: rip" This reverts commit 1cbc2e5aa359e7e9b4b32c9ef75902576347a6d0. --- makefu/1systems/x/config.nix | 6 ++---- makefu/2configs/hw/stk1160.nix | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 makefu/2configs/hw/stk1160.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 3686acb6e..a32db91e1 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -61,7 +61,7 @@ with import ; - # + # # Filesystem @@ -86,6 +86,7 @@ with import ; nixpkgs.config.allowUnfree = true; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -103,7 +104,4 @@ with import ; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - - nix.package = pkgs.nixUnstable; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix new file mode 100644 index 000000000..b3a9e1a5a --- /dev/null +++ b/makefu/2configs/hw/stk1160.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; + nixpkgs.config.packageOverrides = pkgs: { + linux_4_9 = pkgs.linux_4_9.override { + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160_AC97 y + VIDEO_STK1160 m + ''; + }; + }; +} -- cgit v1.2.3 From a645fb4b9acd5103bcb1b33ada8ba93f120834fa Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:15:02 +0100 Subject: ma photostore.krebsco.de: enable ssl --- makefu/2configs/deployment/photostore.krebsco.de.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index 9e16a384a..ecbca9ea3 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -26,14 +26,16 @@ in { services.nginx = { enable = mkDefault true; virtualHosts."photostore.krebsco.de" = { - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; }; }; }; -- cgit v1.2.3 From 0c8071080121deb593be0899bc20ec3eb3169688 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:15:48 +0100 Subject: ma gum.r: add vpn pubkeys for work router --- makefu/1systems/gum/config.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index f473d9e4c..a656fdce3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -109,6 +109,8 @@ in { #} { # wireguard server + # opkg install wireguard luci-proto-wireguard + # TODO: networking.nat # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; @@ -136,9 +138,23 @@ in { allowedIPs = [ "10.244.0.3/32" ]; publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } ]; }; } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } ]; makefu.dl-dir = "/var/download"; -- cgit v1.2.3 From 79ac162a9e967993252d910f5a6bb74c810fd0a1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:16:11 +0100 Subject: ma hw/stk1160: bump linux kernel --- makefu/2configs/hw/stk1160.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index b3a9e1a5a..bdd146365 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,9 +1,8 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { + linux_4_14 = pkgs.linux_4_14.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m -- cgit v1.2.3 From 0cad7868a46613eb76fe1a8271efe2a9230e85ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 28 Jan 2018 15:08:50 +0100 Subject: infest prepare: define _which on nixos_iso --- krebs/4lib/infest/prepare.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 78c1c6ec1..cbc62102c 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -81,6 +81,9 @@ prepare_debian() { } prepare_nixos_iso() { + _which() ( + type -p "$1" + ) mountpoint /mnt type git 2>/dev/null || nix-env -iA nixos.git -- cgit v1.2.3 From cd276a21f2aa55192e072ac8339b45201066d58b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 15:09:18 +0100 Subject: wolf.r: pin et0 --- krebs/1systems/wolf/config.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 1b269e39a..6addb0818 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -2,6 +2,9 @@ let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; influx-host = "127.0.0.1"; + ext-if = "et0"; + external-mac = "52:54:b0:0b:af:fe"; + in { imports = [ @@ -111,7 +114,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces.enp0s3.ip4 = [{ + interfaces."${ext-if}".ip4 = [{ address = shack-ip; prefixLength = 20; }]; @@ -160,6 +163,9 @@ in config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; time.timeZone = "Europe/Berlin"; sound.enable = false; -- cgit v1.2.3 From 1f8ad80695e93687999b8151ddd2e7f2c40b085b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 15:12:37 +0100 Subject: ma cgit: disable irc hook --- makefu/2configs/git/cgit-retiolum.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index da246f66a..eacbd99cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -53,15 +53,6 @@ let make-krebs-repo = with git; name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "gum"; - channel = "#xxx"; - # TODO remove the hardcoded hostname - server = "irc.r"; - }; - }; }; -- cgit v1.2.3 From 32c800ec3fc508c6c8d025a31c9b922d9fdbe04d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 15:19:26 +0100 Subject: ma hw/stk1160: fix invalid kernel option --- makefu/2configs/hw/stk1160.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index bdd146365..4ac639a25 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -6,7 +6,6 @@ extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m - VIDEO_STK1160_AC97 y VIDEO_STK1160 m ''; }; -- cgit v1.2.3 From eb1ecbe5b49e74862d61e67235e9eb74862cae56 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sun, 28 Jan 2018 18:32:29 +0000 Subject: jeschli vim: +vim-elm --- jeschli/2configs/vim.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 65ce7dfa4..7721b1d40 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -20,6 +20,7 @@ let sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; + in { environment.systemPackages = [ (pkgs.vim_configurable.customize { @@ -65,11 +66,17 @@ in { let g:molokai_original = 1 let g:rehash256 = 1 ''; - + settingsForElm = '' + let g:polyglot_disabled = ['elm'] + let g:elm_detailed_complete = 1 + let g:elm_format_autosave = 1 + let g:elm_syntastic_show_warnings = 1 + ''; in '' ${colorscheme} ${remapStatements} ${setStatements} + ${settingsForElm} ${settingsForGo} " I dont know what this line is about autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 @@ -85,6 +92,7 @@ in { "surround" "Syntastic" "undotree" + "elm-vim" ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } -- cgit v1.2.3 From 2682c735526d6593795d324a50dda5fd557c6ef1 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sun, 28 Jan 2018 18:34:54 +0000 Subject: jeschli bolide: +j std config --- jeschli/1systems/bolide/config.nix | 184 +++++++++++++++++++------------------ 1 file changed, 96 insertions(+), 88 deletions(-) diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index cb3eb0396..83640801f 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -26,7 +26,7 @@ device = "/dev/disk/by-uuid/53f1eeaf-a7ac-456c-a2af-778dd8b8d5b0"; preLVM = true; allowDiscards = true; - } ]; + } ]; # networking.hostName = "bolide"; # Define your hostname. networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -42,93 +42,101 @@ # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - wget vim - # system helper - ag - curl - copyq - dmenu - git - i3lock - keepass - networkmanagerapplet - rsync - terminator - tmux - wget - # rxvt_unicode - # editors - emacs - # internet - thunderbird - chromium - google-chrome - # programming languages - go - gcc - ghc - python35 - python35Packages.pip - # go tools - golint - gotools - # dev tools - gnumake - jetbrains.pycharm-professional - jetbrains.webstorm - jetbrains.goland - # document viewer - zathura - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.bash.enableCompletion = true; - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - services.xserver.displayManager.sddm.enable = true; - services.xserver.windowManager.xmonad.enable = true; - services.xserver.windowManager.xmonad.enableContribAndExtras = true; - # Enable touchpad support. - # services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. - # services.xserver.displayManager.sddm.enable = true; - # services.xserver.desktopManager.plasma5.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.jeschli = { - isNormalUser = true; - uid = 1000; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? + environment.shellAliases = { + n = "nix-shell"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bolide"' + ''; + }; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + wget vim + # system helper + ag + curl + copyq + dmenu + git + i3lock + keepass + networkmanagerapplet + rsync + terminator + tmux + wget + # rxvt_unicode + # editors + emacs + # internet + thunderbird + chromium + google-chrome + # programming languages + go + gcc + ghc + python35 + python35Packages.pip + # go tools + golint + gotools + # dev tools + elmPackages.elm + gnumake + jetbrains.pycharm-professional + jetbrains.webstorm + jetbrains.goland + # document viewer + zathura + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.bash.enableCompletion = true; + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.xmonad.enableContribAndExtras = true; + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.jeschli = { + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? } -- cgit v1.2.3 From 3ba905f2b0cff91cdeaa46c3eaed34d4bfc01215 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 29 Jan 2018 14:45:26 +0100 Subject: ma wbob-kiosk: provide chromium --- makefu/2configs/gui/wbob-kiosk.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 4b7a0c333..7db749227 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -1,11 +1,13 @@ -{ lib, ... }: +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; + users.users.makefu.packages = [ pkgs.chromium ]; services.xserver = { layout = lib.mkForce "de"; + xkbVariant = lib.mkForce ""; windowManager = lib.mkForce { awesome.enable = false; @@ -16,7 +18,7 @@ # xrandrHeads = [ "HDMI1" "HDMI2" ]; # prevent screen from turning off, disable dpms displayManager.sessionCommands = '' - xset s off -dpms + xset -display :0 s off -dpms xrandr --output HDMI2 --right-of HDMI1 ''; }; -- cgit v1.2.3 From 71397b0aa5f27b0b6dbe22101287f60b237e32f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 29 Jan 2018 14:47:00 +0100 Subject: ma wbob.r: enable mpd via bluetooth --- makefu/1systems/wbob/config.nix | 126 ++++++++++++++++++++-------------------- 1 file changed, 62 insertions(+), 64 deletions(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f44211b93..6434ba273 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -18,7 +18,7 @@ in { - # + @@ -31,6 +31,63 @@ in { # Services + (let + musicDirectory = "/data/music"; + in { + services.mpd = { + enable = true; + inherit musicDirectory; + # dataDir = "/home/anders/.mpd"; + network.listenAddress = "any"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + anonymousClients.allowAll = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + }) # Sensors @@ -147,7 +204,10 @@ in { boot.loader.grub.device = rootdisk; hardware.cpu.intel.updateMicrocode = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + + boot.kernelModules = [ "kvm-intel" + "snd-seq" "snd-rawmidi" + ]; fileSystems = { "/" = { device = rootdisk + "-part1"; @@ -174,66 +234,4 @@ in { serverAddress = "x.r"; }; }; - security.wrappers.fping = { - source = "${pkgs.fping}/bin/fping"; - setuid = true; - }; - services.smokeping = { - enable = true; - targetConfig = '' - probe = FPing - menu = Top - title = Network Latency Grapher - remark = Welcome to this SmokePing website. - - + network - menu = Net latency - title = Network latency (ICMP pings) - - ++ google - probe = FPing - host = google.de - ++ webde - probe = FPing - host = web.de - - + services - menu = Service latency - title = Service latency (DNS, HTTP) - - ++ HTTP - menu = HTTP latency - title = Service latency (HTTP) - - +++ webdeping - probe = EchoPingHttp - host = web.de - - +++ googwebping - probe = EchoPingHttp - host = google.de - - #+++ webwww - #probe = Curl - #host = web.de - - #+++ googwebwww - #probe = Curl - #host = google.de - ''; - probeConfig = '' - + FPing - binary = /run/wrappers/bin/fping - + EchoPingHttp - pings = 5 - url = / - - #+ Curl - ## probe-specific variables - #binary = ${pkgs.curl}/bin/curl - #step = 60 - ## a default for this target-specific variable - #urlformat = http://%host%/ - ''; - }; } -- cgit v1.2.3 From b31a37799eff274215d4cd9d435a9c16d496a88c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 30 Jan 2018 08:11:00 +0100 Subject: ma pkgs.pfsshell: init --- makefu/5pkgs/pfsshell/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 makefu/5pkgs/pfsshell/default.nix diff --git a/makefu/5pkgs/pfsshell/default.nix b/makefu/5pkgs/pfsshell/default.nix new file mode 100644 index 000000000..fc6b37069 --- /dev/null +++ b/makefu/5pkgs/pfsshell/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: +stdenv.mkDerivation rec { + pname = "pfsshell"; + version = "64f8c2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "pfsshell"; + rev = version; + sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8"; + }; + + buildInputs = [ ]; + + makeFlags = [ ]; + + installPhase = '' + mkdir -p $out/bin + cp pfsshell $out/bin + ''; + + meta = { + homepage = https://github.com/uyjulian/pfsshell ; + description = "browse and transfer files to/from PFS filesystems"; + }; +} -- cgit v1.2.3 From 7b49153a48924274a9174002e766b9f56b532ba2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 30 Jan 2018 18:15:57 +0100 Subject: l zsh: set as default shell for everyone --- lass/2configs/zsh.