From bfc2aa3b236813945ca4f2b5d683d51c82e983b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Jul 2016 10:38:41 +0200 Subject: m 2 hw/tp-x2x0: disable touchpad via synaptics --- makefu/2configs/hw/tp-x2x0.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index c10ec1314..9047cfb66 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -12,6 +12,12 @@ with config.krebs.lib; zramSwap.enable = true; zramSwap.numDevices = 2; + # enable synaptics so we can easily disable the touchpad + # enable the touchpad with `synclient TouchpadOff=0` + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; hardware.trackpoint = { enable = true; sensitivity = 220; @@ -19,7 +25,6 @@ with config.krebs.lib; emulateWheel = true; }; - services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery -- cgit v1.2.3 From 864e711114b048e875f0d73eeefdca436eebea00 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Jul 2016 16:19:07 +0200 Subject: k 3 nginx: add ssl.force_encryption --- krebs/3modules/nginx.nix | 13 +++++++++++++ makefu/2configs/bepasty-dual.nix | 6 ++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index fc7fcca6f..25dfb5d6a 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -73,6 +73,14 @@ let type = bool; default = true; }; + force_encryption = mkOption { + type = bool; + default = false; + description = '' + redirect all `http` traffic to the same domain but with ssl + protocol. + ''; + }; protocols = mkOption { type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]); default = [ "TLSv1.1" "TLSv1.2" ]; @@ -122,6 +130,11 @@ let server_name ${toString (unique server-names)}; ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} ${optionalString ssl.enable (indent '' + ${optionalString ssl.force_encryption '' + if ($scheme = http){ + return 301 https://$server_name$request_uri; + } + ''} listen 443 ssl; ssl_certificate ${ssl.certificate}; ssl_certificate_key ${ssl.certificate_key}; diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index f675c4ac8..4b5389c32 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -45,6 +45,7 @@ in { #certificate = "${sec}/wildcard.krebsco.de.crt"; #certificate_key = "${sec}/wildcard.krebsco.de.key"; ciphers = "RC4:HIGH:!aNULL:!MD5" ; + force_encryption = true; }; locations = singleton ( nameValuePair "/.well-known/acme-challenge" '' root ${acmechall}/${ext-dom}/; @@ -54,10 +55,7 @@ in { ssl_session_timeout 10m; ssl_verify_client off; proxy_ssl_session_reuse off; - - if ($scheme = http){ - return 301 https://$server_name$request_uri; - }''; + ''; }; defaultPermissions = "read"; secretKey = secKey; -- cgit v1.2.3 From fa3896135414b2634e6d912a2647aba7bea3ac2d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 22 Jul 2016 12:35:06 +0200 Subject: m 2 zsh-user: use absolute path to gpg-connect-agent --- makefu/2configs/zsh-user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 99c1315e1..a3286b7fd 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,7 +22,7 @@ in bindkey "\e[3~" delete-char zstyle ':completion:*' menu select - gpg-connect-agent updatestartuptty /bye >/dev/null + ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null GPG_TTY=$(tty) export GPG_TTY unset SSH_AGENT_PID -- cgit v1.2.3 From 917bdf236f8b38efeafd6c7b697a437ac18f64a6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:16:22 +0200 Subject: k 3 exim-smarthost: add authenticators option --- krebs/3modules/exim-smarthost.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index aba6ee0b5..8b6627678 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -2,6 +2,7 @@ with config.krebs.lib; let + indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; out = { @@ -12,6 +13,11 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + authenticators = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + dkim = mkOption { type = types.listOf (types.submodule ({ config, ... }: { options = { @@ -257,6 +263,10 @@ let begin rewrite begin authenticators + ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${name}: + ${indent text} + '') cfg.authenticators)} ''; }; }; -- cgit v1.2.3 From 3d8318d625db60060a3624081059f93b66ca5c46 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:16:41 +0200 Subject: k 3 exim-smarthost: add ssl options --- krebs/3modules/exim-smarthost.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 8b6627678..cfe2e5f04 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -86,6 +86,16 @@ let default = []; }; + ssl_cert = mkOption { + type = types.nullOr types.str; + default = null; + }; + + ssl_key = mkOption { + type = types.nullOr types.str; + default = null; + }; + system-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -142,7 +152,9 @@ let syslog_timestamp = false syslog_duplication = false - tls_advertise_hosts = + ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"} + ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"} + tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"} begin acl -- cgit v1.2.3 From 83090eb4a1f98614671ea3bdb48315cf5be5585c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:17:36 +0200 Subject: k 3: add genid_signed --- krebs/4lib/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 296748333..f62c033bd 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -33,6 +33,7 @@ let out = rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); genid = import ./genid.nix { lib = lib // out; }; + genid_signed = x: ((genid x) + 16777216) / 