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index f2c32ba26..add30fbf1 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -136,6 +136,5 @@ }; environment.shellAliases.ns = "nix-shell --command zsh"; - users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; - users.users.root.shell = "/run/current-system/sw/bin/zsh"; + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } -- cgit v1.2.3 From ffc294575cb59585c3bfb6b85fa45fb69cdf1d41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 30 Jan 2018 19:05:10 +0100 Subject: init ftb --- krebs/5pkgs/simple/ftb/default.nix | 51 ++++++++++++++++++++++++++++++++++++++ lass/2configs/games.nix | 4 +++ 2 files changed, 55 insertions(+) create mode 100644 krebs/5pkgs/simple/ftb/default.nix diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix new file mode 100644 index 000000000..199c12b44 --- /dev/null +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchurl, makeDesktopItem +, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm +, openjdk +, mesa, openal +, useAlsa ? false, alsaOss ? null }: +with stdenv.lib; + +assert useAlsa -> alsaOss != null; + +let + desktopItem = makeDesktopItem { + name = "minecraft"; + exec = "minecraft"; + icon = "minecraft"; + comment = "A sandbox-building game"; + desktopName = "Minecraft"; + genericName = "minecraft"; + categories = "Game;"; + }; + +in stdenv.mkDerivation { + name = "ftb"; + + src = fetchurl { + url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar"; + sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v"; + }; + + phases = "installPhase"; + + installPhase = '' + set -x + mkdir -pv $out/bin + cp -v $src $out/ftb.jar + + cat > $out/bin/ftb << EOF + #!${stdenv.shell} + + export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} + ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ + ${jre}/bin/java -jar $out/ftb.jar + EOF + + chmod +x $out/bin/ftb + + mkdir -p $out/share/applications + ln -s ${desktopItem}/share/applications/* $out/share/applications/ + + ${openjdk}/bin/jar xf $out/ftb.jar favicon.png + ''; +} diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 6cea271c1..50362cda4 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -73,6 +73,10 @@ in { extraGroups = [ "audio" "video" "input" "loot" ]; createHome = true; useDefaultShell = true; + packages = with pkgs; [ + ftb + minecraft + ]; }; }; -- cgit v1.2.3 From 65eadae50972a5a4ad5a510ce1157d3c617fd757 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 31 Jan 2018 09:25:22 +0100 Subject: j enklave +taskserver --- jeschli/1systems/enklave/config.nix | 10 ++++++++++ jeschli/1systems/enklave/taskserver.nix | 10 ++++++++++ 2 files changed, 20 insertions(+) create mode 100644 jeschli/1systems/enklave/taskserver.nix diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 76e718699..470566a8b 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -40,6 +40,16 @@ }; }; } + { + services.taskserver = { + enable = true; + fqdn = "enklave.r"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "jeschli" ]; + }; + networking.firewall.allowedTCPPorts = [ 53589 ]; + } ]; krebs.build.host = config.krebs.hosts.enklave; diff --git a/jeschli/1systems/enklave/taskserver.nix b/jeschli/1systems/enklave/taskserver.nix new file mode 100644 index 000000000..23b235d70 --- /dev/null +++ b/jeschli/1systems/enklave/taskserver.nix @@ -0,0 +1,10 @@ + { + services.taskserver = { + enable = true; + fqdn = "enklave.r"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "jeschli" ]; + }; + networking.firewall.allowedTCPPorts = [ 53589 ]; + } -- cgit v1.2.3 From 3b23e6e8bbb42d0866b0d4d6c42f610510fa915c Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 31 Jan 2018 09:38:47 +0100 Subject: j: +zsh --- jeschli/2configs/default.nix | 1 + jeschli/2configs/zsh.nix | 138 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100644 jeschli/2configs/zsh.nix diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 0ac3708bb..5aaabe24b 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -4,6 +4,7 @@ with import ; imports = [ ./vim.nix ./retiolum.nix + ./zsh.nix { environment.variables = { diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix new file mode 100644 index 000000000..be5b661b4 --- /dev/null +++ b/jeschli/2configs/zsh.nix @@ -0,0 +1,138 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ pkgs.fzf ]; + programs.zsh = { + enable = true; + shellInit = '' + #disable config wizard + zsh-newuser-install() { :; } + ''; + interactiveShellInit = '' + setopt autocd extendedglob + bindkey -e + + #history magic + bindkey "" up-line-or-local-history + bindkey "" down-line-or-local-history + + up-line-or-local-history() { + zle set-local-history 1 + zle up-line-or-history + zle set-local-history 0 + } + zle -N up-line-or-local-history + down-line-or-local-history() { + zle set-local-history 1 + zle down-line-or-history + zle set-local-history 0 + } + zle -N down-line-or-local-history + + setopt share_history + setopt hist_ignore_dups + # setopt inc_append_history + bindkey '^R' history-incremental-search-backward + + #C-x C-e open line in editor + autoload -z edit-command-line + zle -N edit-command-line + bindkey "^X^E" edit-command-line + + #fzf inclusion + source ${pkgs.fzf}/share/fzf/completion.zsh + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + + #completion magic + autoload -Uz compinit + compinit + zstyle ':completion:*' menu select + + #enable automatic rehashing of $PATH + zstyle ':completion:*' rehash true + + eval $(dircolors -b ${pkgs.fetchFromGitHub { + owner = "trapd00r"; + repo = "LS_COLORS"; + rev = "master"; + sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + }}/LS_COLORS) + + #beautiful colors + alias ls='ls --color' + # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + + #emacs bindings + bindkey "[7~" beginning-of-line + bindkey "[8~" end-of-line + bindkey "Oc" emacs-forward-word + bindkey "Od" emacs-backward-word + + #aliases + alias ll='ls -l' + alias la='ls -la' + + #fancy window title magic + ''; + promptInit = '' + # TODO: figure out why we need to set this here + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + + autoload -U promptinit + promptinit + + p_error='%(?..%F{red}%?%f )' + t_error='%(?..%? )' + + case $UID in + 0) + p_username='%F{red}root%f' + t_username='root' + ;; + 1337) + p_username="" + t_username="" + ;; + *) + p_username='%F{blue}%n%f' + t_username='%n' + ;; + esac + + if test -n "$SSH_CLIENT"; then + p_hostname='@%F{magenta}%M%f ' + t_hostname='@%M ' + else + p_hostname="" + t_hostname="" + fi + + #check if in nix shell + if test -n "$buildInputs"; then + p_nixshell='%F{green}[s]%f ' + t_nixshell='[s] ' + else + p_nixshell="" + t_nixshell="" + fi + + PROMPT="$p_error$p_username$p_hostname$p_nixshell%~ " + TITLE="$t_error$t_username$t_hostname$t_nixshell%~" + case $TERM in + (*xterm* | *rxvt*) + function precmd { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED\007" + } + # This is seen while the shell waits for a command to complete. + function preexec { + PROMPT_EVALED="$(print -P $TITLE)" + echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + } + ;; + esac + ''; + }; + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; +} -- cgit v1.2.3 From 8a78dd604d9e8334e3db65bb2384ad2a641a68c0 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 31 Jan 2018 11:54:53 +0100 Subject: j bln: +stocki --- jeschli/1systems/bln/config.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9c491c8a1..c088dce7d 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -36,7 +36,15 @@ allowDiscards = true; } ]; - + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/markus/go/src/github.com"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' + ''; + }; networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. networking.networkmanager.enable = true; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -55,11 +63,6 @@ # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget nixpkgs.config.allowUnfree = true; - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ # system helper -- cgit v1.2.3 From 52be338d64125398e363e6bfd52c35bccd08b885 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 31 Jan 2018 11:55:14 +0100 Subject: j bln: +elm --- jeschli/1systems/bln/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index c088dce7d..14cbb7ed9 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -89,6 +89,7 @@ chromium google-chrome # programming languages + elmPackages.elm go gcc ghc -- cgit v1.2.3 From e5114f1bfb9f7f412236f05e15fb6023699c96d6 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 31 Jan 2018 11:56:05 +0100 Subject: j fontsize default 12; bln 20 --- jeschli/1systems/bln/config.nix | 5 ++-- jeschli/2configs/urxvt.nix | 65 ++++++++++++++++++++++------------------- 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 14cbb7ed9..6893c6569 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -3,16 +3,17 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: - +# bln config file { imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix # ./dcso-vpn.nix ]; - + jeschliFontSize = 20; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix index 69811eb0a..014918748 100644 --- a/jeschli/2configs/urxvt.nix +++ b/jeschli/2configs/urxvt.nix @@ -1,34 +1,39 @@ { config, pkgs, ... }: with import ; - { - services.urxvtd.enable = true; - krebs.xresources.enable = true; - krebs.xresources.resources.urxvt = '' - *foreground: rgb:a8/a8/a8 - *background: rgb:00/00/00 - *faceName: DejaVu Sans Mono - *faceSize: 12 - *color0: rgb:00/00/00 - *color1: rgb:a8/00/00 - *color2: rgb:00/a8/00 - *color3: rgb:a8/54/00 - *color4: rgb:00/00/a8 - *color5: rgb:a8/00/a8 - *color6: rgb:00/a8/a8 - *color7: rgb:a8/a8/a8 - *color8: rgb:54/54/54 - *color9: rgb:fc/54/54 - *color10: rgb:54/fc/54 - *color11: rgb:fc/fc/54 - *color12: rgb:54/54/fc - *color13: rgb:fc/54/fc - *color14: rgb:54/fc/fc - *color15: rgb:fc/fc/fc - - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=12 - URXvt*faceSize: 12 - ''; + options.jeschliFontSize = mkOption { + type = types.int; + default = 12; + }; + config = { + services.urxvtd.enable = true; + krebs.xresources.enable = true; + krebs.xresources.resources.urxvt = '' + *foreground: rgb:a8/a8/a8 + *background: rgb:00/00/00 + *faceName: DejaVu Sans Mono + *faceSize: ${toString config.jeschliFontSize} + *color0: rgb:00/00/00 + *color1: rgb:a8/00/00 + *color2: rgb:00/a8/00 + *color3: rgb:a8/54/00 + *color4: rgb:26/8b/d2 + *color5: rgb:a8/00/a8 + *color6: rgb:00/a8/a8 + *color7: rgb:a8/a8/a8 + *color8: rgb:54/54/54 + *color9: rgb:fc/54/54 + *color10: rgb:54/fc/54 + *color11: rgb:fc/fc/54 + *color12: rgb:54/54/fc + *color13: rgb:fc/54/fc + *color14: rgb:54/fc/fc + *color15: rgb:fc/fc/fc + + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: xft:DejaVu Sans Mono:pixelsize=${toString config.jeschliFontSize} + URXvt*faceSize: ${toString config.jeschliFontSize} + ''; + }; } -- cgit v1.2.3 From 993437277c5ce501d3baaab2a9448ae1ee62d54d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 2 Feb 2018 12:13:39 +0100 Subject: go: open port 80 --- krebs/2configs/go.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index b75233871..f4c1290c2 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -8,6 +8,7 @@ with import ; krebs.go = { enable = true; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; virtualHosts.go = { -- cgit v1.2.3 From ef3a0dcff538c850c25b46165ed70c899873bece Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:55:12 +0100 Subject: ma wvdial: rip --- makefu/1systems/x/config.nix | 3 +- makefu/2configs/hw/network-manager.nix | 37 ++++++++++++++++++ makefu/2configs/hw/wwan.nix | 8 ---- makefu/3modules/wvdial.nix | 71 ---------------------------------- 4 files changed, 39 insertions(+), 80 deletions(-) create mode 100644 makefu/2configs/hw/network-manager.nix delete mode 100644 makefu/2configs/hw/wwan.nix delete mode 100644 makefu/3modules/wvdial.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index a32db91e1..f3a1d488c 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -59,8 +59,9 @@ with import ; # Hardware + # - + # diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix new file mode 100644 index 000000000..7e29849b1 --- /dev/null +++ b/makefu/2configs/hw/network-manager.nix @@ -0,0 +1,37 @@ +{ pkgs, lib, ... }: +{ + users.users.makefu = { + extraGroups = [ "networkmanager" ]; + packages = with pkgs;[ + networkmanagerapplet + gnome3.gnome_keyring gnome3.dconf + ]; + }; + networking.wireless.enable = lib.mkForce false; + + systemd.services.modemmanager = { + description = "ModemManager"; + after = [ "network-manager.service" ]; + bindsTo = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" ]; + serviceConfig = { + ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "5"; + }; + }; + networking.networkmanager.enable = true; + + # TODO: put somewhere else + services.xserver.displayManager.sessionCommands = '' + ${pkgs.clipit}/bin/clipit & + ${pkgs.networkmanagerapplet}/bin/nm-applet & + ''; + +# nixOSUnstable +# networking.networkmanager.wifi = { +# powersave = true; +# scanRandMacAddress = true; +# }; +} diff --git a/makefu/2configs/hw/wwan.nix b/makefu/2configs/hw/wwan.nix deleted file mode 100644 index 0eb0c97d7..000000000 --- a/makefu/2configs/hw/wwan.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: - -{ - makefu.umts = { - enable = true; - modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; - }; -} diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix deleted file mode 100644 index 1ed929ed4..000000000 --- a/makefu/3modules/wvdial.nix +++ /dev/null @@ -1,71 +0,0 @@ -# Global configuration for wvdial. - -{ config, lib, pkgs, ... }: - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - /etc/wvdial.conf. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} -- cgit v1.2.3 From 72f440fdb567b8000ec72aefa6d3e74734c11c9e Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:56:36 +0100 Subject: ma omo.r: init google-muell --- makefu/1systems/omo/config.nix | 3 ++- makefu/2configs/deployment/google-muell.nix | 34 +++++++++++++++++++++++++++++ makefu/2configs/deployment/led-fader.nix | 20 +---------------- makefu/5pkgs/ampel/default.nix | 27 +++++++++++++++++++++++ 4 files changed, 64 insertions(+), 20 deletions(-) create mode 100644 makefu/2configs/deployment/google-muell.nix create mode 100644 makefu/5pkgs/ampel/default.nix diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index ce3ffbcf3..1e087fef4 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -19,7 +19,7 @@ let # __FRONT_ # |* d0 | # | | - # |* d3 | + # |* d1 | # | | # |* d3 | # | | @@ -68,6 +68,7 @@ in { + # security diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix new file mode 100644 index 000000000..f23789ee5 --- /dev/null +++ b/makefu/2configs/deployment/google-muell.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, buildPythonPackage, ... }: +with import ; +let + pkg = pkgs.ampel; + home = "/var/lib/ampel"; + sec = "${toString }/google-muell.json"; + ampelsec = "${home}/google-muell.json"; + esp = "192.168.1.23"; + sleepval = "1800"; +in { + users.users.ampel = { + uid = genid "ampel"; + createHome = true; + isSystemUser = true; + inherit home; + }; + systemd.services.google-muell-ampel = { + description = "Send led change to rgb cubes"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "ampel"; + ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' + cp ${sec} ${ampelsec} + chown ampel ${ampelsec} + ''; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + PermissionsStartOnly = true; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 292b6679d..d34b66125 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -2,25 +2,7 @@ let mq = "192.168.8.11"; - - pkg = pkgs.python3Packages.buildPythonPackage { - name = "ampel-master"; - - src = pkgs.fetchgit { - url = "http://cgit.euer.krebsco.de/ampel"; - rev = "531741b"; - sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; - }; - propagatedBuildInputs = with pkgs.python3Packages; [ - docopt - paho-mqtt - requests - pytz - influxdb - httplib2 - google_api_python_client - ]; - }; + pkg = pkgs.ampel; in { systemd.services.led-fader = { description = "Send led change to message queue"; diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix new file mode 100644 index 000000000..86518b9b8 --- /dev/null +++ b/makefu/5pkgs/ampel/default.nix @@ -0,0 +1,27 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "ampel-${version}"; + version = "0.2"; + + propagatedBuildInputs = [ + docopt + paho-mqtt + requests + pytz + influxdb + httplib2 + google_api_python_client + ]; + + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/ampel"; + rev = "d8a0250"; + sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f"; + }; + meta = { + homepage = http://cgit.euer.krebsco.de/ampel; + description = "change colors of rgb cubes"; + license = lib.licenses.asl20; + }; +} -- cgit v1.2.3 From 083941f7dba4347084779b65cefa9b8cc9713939 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:57:58 +0100 Subject: ma gui/base: set packages only for mainuser --- makefu/2configs/gui/base.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index daa0282b8..861a9327e 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -48,13 +48,14 @@ in fonts = [ pkgs.terminus_font ]; }; - environment.systemPackages = with pkgs;[ - pavucontrol - xlockmore - rxvt_unicode-with-plugins - firefox - ]; - users.extraUsers.${mainUser}.extraGroups = [ "audio" ]; + users.users.${mainUser} = { + extraGroups = [ "audio" ]; + packages = with pkgs;[ + pavucontrol + xlockmore + rxvt_unicode-with-plugins + ]; + }; hardware.pulseaudio = { enable = true; -- cgit v1.2.3 From c1b2f919572a485cafdc56af5d9e3240ac74469c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 11:59:08 +0100 Subject: ma x.r: disable makefu.umts, cleanup --- makefu/1systems/x/config.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f3a1d488c..d5a9bdcfb 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -83,13 +83,9 @@ with import ; makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; - makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.passwdqc-utils ]; - - # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; @@ -101,8 +97,15 @@ with import ; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; networking.extraHosts = '' - 192.168.1.11 omo.local + 192.168.1.11 omo.local ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + + nix.package = pkgs.nixUnstable; + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; + nixpkgs.overlays = [ (import ) ]; + + # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; + } -- cgit v1.2.3 From 4dfb5faaab57a69a5940e97feb4c8ed488d931f4 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 12:39:44 +0100 Subject: ma 3/umts: rip --- makefu/3modules/default.nix | 2 -- makefu/3modules/umts.nix | 84 --------------------------------------------- 2 files changed, 86 deletions(-) delete mode 100644 makefu/3modules/umts.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index af0e81df5..fa4eb827c 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -14,8 +14,6 @@ _: ./snapraid.nix ./torrent.nix ./udpt.nix - ./umts.nix - ./wvdial.nix ]; } diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix deleted file mode 100644 index 86669945a..000000000 --- a/makefu/3modules/umts.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - nixpkgs-1509 = import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; - }) {}; - - wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 - - # TODO: currently it is only netzclub - umts-bin = pkgs.writeScriptBin "umts" '' - #!/bin/sh - set -euf - systemctl start umts - trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT - echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf - journalctl -xfu umts - ''; - - wvdial-defaults = '' - Phone = *99***1# - Dial Command = ATDT - Modem = ${cfg.modem-device} - Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0 - Init2 = ATZ - Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 - ISDN = 0 - Modem Type = Analog Modem - Username = netzclub - Password = netzclub - Stupid Mode = 1 - Idle Seconds = 0''; - - cfg = config.makefu.umts; - - out = { - options.makefu.umts = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "umts"; - - modem-device = mkOption { - default = "/dev/ttyUSB0"; - type = types.str; - description = '' - path to modem device, use /dev/serial/by-id/... - to avoid race conditions. - ''; - }; - apn = mkOption { - default = "pinternet.interkom.de"; - type = types.str; - description = '' - apn to use for dailing - ''; - }; - }; - - imp = { - environment.shellAliases = { - umts = "sudo ${umts-bin}/bin/umts"; - }; - environment.systemPackages = [ ]; - - environment.wvdial.dialerDefaults = wvdial-defaults; - - systemd.services.umts = { - description = "UMTS wvdial Service"; - serviceConfig = { - Type = "simple"; - Restart = "always"; - RestartSec = "10s"; - ExecStart = "${wvdial}/bin/wvdial -n"; - }; - }; - }; -in out -- cgit v1.2.3 From e7418fbdf1bdddeeabe123c04bbd858fc70fe031 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 6 Feb 2018 13:20:53 +0100 Subject: ma source: bump to 2018-02-06 --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index c22c82f32..f06c9454f 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "0f19bee"; # nixos-17.09 @ 2018-01-05 + ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 -- cgit v1.2.3 From 34df8b33df0bd8071a628e27ad599d52f7fc61b8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 6 Feb 2018 23:11:36 +0100 Subject: ftb: minimize --- krebs/5pkgs/simple/ftb/default.nix | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix index 199c12b44..841e2ea00 100644 --- a/krebs/5pkgs/simple/ftb/default.nix +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, makeDesktopItem +{ stdenv, fetchurl , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , openjdk , mesa, openal @@ -7,23 +7,12 @@ with stdenv.lib; assert useAlsa -> alsaOss != null; -let - desktopItem = makeDesktopItem { - name = "minecraft"; - exec = "minecraft"; - icon = "minecraft"; - comment = "A sandbox-building game"; - desktopName = "Minecraft"; - genericName = "minecraft"; - categories = "Game;"; - }; - -in stdenv.mkDerivation { +stdenv.mkDerivation { name = "ftb"; src = fetchurl { url = "http://ftb.cursecdn.com/FTB2/launcher/FTB_Launcher.jar"; - sha256 = "10ga4jgyfsj5dy4rj2rla0fpnfpnxv8r3bmxpqpwn7fsry4il79v"; + sha256 = "0pyh83hhni97ryvz6yy8lyiagjrlx67cwr780s2bja92rxc1sqpj"; }; phases = "installPhase"; @@ -43,9 +32,6 @@ in stdenv.mkDerivation { chmod +x $out/bin/ftb - mkdir -p $out/share/applications - ln -s ${desktopItem}/share/applications/* $out/share/applications/ - ${openjdk}/bin/jar xf $out/ftb.jar favicon.png ''; } -- cgit v1.2.3 From 257f91eff3cf2ef01c25f4e88d186ea30dc250f7 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 7 Feb 2018 10:08:36 +0100 Subject: j vim: +trailing White detection; *cosmetics --- jeschli/2configs/vim.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 7721b1d40..02ea95f6e 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -27,6 +27,9 @@ in { name = "vim"; vimrcConfig.customRC = let colorscheme = ''colorscheme molokai''; + highlightTrailingWhiteSpaces = '' + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + ''; setStatements = '' set autowrite set clipboard=unnamedplus @@ -74,11 +77,12 @@ in { ''; in '' ${colorscheme} + ${highlightTrailingWhiteSpaces} ${remapStatements} ${setStatements} ${settingsForElm} ${settingsForGo} - " I dont know what this line is about + " dont expand tabs in go files and show it with four whitespaces. autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; -- cgit v1.2.3 From 057d428ef53632cd8e6df7efd9ed5ca84c9a7b56 Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 8 Feb 2018 11:20:24 +0100 Subject: j bln: +termite --- jeschli/1systems/bln/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6893c6569..8a3090a49 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -66,6 +66,7 @@ nixpkgs.config.allowUnfree = true; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ + termite # system helper ag copyq -- cgit v1.2.3 From d5aa4524f478a29779b4219e1a8dea10fef74065 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 9 Feb 2018 09:23:14 +0100 Subject: nixpkgs: b222a07 -> b34a5f6 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index fcc7fb74f..60303c7c1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b222a0713f4a689519686421b3fbf5ca0c9bd3da"; # nixos-17.09 @ 2018-01-23 + ref = "b34a5f6d874e3c3f3f7812371b858b79ddb5be35"; # nixos-17.09 @ 2018-02-09 }; } override -- cgit v1.2.3 From ab24f3c3a802eabef3f425d2b46e1b4ffc626e71 Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 9 Feb 2018 15:11:24 +0100 Subject: j vim.nix: remap tt to GoTest --- jeschli/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 02ea95f6e..c13113f1c 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -45,6 +45,7 @@ in { remapStatements = '' imap jk map gr :GoRun " Map gr to execute go run + map tt :GoTest " Map tt to execute go test map nf :NERDTreeToggle nnoremap nnoremap :bnext -- cgit v1.2.3 From 2f9edee631e353cb250cc1c10e015b7f4c14fb4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 9 Feb 2018 17:31:23 +0100 Subject: nixpkgs: b34a5f6 -> e18442d --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 60303c7c1..ca87b33f5 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b34a5f6d874e3c3f3f7812371b858b79ddb5be35"; # nixos-17.09 @ 2018-02-09 + ref = "e18442d46621ee7e1204db0b14025621a9d49cbd"; # nixos-17.09 @ 2018-02-09 }; } override -- cgit v1.2.3 From e155044112209e4a63b9c27ef100dc5d748a2e32 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Feb 2018 12:30:26 +0100 Subject: nixpkgs: e18442d -> 2062ac5 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index ca87b33f5..27450c2a3 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "e18442d46621ee7e1204db0b14025621a9d49cbd"; # nixos-17.09 @ 2018-02-09 + ref = "2062ac5aa2dc0770322272e3d2b647cf431dd893"; # nixos-17.09 @ 2018-02-09 }; } override -- cgit v1.2.3 From e000690cc2fa3b494cf3b44eb0213dda80b34e12 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Feb 2018 16:07:18 +0100 Subject: hw x220: remove broken tp-smapi --- krebs/2configs/hw/x220.