2; git = import ./git.nix { lib = lib // out; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; -- cgit v1.2.3 From 18469388a6f8f255b8094d002b3c176dab81b845 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:18:43 +0200 Subject: k 5 exim: add pam support --- krebs/5pkgs/exim/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix index 0918e308d..835970555 100644 --- a/krebs/5pkgs/exim/default.nix +++ b/krebs/5pkgs/exim/default.nix @@ -1,4 +1,4 @@ -{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: +{ coreutils, fetchurl, db, openssl, pam, pcre, perl, pkgconfig, stdenv }: stdenv.mkDerivation rec { name = "exim-4.87"; @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl"; }; - buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; + buildInputs = [ coreutils db openssl pam pcre perl pkgconfig ]; preBuild = '' sed ' @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { s:^# \(SUPPORT_TLS\)=.*:\1=yes: s:^# \(USE_OPENSSL_PC=openssl\)$:\1: s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(SUPPORT_PAM\)=.*:\1=yes\nEXTRALIBS=-lpam: s:^# \(HAVE_IPV6=yes\)$:\1: s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: -- cgit v1.2.3 From 29ef105c46287bb9964269004a56c51d4a2834bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:19:18 +0200 Subject: l 2 buildbot: uss ssh sockets --- lass/2configs/buildbot-standalone.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 5afb23687..7c7693ab7 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -3,8 +3,13 @@ with config.krebs.lib; let + sshHostConfig = pkgs.writeText "ssh-config" '' + ControlMaster auto + ControlPath /tmp/%u_sshmux_%r@%h:%p + ControlPersist 4h + ''; sshWrapper = pkgs.writeDash "ssh-wrapper" '' - ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ${pkgs.openssh}/bin/ssh -F ${sshHostConfig} -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" ''; in { -- cgit v1.2.3 From 947f79a399dd9ca6dd8a177d31d8b016692040f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Jul 2016 18:03:47 +0200 Subject: l 2 git: allow all users to fetch public repos --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 9a1cab176..ab4450715 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -80,7 +80,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu ]; + user = attrValues config.krebs.users; repo = [ repo ]; perm = fetch; } ++ -- cgit v1.2.3 From ceb5200f03737d9d307206ba6af013144eb6efbc Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 25 Jul 2016 18:53:42 +0200 Subject: k 3 makefu: add nixos.unstable CNAME to github --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 52db3de85..8a8538267 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -167,6 +167,7 @@ with config.krebs.lib; extraZones = { "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. + nixos.unstable IN CNAME krebscode.github.io. pigstarter IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} -- cgit v1.2.3 From cd5ecd173b2d98974b9dc090ddcafaa902a6e238 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Jul 2016 14:01:03 +0200 Subject: k 3 makefu: add tinc pubkeys to siem network --- krebs/3modules/makefu/default.nix | 59 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 8a8538267..235ae84ff 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -53,6 +53,17 @@ with config.krebs.lib; aliases = [ "darth.siem" ]; + tinc.pubkey = '' + Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK + -----BEGIN RSA PUBLIC KEY----- + MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW + TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb + fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS + Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21 + kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh + rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE= + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -63,6 +74,16 @@ with config.krebs.lib; aliases = [ "ossim.siem" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl + RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL + cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand + mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd + dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL + WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -127,8 +148,19 @@ with config.krebs.lib; siem = { ip4.addr = "10.8.10.4"; aliases = [ - "arch.siem" + "makefu.siem" ]; + tinc.pubkey = '' + Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI + -----BEGIN RSA PUBLIC KEY----- + MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p + XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y + ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O + vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm + t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR + 56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE= + -----END RSA PUBLIC KEY----- + ''; }; }; ssh.privkey.path = ; @@ -326,6 +358,19 @@ with config.krebs.lib; siem = { ip4.addr = "10.8.10.7"; aliases = [ "display.siem" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5 + 6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J + +1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7 + FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg + LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW + LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB + -----END RSA PUBLIC KEY----- + -----BEGIN ED25519 PUBLIC KEY----- + 