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 90a1a111f..3780e0d7d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -14,7 +14,6 @@ with import ; boot = { kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; kernelParams = [ "acpi_backlight=none" ]; }; -- cgit v1.2.3 From 06732ced01be5ba35e343439cc034c4fa60b8e6a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 10 Feb 2018 19:46:08 +0100 Subject: exim: init at 4.90.1 --- krebs/5pkgs/simple/exim/default.nix | 64 +++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 krebs/5pkgs/simple/exim/default.nix diff --git a/krebs/5pkgs/simple/exim/default.nix b/krebs/5pkgs/simple/exim/default.nix new file mode 100644 index 000000000..4911c1d9c --- /dev/null +++ b/krebs/5pkgs/simple/exim/default.nix @@ -0,0 +1,64 @@ +{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: + +stdenv.mkDerivation rec { + name = "exim-4.90.1"; + + src = fetchurl { + url = "http://ftp.exim.org/pub/exim/exim4/${name}.tar.xz"; + sha256 = "09ppq8l7cah6dcqwdvpa6r12i6fdcd9lvxlfp18mggj3438xz62w"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ coreutils db openssl pcre perl ]; + + preBuild = '' + sed ' + s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin: + s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf: + s:^\(EXIM_USER\)=.*:\1=ref\:nobody: + s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter: + s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes: + s:^EXIM_MONITOR=.*$:# &: + s:^\(FIXED_NEVER_USERS\)=root$:\1=0: + s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes: + s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes: + s:^# \(SUPPORT_TLS\)=.*:\1=yes: + s:^# \(USE_OPENSSL_PC=openssl\)$:\1: + s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(HAVE_IPV6=yes\)$:\1: + s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: + s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: + s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod: + s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv: + s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm: + s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch: + s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl: + #/^\s*#.*/d + #/^\s*$/d + ' < src/EDITME > Local/Makefile + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man8 + cp doc/exim.8 $out/share/man/man8 + + ( cd build-Linux-* + cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \ + exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \ + exinext exiqgrep exiwhat \ + $out/bin ) + + ( cd $out/bin + for i in mailq newaliases rmail rsmtp runq sendmail; do + ln -s exim $i + done ) + ''; + + meta = { + homepage = http://exim.org/; + description = "A mail transfer agent (MTA)"; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.tv ]; + }; +} -- cgit v1.2.3 From dbd48fdbf91672dc96992ee0b55ad1da226d4199 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 11 Feb 2018 16:08:28 +0100 Subject: ftb: add java workaround --- krebs/5pkgs/simple/ftb/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix index 841e2ea00..c2e83c9f4 100644 --- a/krebs/5pkgs/simple/ftb/default.nix +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -25,6 +25,7 @@ stdenv.mkDerivation { cat > $out/bin/ftb << EOF #!${stdenv.shell} + export _JAVA_AWT_WM_NONREPARENTING=1 export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ ${jre}/bin/java -jar $out/ftb.jar -- cgit v1.2.3 From aa1c6c814c9afbe4483b23b37b9d95d5055848fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 12 Feb 2018 10:41:19 +0100 Subject: l helios.r: add docker --- lass/1systems/helios/config.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index f53e93f26..0ab6ec2c6 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -149,11 +149,13 @@ with import ; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" ]; + users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; services.printing.drivers = [ pkgs.postscript-lexmark ]; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + virtualisation.docker.enable = true; } -- cgit v1.2.3 From 38fe362fdcf723f354c6e4ee0909ec3a544ac819 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 16:55:02 +0100 Subject: l: add lass-daedalus --- krebs/3modules/lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1634a62ac..655a38030 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -624,6 +624,10 @@ with import ; mail = "lass@xerxes.r"; pubkey = builtins.readFile ./ssh/xerxes.rsa; }; + lass-daedalus = { + mail = "lass@daedalus.r"; + pubkey = builtins.readFile ./ssh/daedalus.rsa; + }; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; -- cgit v1.2.3 From 51cfaef6412f833f2137336617ceb2f234932ede Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 16:56:59 +0100 Subject: l mors.r: add /home/virtual --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 936666a73..b81fa891c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -89,6 +89,10 @@ with import ; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/home/virtual" = { + device = "/dev/mapper/pool-virtual"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From e26d3bbd72acad8b3e00dcf8356ea58f4bbaf7d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:06:02 +0100 Subject: l mors.r: enable docker --- lass/1systems/mors/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b81fa891c..265ef7145 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -198,5 +198,6 @@ with import ; nix.package = pkgs.nixUnstable; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" ]; + users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; + virtualisation.docker.enable = true; } -- cgit v1.2.3 From 391fdd01b204402894718109d94c6c9590ccf644 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:06:38 +0100 Subject: l prism.r: add jeschli-bolide git access --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 087aaab06..eae8feb8f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -297,6 +297,7 @@ in { user = with config.krebs.users; [ jeschli jeschli-bln + jeschli-bolide jeschli-brauerei ]; repo = [ config.krebs.git.repos.stockholm ]; -- cgit v1.2.3 From 94a5ac9aeb1d11b5f37a8256db06a8e672cf3439 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:07:31 +0100 Subject: l prism.r: add taskserver config --- lass/1systems/prism/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eae8feb8f..b498d94ff 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -314,6 +314,18 @@ in { } + { + services.taskserver = { + enable = true; + fqdn = "lassul.us"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "lass" "android" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From abebd470e34a8c1774565b071631a7c318827fb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:07:55 +0100 Subject: l IM: add helios to authorized_keys --- lass/2configs/IM.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 51512955e..7d3dfd428 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -41,6 +41,7 @@ in { lass-shodan.pubkey lass-icarus.pubkey lass-android.pubkey + lass-helios.pubkey ]; }; -- cgit v1.2.3 From 79fc51585a1e922893c327ea228583acf75e7f3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:08:53 +0100 Subject: l baseX: exec in x session --- lass/2configs/baseX.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 5ca024574..61a006a52 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -121,7 +121,7 @@ in { name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.coreutils}/bin/sleep infinity + exec ${pkgs.coreutils}/bin/sleep infinity ''; }]; }; -- cgit v1.2.3 From 8b9c4fd21a608aef2f2fdeea78b31d3457e49288 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:12:48 +0100 Subject: l dcso-dev: add jschli-brauerei --- lass/2configs/dcso-dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index cbf853d64..e2ba44360 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -17,6 +17,7 @@ in { config.krebs.users.lass.pubkey config.krebs.users.lass-android.pubkey config.krebs.users.jeschli-bln.pubkey + config.krebs.users.jeschli-brauerei.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB" ]; -- cgit v1.2.3 From 119856187d954204592ac9d702b9c0327db82eb1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:13:18 +0100 Subject: l: add dunst --- lass/1systems/mors/config.nix | 1 + lass/2configs/dunst.nix | 277 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 278 insertions(+) create mode 100644 lass/2configs/dunst.nix diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 265ef7145..6a606e0ad 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -31,6 +31,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix new file mode 100644 index 000000000..6d3d839bc --- /dev/null +++ b/lass/2configs/dunst.nix @@ -0,0 +1,277 @@ +{ config, pkgs, ... }: +with import ; +let + dunstConfig = pkgs.writeText "dunst-config" '' + [global] + font = Iosevka Term 11 + + # Allow a small subset of html markup: + # bold + # italic + # strikethrough + # underline + # + # For a complete reference see + # . + # If markup is not allowed, those tags will be stripped out of the + # message. + markup = yes + plain_text = no + + # The format of the message. Possible variables are: + # %a appname + # %s summary + # %b body + # %i iconname (including its path) + # %I iconname (without its path) + # %p progress value if set ([ 0%] to [100%]) or nothing + # Markup is allowed + format = "%a\n%s\n%b" + + # Sort messages by urgency. + sort = yes + + # Show how many messages are currently hidden (because of geometry). + indicate_hidden = yes + + # Alignment of message text. + # Possible values are "left", "center" and "right". + alignment = center + + # The frequency with wich text that is longer than the notification + # window allows bounces back and forth. + # This option conflicts with "word_wrap". + # Set to 0 to disable. + bounce_freq = 0 + + # Show age of message if message is older than show_age_threshold + # seconds. + # Set to -1 to disable. + show_age_threshold = 1 + + # Split notifications into multiple lines if they don't fit into + # geometry. + word_wrap = yes + + # Ignore newlines '\n' in notifications. + ignore_newline = no + + # Hide duplicate's count and stack them + stack_duplicates = yes + hide_duplicates_count = no + + + # The geometry of the window: + # [{width}]x{height}[+/-{x}+/-{y}] + # The geometry of the message window. + # The height is measured in number of notifications everything else + # in pixels. If the width is omitted but the height is given + # ("-geometry x2"), the message window expands over the whole screen + # (dmenu-like). If width is 0, the window expands to the longest + # message displayed. A positive x is measured from the left, a + # negative from the right side of the screen. Y is measured from + # the top and down respectevly. + # The width can be negative. In this case the actual width is the + # screen width minus the width defined in within the geometry option. + geometry = "500x10-0+0" + + # Shrink window if it's smaller than the width. Will be ignored if + # width is 0. + shrink = no + + # The transparency of the window. Range: [0; 100]. + # This option will only work if a compositing windowmanager is + # present (e.g. xcompmgr, compiz, etc.). + # transparency = 5 + + # Don't remove messages, if the user is idle (no mouse or keyboard input) + # for longer than idle_threshold seconds. + # Set to 0 to disable. + idle_threshold = 0 + + # Which monitor should the notifications be displayed on. + monitor = keyboard + + # Display notification on focused monitor. Possible modes are: + # mouse: follow mouse pointer + # keyboard: follow window with keyboard focus + # none: don't follow anything + # + # "keyboard" needs a windowmanager that exports the + # _NET_ACTIVE_WINDOW property. + # This should be the case for almost all modern windowmanagers. + # + # If this option is set to mouse or keyboard, the monitor option + # will be ignored. + follow = none + + # Should a notification popped up from history be sticky or timeout + # as if it would normally do. + sticky_history = yes + + # Maximum amount of notifications kept in history + history_length = 15 + + # Display indicators for URLs (U) and actions (A). + show_indicators = no + + # The height of a single line. If the height is smaller than the + # font height, it will get raised to the font height. + # This adds empty space above and under the text. + line_height = 3 + + # Draw a line of "separatpr_height" pixel height between two + # notifications. + # Set to 0 to disable. + separator_height = 1 + + # Padding between text and separator. + padding = 1 + + # Horizontal padding. + horizontal_padding = 1 + + # Define a color for the separator. + # possible values are: + # * auto: dunst tries to find a color fitting to the background; + # * foreground: use the same color as the foreground; + # * frame: use the same color as the frame; + # * anything else will be interpreted as a X color. + separator_color = frame + + # Print a notification on startup. + # This is mainly for error detection, since dbus (re-)starts dunst + # automatically after a crash. + startup_notification = true + + # dmenu path. + dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst: + + # Browser for opening urls in context menu. + browser = /usr/bin/firefox -new-tab + + # Align icons left/right/off + icon_position = off + max_icon_size = 80 + + # Paths to default icons. + icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/ + + frame_width = 2 + frame_color = "#8EC07C" + + [shortcuts] + + # Shortcuts are specified as [modifier+][modifier+]...key + # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2", + # "mod3" and "mod4" (windows-key). + # Xev might be helpful to find names for keys. + + # Close notification. + close = ctrl+space + + # Close all notifications. + close_all = ctrl+shift+space + + # Redisplay last message(s). + # On the US keyboard layout "grave" is normally above TAB and left + # of "1". + history = ctrl+grave + + # Context menu. + context = mod4+u + + [urgency_low] + # IMPORTANT: colors have to be defined in quotation marks. + # Otherwise the "#" and following would be interpreted as a comment. + frame_color = "#3B7C87" + foreground = "#3B7C87" + background = "#191311" + #background = "#2B313C" + timeout = 0 + + [urgency_normal] + frame_color = "#5B8234" + foreground = "#5B8234" + background = "#191311" + #background = "#2B313C" + timeout = 0 + + [urgency_critical] + frame_color = "#B7472A" + foreground = "#B7472A" + background = "#191311" + #background = "#2B313C" + timeout = 0 + + + # Every section that isn't one of the above is interpreted as a rules to + # override settings for certain messages. + # Messages can be matched by "appname", "summary", "body", "icon", "category", + # "msg_urgency" and you can override the "timeout", "urgency", "foreground", + # "background", "new_icon" and "format". + # Shell-like globbing will get expanded. + # + # SCRIPTING + # You can specify a script that gets run when the rule matches by + # setting the "script" option. + # The script will be called as follows: + # script appname summary body icon urgency + # where urgency can be "LOW", "NORMAL" or "CRITICAL". + # + # NOTE: if you don't want a notification to be displayed, set the format + # to "". + # NOTE: It might be helpful to run dunst -print in a terminal in order + # to find fitting options for rules. + + #[espeak] + # summary = "*" + # script = dunst_espeak.sh + + #[script-test] + # summary = "*script*" + # script = dunst_test.sh + + #[ignore] + # # This notification will not be displayed + # summary = "foobar" + # format = "" + + #[signed_on] + # appname = Pidgin + # summary = "*signed on*" + # urgency = low + # + #[signed_off] + # appname = Pidgin + # summary = *signed off* + # urgency = low + # + #[says] + # appname = Pidgin + # summary = *says* + # urgency = critical + # + #[twitter] + # appname = Pidgin + # summary = *twitter.com* + # urgency = normal + # + # vim: ft=cfg + ''; +in { + systemd.user.services.dunst = { + wantedBy = [ "graphical-session.target" ]; + requires = [ "xmonad.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + }; + serviceConfig = { + SyslogIdentifier = "dunst"; + ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}"; + Restart = "always"; + RestartSec = "15s"; + StartLimitBurst = 0; + }; + }; +} -- cgit v1.2.3 From be0a02f5d696aeb79312ee172e0d77d5c32229a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:13:55 +0100 Subject: l: add rtl-sdr --- lass/1systems/helios/config.nix | 1 + lass/1systems/mors/config.nix | 1 + lass/2configs/rtl-sdr.nix | 6 ++++++ 3 files changed, 8 insertions(+) create mode 100644 lass/2configs/rtl-sdr.nix diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 0ab6ec2c6..5a553572e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -16,6 +16,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6a606e0ad..6ca980155 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -32,6 +32,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/2configs/rtl-sdr.nix b/lass/2configs/rtl-sdr.nix new file mode 100644 index 000000000..7d640ea6c --- /dev/null +++ b/lass/2configs/rtl-sdr.nix @@ -0,0 +1,6 @@ +{ + boot.blacklistedKernelModules = [ "dvb_usb_rtl28xxu" ]; + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr" + ''; +} -- cgit v1.2.3 From 6ee55cef8fd386f80938cfffcf7edd46884ef173 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:15:34 +0100 Subject: l dcso-dev: open firewall --- lass/2configs/dcso-dev.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index e2ba44360..04b742acf 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -45,6 +45,11 @@ in { }; }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9000"; target = "ACCEPT";} + ]; + krebs.per-user.dev.packages = [ pkgs.go ]; -- cgit v1.2.3 From 9c8c17c7c8f4031d450605c91f2906fd445cf73d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:28:25 +0100 Subject: l mail: refactor --- lass/2configs/mail.nix | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 7c58e8c5f..e83201cd8 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -21,11 +21,11 @@ let ''; mailboxes = { - wireguard = [ "wireguard@lists.zx2c4" ]; - c-base = [ "c-base.org" ]; - security = [ "seclists.org" "security" "bugtraq" ]; - nix-devel = [ "nix-devel@googlegroups.com" ]; - shack = [ "shackspace.de" ]; + wireguard = [ "to:wireguard@lists.zx2c4" ]; + c-base = [ "to:c-base.org" ]; + security = [ "to:seclists.org" "to:security" "to:bugtraq" ]; + nix-devel = [ "to:nix-devel@googlegroups.com" ]; + shack = [ "to:shackspace.de" ]; }; muttrc = pkgs.writeText "muttrc" '' @@ -80,16 +80,16 @@ let # V ''} %r |" - virtual-mailboxes \ - "Unread" "notmuch://?query=tag:unread"\ - "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\ - ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)} - "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\ - "TODO" "notmuch://?query=tag:TODO"\ - "Starred" "notmuch://?query=tag:*"\ - "Archive" "notmuch://?query=tag:archive"\ - "Sent" "notmuch://?query=tag:sent"\ - "Junk" "notmuch://?query=tag:junk" + virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT ${f}") (flatten (attrValues mailboxes))}" + virtual-mailboxes "Unread" "notmuch://?query=tag:unread" + ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "${f}") i.value}"'') (mapAttrsToList nameValuePair mailboxes)} + virtual-mailboxes "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT ${f}") (flatten (attrValues mailboxes))}" + virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" + virtual-mailboxes "Starred" "notmuch://?query=tag:*" + virtual-mailboxes "Archive" "notmuch://?query=tag:archive" + virtual-mailboxes "Sent" "notmuch://?query=tag:sent" + virtual-mailboxes "Junk" "notmuch://?query=tag:junk" + virtual-mailboxes "All" "notmuch://?query=*" tag-transforms "junk" "k" \ "unread" "u" \ -- cgit v1.2.3 From e6eebd606c84d574009c572fad415fcc994d6bea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:30:52 +0100 Subject: l dcso-dev: enable minio --- lass/2configs/dcso-dev.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index 04b742acf..ae1c7bc8d 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -57,4 +57,6 @@ in { security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; + + services.minio.enable = true; } -- cgit v1.2.3 From 0dce0124c6b2a6c4856ed980152a74a6917f7d11 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:31:25 +0100 Subject: l downloading: add daedalus & helios --- lass/2configs/downloading.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 9582413ed..8d0fb0d02 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -16,6 +16,8 @@ with import ; lass.pubkey lass-shodan.pubkey lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey makefu.pubkey wine-mors.pubkey ]; -- cgit v1.2.3 From 05c30004c2c27e97437aef441ddc5ae1724ae03c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:32:49 +0100 Subject: l exim-smarthost: add even more mails --- lass/2configs/exim-smarthost.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 0219f5216..4335c7cab 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -59,6 +59,17 @@ with import ; { from = "coinexchange@lassul.us"; to = lass.mail; } { from = "verwaltung@lassul.us"; to = lass.mail; } { from = "gearbest@lassul.us"; to = lass.mail; } + { from = "binance@lassul.us"; to = lass.mail; } + { from = "bitfinex@lassul.us"; to = lass.mail; } + { from = "alternate@lassul.us"; to = lass.mail; } + { from = "redacted@lassul.us"; to = lass.mail; } + { from = "mytaxi@lassul.us"; to = lass.mail; } + { from = "pizza@lassul.us"; to = lass.mail; } + { from = "robinhood@lassul.us"; to = lass.mail; } + { from = "drivenow@lassul.us"; to = lass.mail; } + { from = "aws@lassul.us"; to = lass.mail; } + { from = "reddit@lassul.us"; to = lass.mail; } + { from = "banggood@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 0670606ddc376d165bb2ebc1846469216565fd6a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:33:46 +0100 Subject: l logf: add urgency for lass@mors --- lass/2configs/logf.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 03414a745..24b806efa 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -10,9 +10,13 @@ let echelon = "197"; cloudkrebs = "119"; }; + urgent = [ + "\\blass@mors\\b" + ]; in { environment.systemPackages = [ (pkgs.writeDashBin "logf" '' + export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent} export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors} ${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)} '') -- cgit v1.2.3 From df18d18ab36953a6c4179d5cb638e1d99d2ee182 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:34:58 +0100 Subject: l zsh: add LS_COLORS in zsh menu --- lass/2configs/zsh.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index add30fbf1..0a32ce510 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -50,16 +50,15 @@ #enable automatic rehashing of $PATH zstyle ':completion:*' rehash true + #beautiful colors eval $(dircolors -b ${pkgs.fetchFromGitHub { owner = "trapd00r"; repo = "LS_COLORS"; rev = "master"; sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; }}/LS_COLORS) - - #beautiful colors alias ls='ls --color' - # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} #emacs bindings bindkey "[7~" beginning-of-line -- cgit v1.2.3 From f7606723eddae1e6a70a4b6374a950ed3503346a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:35:21 +0100 Subject: l zsh: check for --- lass/2configs/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 0a32ce510..aa3e6731d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -108,7 +108,7 @@ fi #check if in nix shell - if test -n "$buildInputs"; then + if test -n "$IN_NIX_SHELL"; then p_nixshell='%F{green}[s]%f ' t_nixshell='[s] ' else -- cgit v1.2.3 From dc2b6931ebfb775f715bc1c3837c20463bcb2418 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:35:55 +0100 Subject: l xserver: add DBUS_SESSION --- lass/3modules/xserver/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/3modules/xserver/default.nix b/lass/3modules/xserver/default.nix index d16f89f45..cdd80857a 100644 --- a/lass/3modules/xserver/default.nix +++ b/lass/3modules/xserver/default.nix @@ -33,6 +33,11 @@ let XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & ${xcfg.displayManager.sessionCommands} + if test -z "$DBUS_SESSION_BUS_ADDRESS"; then + exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "" + fi + export DBUS_SESSION_BUS_ADDRESS + ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS wait ''; @@ -74,6 +79,7 @@ let "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" (optional (xcfg.dpi != null) "-dpi ${toString xcfg.dpi}") ]; + User = user.name; }; }; krebs.xresources.resources.dpi = '' -- cgit v1.2.3 From 75eaf9cf08e6f19d287c0b3aec16663b47f7e367 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:37:48 +0100 Subject: l xmonad: send urgency to dbus --- lass/5pkgs/xmonad-lass.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 2dd352bd4..f6e916104 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -36,7 +36,7 @@ import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) -import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) +import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) @@ -44,9 +44,20 @@ import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) +import XMonad.Util.NamedWindows (getName) +import XMonad.Util.Run (safeSpawn) import XMonad.Stockholm.Shutdown +data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) + +instance UrgencyHook LibNotifyUrgencyHook where + urgencyHook LibNotifyUrgencyHook w = do + name <- getName w + Just idx <- fmap (W.findTag w) $ gets windowset + + safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx] + myTerm :: FilePath myTerm = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtc" @@ -61,7 +72,7 @@ main = getArgs >>= \case main' :: IO () main' = do xmonad $ ewmh - $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") + $ withUrgencyHook LibNotifyUrgencyHook $ def { terminal = myTerm , modMask = mod4Mask -- cgit v1.2.3 From 2a835111d841770148437fc7692e22c381cf7808 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:38:19 +0100 Subject: l xmonad: add floatHook type --- lass/5pkgs/xmonad-lass.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index f6e916104..59c95cff7 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -23,6 +23,7 @@ import XMonad import qualified XMonad.StackSet as W import Control.Monad.Extra (whenJustM) import Data.List (isInfixOf) +import Data.Monoid (Endo) import System.Environment (getArgs, lookupEnv) import System.Posix.Process (executeFile) import XMonad.Actions.CopyWindow (copy, kill1) @@ -91,11 +92,12 @@ myLayoutHook = defLayout where defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) +floatHooks :: Query (Endo WindowSet) floatHooks = composeAll . concat $ [ [ title =? t --> doFloat | t <- myTitleFloats] , [ className =? c --> doFloat | c <- myClassFloats ] ] where - myTitleFloats = [] -- for the KDE "open link" popup from konsole + myTitleFloats = [] myClassFloats = ["Pinentry"] -- for gpg passphrase entry -- cgit v1.2.3 From 00a4ff15cd413e9eaa82a10b344c176bafdb00c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:54:24 +0100 Subject: l add daedalus.rsa --- krebs/3modules/lass/ssh/daedalus.rsa | 1 + 1 file changed, 1 insertion(+) create mode 100644 krebs/3modules/lass/ssh/daedalus.rsa diff --git a/krebs/3modules/lass/ssh/daedalus.rsa b/krebs/3modules/lass/ssh/daedalus.rsa new file mode 100644 index 000000000..ad4847974 --- /dev/null +++ b/krebs/3modules/lass/ssh/daedalus.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus -- cgit v1.2.3 From 397a1c89319cce2c0f37ef5eb308e40954727108 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:32:22 +0100 Subject: ma {vbob,sdev}.r: disable vbox guest extensions for now --- makefu/1systems/sdev/config.nix | 6 ++++-- makefu/1systems/vbob/config.nix | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 38c044be4..3e9548aa1 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,7 +6,9 @@ [ # Include the results of the hardware scan. (toString ) - (toString ) + { ## Guest Extensions are currently broken + # virtualisation.virtualbox.guest.enable = true; + } # @@ -50,7 +52,7 @@ fileSystems."/media/share" = { fsType = "vboxsf"; device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index ffd9deaee..24d42a69b 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -8,8 +8,12 @@ { imports = [ ]; boot.loader.grub.device = "/dev/sda"; - virtualisation.virtualbox.guest.enable = true; } + + { ## Virtualbox guest is broken on newer kernel + # virtualisation.virtualbox.guest.enable = true; + } + # { # imports = [ # -- cgit v1.2.3 From 908ad5d3a24ea05f4a0871045ed6271b0953cf25 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:05 +0100 Subject: ma: add makefu-remote-builder --- krebs/3modules/makefu/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 56e5c6b82..eccf733dd 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1038,6 +1038,10 @@ with import ; inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; }; + makefu-remote-builder = { + inherit (makefu) mail gpg; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; + }; makefu-bob = { inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; -- cgit v1.2.3 From ac824ebe74912dc8cc3224a10f0d10973f6449c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:29 +0100 Subject: ma gum.r: add workr --- makefu/1systems/gum/config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a656fdce3..b859efc94 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -148,6 +148,11 @@ in { allowedIPs = [ "10.244.0.5/32" ]; publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } ]; }; } -- cgit v1.2.3 From f2eedeff52caa97245db1e47d2e2413d1c991d09 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:33:51 +0100 Subject: ma omo.r: add cryptDisk3 --- makefu/1systems/omo/config.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1e087fef4..4e0d2a05f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -25,16 +25,18 @@ let # | | # |* | # |* d2 | - # | * r0 | + # | * | + # | * | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; allDisks = [ rootDisk ] ++ dataDisks; in { imports = @@ -127,6 +129,7 @@ in { makefu.snapraid = { enable = true; + # TODO: 3 is not protected disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; @@ -139,7 +142,7 @@ in { ''; environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount - wol # wake up filepimp + wol # wake up filepimp f3 ]; fileSystems = let @@ -151,6 +154,7 @@ in { in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" + // cryptMount "crypt3" // { "/media/cryptX" = { device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); fsType = "mergerfs"; @@ -179,6 +183,7 @@ in { (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) ]; }; loader.grub.device = lib.mkForce rootDisk; -- cgit v1.2.3 From ed60f4e68c5d0422dcf702d35a3be9d9ef2503bf Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:34:17 +0100 Subject: ma tools/mobility: re-introduce working exfat-nofuse --- makefu/2configs/tools/mobility.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index f2676f11c..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,5 +5,5 @@ mosh ]; - # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } -- cgit v1.2.3 From 43c2a68a956a9630d0f1841310934065b429ecfd Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:34:40 +0100 Subject: ma tools/studio: remove latency_msec --- makefu/2configs/tools/studio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix index 0356ba391..e0c68167f 100644 --- a/makefu/2configs/tools/studio.nix +++ b/makefu/2configs/tools/studio.nix @@ -9,8 +9,8 @@ # owncloudclient (pkgs.writeScriptBin "prepare-pulseaudio" '' pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" - pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1 - pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1 + pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream + pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream darkice -c ~/lol.conf '') ]; -- cgit v1.2.3 From b02b939e7ce78a7d66844a751551f7b0a56532d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 01:35:06 +0100 Subject: ma source: cd36b3d -> 51810e0 --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index f06c9454f..708f0d20c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,8 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 + # TODO: automate updating of this ref + cherry-picks + ref = "51810e0"; # nixos-17.09 @ 2018-02-14 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 -- cgit v1.2.3 From dc020a000c544c6eafe217365d76ee993bf4daba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 08:12:06 +0100 Subject: ma default: fix typo --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index eccf733dd..0bed4d6da 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1039,7 +1039,7 @@ with import ; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; }; makefu-remote-builder = { - inherit (makefu) mail gpg; + inherit (makefu) mail pgp; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; }; makefu-bob = { -- cgit v1.2.3 From 372d965133cfe224d4cd47f63ec1fd2c8475c1ae Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 08:37:59 +0100 Subject: ma sdev.r: force virtualisation.virtualbox.guest.enable = false --- makefu/1systems/sdev/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 3e9548aa1..a60a8db66 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -5,9 +5,10 @@ imports = [ # Include the results of the hardware scan. + (toString ) { ## Guest Extensions are currently broken - # virtualisation.virtualbox.guest.enable = true; + virtualisation.virtualbox.guest.enable = lib.mkForce true; } # -- cgit v1.2.3 From 931e25894dc43f7c7e37026f3cc29427aa07ba80 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 09:41:59 +0100 Subject: ma vbox-guest: init --- makefu/1systems/sdev/config.nix | 19 ++++++------------- makefu/1systems/vbob/config.nix | 40 ++++----------------------------------- makefu/2configs/hw/vbox-guest.nix | 16 ++++++++++++++++ 3 files changed, 26 insertions(+), 49 deletions(-) create mode 100644 makefu/2configs/hw/vbox-guest.nix diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index a60a8db66..81e8cd4d1 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,9 +6,12 @@ [ # Include the results of the hardware scan. - (toString ) - { ## Guest Extensions are currently broken - virtualisation.virtualbox.guest.enable = lib.mkForce true; + + { # until virtualbox-image is fixed + imports = [ + + ]; + boot.loader.grub.device = "/dev/sda"; } # @@ -17,11 +20,6 @@ ]; - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; - - nixpkgs.config.allowUnfree = true; - # allow sdev to deploy self users.extraUsers = { root = { @@ -50,10 +48,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; - }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 24d42a69b..c74f6edbe 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -9,33 +9,8 @@ imports = [ ]; boot.loader.grub.device = "/dev/sda"; } - - { ## Virtualbox guest is broken on newer kernel - # virtualisation.virtualbox.guest.enable = true; - } - - # { - # imports = [ - # - # ]; - # virtualbox.baseImageSize = 35 * 1024; - # fileSystems."/media/share" = { - # fsType = "vboxsf"; - # device = "share"; - # options = [ "rw" "uid=9001" "gid=9001" ]; - # }; - # } - - # { - # imports = [ - # - # ]; - # fileSystems."/nix" = { - # device ="/dev/disk/by-label/nixstore"; - # fsType = "ext4"; - # }; - # } - + + # # base gui # @@ -79,14 +54,8 @@ ]; networking.extraHosts = import (toString ); - nixpkgs.config.allowUnfree = true; - # allow vbob to deploy self - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - }; - }; + users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; @@ -107,7 +76,6 @@ #devpi-client ansible ]; - # virtualisation.docker.enable = true; networking.firewall.allowedTCPPorts = [ @@ -115,6 +83,6 @@ 80 8010 ]; - + # required for qemu systemd.services."serial-getty@ttyS0".enable = true; } diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix new file mode 100644 index 000000000..3ba8ef902 --- /dev/null +++ b/makefu/2configs/hw/vbox-guest.nix @@ -0,0 +1,16 @@ +{ lib, ...}: +{ + ## Guest Extensions are currently broken + imports = [ + # (toString ) + ]; + # virtualisation.virtualbox.guest.enable = true; + services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; + + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; + }; + # virtualbox.baseImageSize = 35 * 1024; +} -- cgit v1.2.3 From cd31fcaefa6349248bd1a437027e83c7e05b22af Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 14 Feb 2018 09:49:57 +0100 Subject: ma docker: use 2configs --- makefu/1systems/omo/config.nix | 2 +- makefu/1systems/sdev/config.nix | 4 +--- makefu/1systems/vbob/config.nix | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4e0d2a05f..01438397e 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -71,6 +71,7 @@ in { + # security @@ -119,7 +120,6 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - virtualisation.docker.enable = true; makefu.ps3netsrv = { enable = true; servedir = "/media/cryptX/emu/ps3"; diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 81e8cd4d1..7a87362d8 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -18,6 +18,7 @@ # environment + ]; # allow sdev to deploy self @@ -31,7 +32,6 @@ ppp xclip get passwdqc-utils - docker gnupg populate (pkgs.writeScriptBin "tor-browser" '' @@ -40,8 +40,6 @@ '') ]; - virtualisation.docker.enable = true; - networking.firewall.allowedTCPPorts = [ 25 80 diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index c74f6edbe..1f68ad9c2 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -71,7 +71,6 @@ fortclientsslvpn ppp xclip get logstash - # docker #devpi-web #devpi-client ansible -- cgit v1.2.3 From 3a3e168c8a5731038a7fd05808f7ebdf73b1abe8 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Feb 2018 23:27:37 +0100 Subject: tv gitrepos: drop redundant fetch permissions Everybody already has permission to fetch via HTTP. --- tv/2configs/gitrepos.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 2c4b4868e..dc50be4f1 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -128,11 +128,6 @@ let { repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ optional (repo.collaborators or [] != []) { user = repo.collaborators; repo = [ repo ]; -- cgit v1.2.3 From 1ccef680d2497903a988663e4114487315a99f39 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 15 Feb 2018 10:17:41 +0100 Subject: ma x.r: init wireguard, disable wifi, enable pcmanfm --- makefu/1systems/x/config.nix | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index d5a9bdcfb..8d18b4506 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,7 @@ with import ; # Hardware # - + # # @@ -78,6 +78,38 @@ with import ; # # # + # + + { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.2/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # gum + endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; + allowedIPs = [ "10.244.0.0/24" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + #{ + # # vbob + # allowedIPs = [ "10.244.0.3/32" ]; + # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + #} + ]; + }; + } + + { # auto-mounting + services.udisks2.enable = true; + services.devmon.enable = true; + # services.gnome3.gvfs.enable = true; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + } ]; -- cgit v1.2.3 From 11a7d704e22f56c83c1af3c8ca0bfcbb510316f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Feb 2018 13:18:17 +0100 Subject: nixpkgs: 2062ac5 -> c831224 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 27450c2a3..73ebf135d 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "2062ac5aa2dc0770322272e3d2b647cf431dd893"; # nixos-17.09 @ 2018-02-09 + ref = "c831224528cd6bfd49bfc2c18b9c5d9015651077"; # nixos-17.09 @ 2018-02-15 }; } override -- cgit v1.2.3 From 5187d0177c2c347838bac00fa981703bfd9a983e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Feb 2018 14:12:17 +0100 Subject: l wine: remove wine64 --- lass/2configs/wine.nix | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index d60b1feea..dd82b34eb 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -19,23 +19,8 @@ in { pkgs.wine ]; }; - wine64 = { - name = "wine64"; - description = "user for running wine in 64bit"; - home = "/home/wine64"; - useDefaultShell = true; - extraGroups = [ - "audio" - "video" - ]; - createHome = true; - packages = [ - (pkgs.wine.override { wineBuild = "wineWow"; }) - ]; - }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(wine) NOPASSWD: ALL - ${mainUser.name} ALL=(wine64) NOPASSWD: ALL ''; } -- cgit v1.2.3 From 69247ffe949fa6918a4e5667c211c2f3643cb086 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Feb 2018 19:21:53 +0100 Subject: exim: RIP nixpkgs has caught up --- krebs/5pkgs/simple/exim/default.nix | 64 ------------------------------------- 1 file changed, 64 deletions(-) delete mode 100644 krebs/5pkgs/simple/exim/default.nix diff --git a/krebs/5pkgs/simple/exim/default.nix b/krebs/5pkgs/simple/exim/default.nix deleted file mode 100644 index 4911c1d9c..000000000 --- a/krebs/5pkgs/simple/exim/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: - -stdenv.mkDerivation rec { - name = "exim-4.90.1"; - - src = fetchurl { - url = "http://ftp.exim.org/pub/exim/exim4/${name}.tar.xz"; - sha256 = "09ppq8l7cah6dcqwdvpa6r12i6fdcd9lvxlfp18mggj3438xz62w"; - }; - - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ coreutils db openssl pcre perl ]; - - preBuild = '' - sed ' - s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin: - s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf: - s:^\(EXIM_USER\)=.*:\1=ref\:nobody: - s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter: - s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes: - s:^EXIM_MONITOR=.*$:# &: - s:^\(FIXED_NEVER_USERS\)=root$:\1=0: - s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes: - s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes: - s:^# \(SUPPORT_TLS\)=.*:\1=yes: - s:^# \(USE_OPENSSL_PC=openssl\)$:\1: - s:^# \(LOG_FILE_PATH=syslog\)$:\1: - s:^# \(HAVE_IPV6=yes\)$:\1: - s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: - s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: - s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod: - s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv: - s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm: - s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch: - s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl: - #/^\s*#.*/d - #/^\s*$/d - ' < src/EDITME > Local/Makefile - ''; - - installPhase = '' - mkdir -p $out/bin $out/share/man/man8 - cp doc/exim.8 $out/share/man/man8 - - ( cd build-Linux-* - cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \ - exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \ - exinext exiqgrep exiwhat \ - $out/bin ) - - ( cd $out/bin - for i in mailq newaliases rmail rsmtp runq sendmail; do - ln -s exim $i - done ) - ''; - - meta = { - homepage = http://exim.org/; - description = "A mail transfer agent (MTA)"; - license = stdenv.lib.licenses.gpl3; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.tv ]; - }; -} -- cgit v1.2.3 From cdf69ce25896caf40932c0389b33b2fa9c3ab77a Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 20:48:56 +0100 Subject: ma vbox-guest: remove from vhosts, prepare for working upstream --- makefu/1systems/sdev/config.nix | 2 +- makefu/1systems/vbob/config.nix | 2 +- makefu/2configs/hw/vbox-guest.nix | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 7a87362d8..d209a0781 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,7 +6,7 @@ [ # Include the results of the hardware scan. - + # { # until virtualbox-image is fixed imports = [ diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 1f68ad9c2..64709de3c 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -9,7 +9,7 @@ imports = [ ]; boot.loader.grub.device = "/dev/sda"; } - + # # # base gui diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix index 3ba8ef902..65f915a2f 100644 --- a/makefu/2configs/hw/vbox-guest.nix +++ b/makefu/2configs/hw/vbox-guest.nix @@ -2,9 +2,9 @@ { ## Guest Extensions are currently broken imports = [ - # (toString ) + (toString ) ]; - # virtualisation.virtualbox.guest.enable = true; + virtualisation.virtualbox.guest.enable = true; services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; fileSystems."/media/share" = { -- cgit v1.2.3 From 24b8fbc40be4008bb32697309c729df72132454d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 21:56:41 +0100 Subject: ma x.r: vbox+extensionpack does not build --- makefu/1systems/x/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 8d18b4506..b4d4aa66e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -40,7 +40,7 @@ with import ; # Virtualization - + # { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { -- cgit v1.2.3 From b28b86580d22e67d9a0552e96841643f77e03927 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 16 Feb 2018 21:57:05 +0100 Subject: ma sdev.,vbob.r: allow unfree --- makefu/1systems/sdev/config.nix | 2 ++ makefu/1systems/vbob/config.nix | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index d209a0781..c2cd23d1e 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -27,6 +27,8 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + # corefonts + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs;[ ppp xclip diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 64709de3c..208dd1ff7 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -67,6 +67,10 @@ ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ''; + + # for forticlient + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get -- cgit v1.2.3 From 94c59247d13622b0293be54cdb5893526434f5d1 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sun, 18 Feb 2018 10:41:57 +0100 Subject: brauerei: +backlight --- jeschli/1systems/brauerei/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index e4109c638..eb2bb11d2 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -79,6 +79,8 @@ jetbrains.goland # document viewer zathura + # xorg + xorg.xbacklight ]; # Some programs need SUID wrappers, can be configured further or are -- cgit v1.2.3 From 99b28c290fe92f74dcfa75f5d0d173447b96bab9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 00:19:41 +0100 Subject: l icarus.r: update ssh pubkey --- krebs/3modules/lass/ssh/icarus.rsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa index e3cb74081..1126c331e 100644 --- a/krebs/3modules/lass/ssh/icarus.rsa +++ b/krebs/3modules/lass/ssh/icarus.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgEuFS5MwYQRF+0MKAQvyv6O+0ky0QnOKGMVZgFXE4g2JrByTCXQAeQmyJquM1wl9IRD63res8ZguMoAz2PkHfNbRSSsR7pH/G3DaJRl0VGf14zO3bjBbogQ45j1Bwxi78h44SDmuBAkp0t76ca16kWGhwEVt03+8sqmbLV90RjHZlrFw2sDgTu35SDz1q/ZzkdyFP3xSIBUnsQD64qRLMx64yLcBp0uu2h7gBBCVyA1T+VR3Nc1yIOyv0nUaqEHz+CDATtFlgGTgT6cCXoIPN0QAuIa3pDxt7htD/POsWuFbpbqrBQVcgun5s3J5X0OmNyoqGqqubcycvuYipZUjBCxyTb7RxCqj2oR8alSaeGZm64I0VSGX/iSCtXKaEJqBbxwNUgDH6B2oUeZbRwgPl/SG8vBku1oKzt/36IBoY8HttcosqLkfTquyyO7KVtOBu04geCmmiqJpSV4j5iYMxvrD0AQ3JJmrcbzUYoCGxlYO19TPsa+Ybhn/E8suach75+DIPj5LacYAh9Wjirw67Kg5QyYEt8XGTR2xxF78CFi0JGBRcyorPfFPLznmVntqJLe6dGNL3njgdD0Ocz8V5ktk1pjY5D2nG8GXfd45NQl2QjTLYnYX4dGuudBXth0nEJMv/MRHZrXVViIqwazdq4mA5z1Yu4Tb3l17d2cAZobzdut6JuZbd7itXAPIiY0vEWXr8lpEuE8Uz9mz8aPxZlhmHSXvNcwhq+i2+cFO8OPwUGbnE2cAHpymlQ3aDRgpptAIMU2LjIAblqsvA72asJpuRqu7ZOoy0vVRCOhktIzZXWR9hF5/CM/7NZ5skvHzYlmgkvnuu4jDDGusF32Zyiip0WJg+Iijqe8VpOqCup5UEF5QG32yQwaZDrKd71hq7Z1xNe0vEPN8yCxpes8hWafYY9m8YRrUduDVlOon7SzmdU76RPn2oF6udCGP7A/hEeRiwrDaRuIwchh99Xw3LioxXNzLYB1aXd+yKuZyhW+witC20ISdyZz7JPIrb49JCGH8FtbcDzD1B8Xd1By34POfhxriSr9UG5Hj9LGbA3/aKMOajZdcbrKXorUrKdhAuZv1z4rjW5iwYgXF2G/nseeCOw+DPEcB3GexsyCTUzSjJ6fy3Aqlzppwttx5MfkbNhPZWRCfDX3i0g8e0aFlgvlj99aGgUQeEpYg8peZhe1lxl25Ftc0R7pYmXPDeCY1yWxZiXZ3YtVVr43c/FEaQHXfkZ2I+t5lG6CmgJhhYjUry5Sx4/NgfBvpmU22cIBWNmyTn9q3gDFmeoIiTwlF654K7NnsWrdKr2L2fGI10Xe/J/GYkkzX39e5bToQPXh23gUfIr7faYEPBsVU/SaEkWNHojzf/NKjPT0utvlFr0HqnFYSdk4wpWzcrhii7E/UhgKvpA/k2Vlj4ZhkejfZXQWxRbJzejkVSJcUGim+Dt1WUZJXVOgEkJ3WA6z+ha2FN2sBDdvRKlad55aelvRrbu3/vPzEuE= lass@icarus -- cgit v1.2.3 From 8b3916ad4ada99d4e48d8ad1a85f5dd8d4d40457 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 00:20:23 +0100 Subject: l helios.r: add minio.cert --- lass/1systems/helios/config.nix | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 5a553572e..c4d99cb2c 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -137,14 +137,35 @@ with import ; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.writeText "minio.cert" '' + -----BEGIN CERTIFICATE----- + MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS + MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 + OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC + AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL + 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV + YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C + ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM + CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw + hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk + MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw + I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB + CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 + hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox + jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY + EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM + zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a + qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa + -----END CERTIFICATE----- + '') ]; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; -- cgit v1.2.3 From d8c6ef4d103da4701092dc8120abe63bb855014a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:45:39 +0100 Subject: l prism.r: add jeschli user --- lass/1systems/prism/config.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b498d94ff..c0e4620cc 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -292,6 +292,16 @@ in { { + users.users.jeschli = { + uid = genid "jeschli"; + isNormalUser = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-bolide.pubkey + jeschli-brauerei.pubkey + ]; + }; krebs.git.rules = [ { user = with config.krebs.users; [ -- cgit v1.2.3 From 8c600fd0f5c8d63115c5527733885a14ad210913 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:46:00 +0100 Subject: l shodan.r: ignore lidswitch --- lass/1systems/shodan/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ef015aebc..7fb57544f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -61,4 +61,8 @@ with import ; SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" ''; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; } -- cgit v1.2.3 From ae9dc0e1a645633be77559492840252517eb7c74 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:46:50 +0100 Subject: l minecraft: open port for dynmap --- lass/2configs/minecraft.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix index aa33dcccc..6f8ceb358 100644 --- a/lass/2configs/minecraft.nix +++ b/lass/2configs/minecraft.nix @@ -17,5 +17,6 @@ krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } ]; } -- cgit v1.2.3 From 1adeeffb7e0a6f7321743f431737cfc3d711f2eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:47:35 +0100 Subject: l vim: add govet workaround --- lass/2configs/vim.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 5fe9e1450..5d19ae75d 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -6,6 +6,9 @@ let environment.systemPackages = [ (hiPrio vim) pkgs.python35Packages.flake8 + (pkgs.writeDashBin "govet" '' + go vet "$@" + '') ]; environment.etc.vimrc.source = vimrc; -- cgit v1.2.3 From efb192f5153f48aa9f3ddde5ee25bc794ccf49bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:50:45 +0100 Subject: l vim: run gometalinter --- lass/2configs/vim.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 5d19ae75d..6014fd082 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -71,6 +71,9 @@ let let g:syntastic_python_checkers=['flake8'] let g:syntastic_python_flake8_post_args='--ignore=E501' + let g:go_metalinter_autosave = 1 + let g:go_metalinter_deadline = "10s" + nmap q :buffer nmap :buffer -- cgit v1.2.3 From 28f96d4cb1753d0632f42ce0894297f427323133 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:53:56 +0100 Subject: l: php5 -> php7 --- lass/2configs/websites/util.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 36ae1a904..62055d0fd 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -32,7 +32,6 @@ rec { let domain = head domains; in { - services.phpfpm.phpPackage = pkgs.php56; services.nginx.virtualHosts."${domain}" = { enableACME = true; enableSSL = true; -- cgit v1.2.3 From ebb5d67cf320b3fdaf7966f503fff54cfda3b637 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Feb 2018 11:33:25 +0100 Subject: ma urlwatch: taskwarrior is now on github --- makefu/2configs/urlwatch/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 677950f43..d0fb4fe41 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,7 +34,7 @@ in { http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack - https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack + http://www.iozone.org/src/current/ { @@ -51,6 +51,8 @@ in { "embray/d2to1" "dorimanx/exfat-nofuse" "rapid7/metasploit-framework" + "GothenburgBitFactory/taskserver" + "GothenburgBitFactory/taskwarrior" ]; }; } -- cgit v1.2.3 From 8654c0511b43a3773a34685a00d5768c6e08acc2 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Feb 2018 13:42:00 +0100 Subject: github: update known hosts --- krebs/3modules/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9c343309a..6fe01e466 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -233,6 +233,7 @@ let "github.com" # List generated with # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob + "192.30.252.*" "192.30.253.*" "192.30.254.*" "192.30.255.*" @@ -240,9 +241,12 @@ let "185.199.109.*" "185.199.110.*" "185.199.111.*" - "18.195.85.27" + "13.229.188.59" + "13.250.177.223" "18.194.104.89" + "18.195.85.27" "35.159.8.160" + "52.74.223.119" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; -- cgit v1.2.3 From c4fdec7ce910c319c675388c59a65c44d202d5b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Feb 2018 16:00:33 +0100 Subject: ma x.r: add bluetooth --- makefu/1systems/x/config.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index b4d4aa66e..ad2ad8779 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -100,7 +100,43 @@ with import ; ]; }; } + { # bluetooth+pulse config + # for blueman-applet + users.users.makefu.packages = [ + pkgs.blueman + ]; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-switch-on-connect + ''; + }; + # presumably a2dp Sink + # Enable profile: + ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink + hardware.bluetooth.extraConfig = ''; + [general] + Enable=Source,Sink,Media,Socket + ''; + + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + } { # auto-mounting services.udisks2.enable = true; services.devmon.enable = true; -- cgit v1.2.3 From b5d83996a80c422879dc0be1a1d9d3e0a92c763d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Feb 2018 09:58:45 +0100 Subject: ma 6tests/secrets: add auth.nix dummy --- makefu/6tests/data/secrets/torrent-secrets/auth.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/6tests/data/secrets/torrent-secrets/auth.nix diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/6tests/data/secrets/torrent-secrets/auth.nix @@ -0,0 +1 @@ +{} -- cgit v1.2.3 From aef9e595f021ca9c6676d743b24b7de2a2592f5d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 22 Feb 2018 18:23:12 +0100 Subject: l baseX: use network-manager --- lass/2configs/baseX.nix | 1 + lass/2configs/network-manager.nix | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 lass/2configs/network-manager.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 61a006a52..93189b0d3 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./livestream.nix ./dns-stuff.nix ./urxvt.nix + ./network-manager.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix new file mode 100644 index 000000000..c4f757de1 --- /dev/null +++ b/lass/2configs/network-manager.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, ... }: +{ + networking.wireless.enable = lib.mkForce false; + + systemd.services.modemmanager = { + description = "ModemManager"; + after = [ "network-manager.service" ]; + bindsTo = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" ]; + serviceConfig = { + ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "5"; + }; + }; + networking.networkmanager.enable = true; + users.users.mainUser = { + extraGroups = [ "networkmanager" ]; + packages = with pkgs; [ + gnome3.gnome_keyring gnome3.dconf + ]; + }; +} -- cgit v1.2.3 From 87bc9a72eec639f8a73414e498ee2674355af640 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 22 Feb 2018 18:34:24 +0100 Subject: l baseX: run xmonad only in xmonad session --- lass/2configs/baseX.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 93189b0d3..2b7a5c924 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -122,13 +122,14 @@ in { name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.systemd}/bin/systemctl --user start xmonad exec ${pkgs.coreutils}/bin/sleep infinity ''; }]; }; systemd.user.services.xmonad = { - wantedBy = [ "graphical-session.target" ]; + #wantedBy = [ "graphical-session.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; RXVT_SOCKET = "%t/urxvtd-socket"; -- cgit v1.2.3 From 1b61fa920eb775406bb00855fb22485f4e9c160a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 22 Feb 2018 22:17:38 +0100 Subject: nixpkgs: c831224 -> d09e425 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 73ebf135d..c2fbbc5f8 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c831224528cd6bfd49bfc2c18b9c5d9015651077"; # nixos-17.09 @ 2018-02-15 + ref = "d09e425aea3e09b6cec5c7b05cc0603f6853748b"; # nixos-17.09 @ 2018-02-22 }; } override -- cgit v1.2.3 From 23a7012581e11e73f1dd9ceb5683c7384836a318 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 24 Feb 2018 12:15:13 +0100 Subject: l: init dpdkm --- krebs/3modules/lass/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 655a38030..e269d1fa1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -551,6 +551,32 @@ with import ; }; }; }; + dpdkm = { + ci = false; + external = true; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + ip6.addr = "42:4992:6a6d:900::1"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; xerxes = { cores = 2; nets = rec { -- cgit v1.2.3 From 2d6f67e5358b1c60b7e778e3844f84434c0140e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Feb 2018 23:32:59 +0100 Subject: l mail: use tags for mailboxes --- lass/2configs/mail.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e83201cd8..2cf20b32c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -28,6 +28,11 @@ let shack = [ "to:shackspace.de" ]; }; + tag-mails = pkgs.writeDashBin "nm-init-tag" '' + ${pkgs.notmuch}/bin/notmuch new + ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ''; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -80,10 +85,9 @@ let # V ''} %r |" - virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT ${f}") (flatten (attrValues mailboxes))}" + virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" virtual-mailboxes "Unread" "notmuch://?query=tag:unread" - ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "${f}") i.value}"'') (mapAttrsToList nameValuePair mailboxes)} - virtual-mailboxes "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT ${f}") (flatten (attrValues mailboxes))}" + ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" virtual-mailboxes "Starred" "notmuch://?query=tag:*" virtual-mailboxes "Archive" "notmuch://?query=tag:archive" @@ -163,5 +167,6 @@ in { mutt pkgs.much pkgs.notmuch + tag-mails ]; } -- cgit v1.2.3 From 5b9fe77d8f163c64f4c8960db8ebeadba2c5407c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Feb 2018 23:33:15 +0100 Subject: l mail: add more mailboxes --- lass/2configs/mail.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 2cf20b32c..c6866c69d 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -21,11 +21,14 @@ let ''; mailboxes = { - wireguard = [ "to:wireguard@lists.zx2c4" ]; c-base = [ "to:c-base.org" ]; - security = [ "to:seclists.org" "to:security" "to:bugtraq" ]; + dezentrale = [ "to:dezentrale.space" ]; + kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ]; + patreon = [ "to:patreon@lassul.us" ]; + security = [ "to:seclists.org" "to:security" "to:bugtraq" ]; shack = [ "to:shackspace.de" ]; + wireguard = [ "to:wireguard@lists.zx2c4" ]; }; tag-mails = pkgs.writeDashBin "nm-init-tag" '' -- cgit v1.2.3 From c222aadefe4c07a5ebc96b59cd274191e765bd75 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 18:59:43 +0100 Subject: ma hydra.wbob.r: init --- krebs/3modules/makefu/default.nix | 1 + makefu/1systems/wbob/config.nix | 6 +++++- makefu/2configs/hydra/stockholm.nix | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/hydra/stockholm.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 0bed4d6da..e137da7ca 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -503,6 +503,7 @@ with import ; # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" + "hydra.wbob.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 6434ba273..637d8e2d8 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -29,7 +29,8 @@ in { # # Services - + + (let musicDirectory = "/data/music"; @@ -83,6 +84,9 @@ in { load-module module-filter-apply load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix new file mode 100644 index 000000000..4bdb09213 --- /dev/null +++ b/makefu/2configs/hydra/stockholm.nix @@ -0,0 +1,34 @@ +# iterative: +# $ hydra-create-user krebs --password derp --role admin +# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm' + +{ + + # TODO postgres backup + services.postgresql.enable = true; + + services.hydra = { + enable = true; + hydraURL = "http://hydra.wbob.r"; # externally visible URL + notificationSender = "hydra@wbob.r"; + # you will probably also want, otherwise *everything* will be built from scratch + useSubstitutes = true; + port = 3030; + buildMachinesFiles = []; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts."hydra.wbob.r" = { + locations."/" = { + proxyPass = "http://localhost:3030/"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; +} -- cgit v1.2.3 From b0edf1be81e463174d9b3a1bd2ff2aff7ef8734e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 19:05:50 +0100 Subject: ma programs-db: rip --- makefu/5pkgs/default.nix | 2 +- makefu/5pkgs/programs-db/default.nix | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 makefu/5pkgs/programs-db/default.nix diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 80a0d33cd..b1d6df67e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -3,7 +3,7 @@ self: super: let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let - override = super.callPackage path args; + override = super.callPackage path args; upstream = optionalAttrs (override ? "name") (super.${(parseDrvName override.name).name} or {}); in if upstream ? "name" && diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix deleted file mode 100644 index f40b1b96e..000000000 --- a/makefu/5pkgs/programs-db/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ stdenv }: - -stdenv.mkDerivation rec { - name = "programs-db"; - src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ; - - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp programs.sqlite $out - ''; - -} -- cgit v1.2.3 From 99d4464e6ce548b2441dd5d420d4d851b4b1523e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Feb 2018 22:03:59 +0100 Subject: ma git: init hydra-stockholm --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index eacbd99cf..1109e2519 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -28,6 +28,7 @@ let init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; + hydra-stockholm = { }; }; priv-repos = mapAttrs make-priv-repo { -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/85100000.lock: No such file or directory (2)