3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO + -----END ED25519 PUBLIC KEY----- + ''; }; retiolum = { ip4.addr = "10.243.214.15"; @@ -396,9 +441,19 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB siem = { ip4.addr = "10.8.10.1"; aliases = [ - "sjump.siem" + "shoney.siem" "graphs.siem" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu + 74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU + l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB + CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4 + fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z + L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; internet = { ip4.addr = "64.137.234.215"; -- cgit v1.2.3 From 2f45394b52b8c738be80a0498c29a36362126961 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Jul 2016 14:02:04 +0200 Subject: k 3 retiolum: add customizable tinc-up --- krebs/3modules/retiolum.nix | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 0bd815211..18e0dd65a 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -12,9 +12,11 @@ let define a tinc network ''; type = with types; attrsOf (submodule (tinc: { - options = { + options = let + netname = tinc.config._module.args.name; + in { - enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; }; + enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; host = mkOption { type = types.host; @@ -23,7 +25,7 @@ let netname = mkOption { type = types.enum (attrNames tinc.config.host.nets); - default = tinc.config._module.args.name; + default = netname; description = '' The tinc network name. It is used to name the TUN device and to generate the default value for @@ -38,6 +40,27 @@ let Extra Configuration to be appended to tinc.conf ''; }; + tincUp = mkOption { + type = types.string; + default = let + net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; + in '' + ${optionalString (net.ip4 != null) /* sh */ '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ''} + ${optionalString (net.ip6 != null) /* sh */ '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ''} + ''; + description = '' + tinc-up script to be used. Defaults to setting the + krebs.host.nets..ip4 and ip6 for the new ips and + configures forwarding of the respecitive netmask as subnet. + ''; + }; tincPackage = mkOption { type = types.package; @@ -131,6 +154,7 @@ let krebs.secret.files = mapAttrs' (netname: cfg: nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + users.users = mapAttrs' (netname: cfg: nameValuePair "${netname}" { inherit (cfg.user) home name uid; @@ -140,7 +164,6 @@ let systemd.services = mapAttrs (netname: cfg: let - net = cfg.host.nets.${netname}; tinc = cfg.tincPackage; iproute = cfg.iproutePackage; @@ -157,14 +180,7 @@ let ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' ${iproute}/sbin/ip link set ${netname} up - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} - ''} + ${cfg.tincUp} ''; } ); -- cgit v1.2.3 From b308c77e7af47bd4994ef23b59a7e40975485f9b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Jul 2016 15:18:59 +0200 Subject: k 3 m: siem.ip4.prefix --- krebs/3modules/makefu/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 235ae84ff..a878f50ee 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -49,7 +49,8 @@ with config.krebs.lib; ''; }; siem = { - ip4.addr = "10.8.10.2"; + ip4.addr = "10.8.10.2"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "darth.siem" ]; @@ -71,6 +72,7 @@ with config.krebs.lib; nets = { siem = { ip4.addr = "10.8.10.6"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "ossim.siem" ]; @@ -147,6 +149,7 @@ with config.krebs.lib; }; siem = { ip4.addr = "10.8.10.4"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "makefu.siem" ]; @@ -357,6 +360,7 @@ with config.krebs.lib; nets = { siem = { ip4.addr = "10.8.10.7"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "display.siem" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -440,6 +444,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB nets = { siem = { ip4.addr = "10.8.10.1"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "shoney.siem" "graphs.siem" -- cgit v1.2.3 From b139155bee6006f21993f3b2b6bfd5adde6fff6f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Jul 2016 21:36:47 +0200 Subject: l 3 power-action -> k 3 power-action --- krebs/3modules/default.nix | 1 + krebs/3modules/power-action.nix | 97 +++++++++++++++++++++++++++++++++++++++++ lass/1systems/helios.nix | 2 +- lass/2configs/power-action.nix | 4 +- lass/3modules/default.nix | 1 - lass/3modules/power-action.nix | 97 ----------------------------------------- 6 files changed, 101 insertions(+), 101 deletions(-) create mode 100644 krebs/3modules/power-action.nix delete mode 100644 lass/3modules/power-action.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d64d8047a..9af42acc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -28,6 +28,7 @@ let ./on-failure.nix ./os-release.nix ./per-user.nix + ./power-action.nix ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix new file mode 100644 index 000000000..4c2533eb7 --- /dev/null +++ b/krebs/3modules/power-action.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + cfg = config.krebs.power-action; + + out = { + options.krebs.power-action = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "power-action"; + battery = mkOption { + type = types.str; + default = "BAT0"; + }; + user = mkOption { + type = types.user; + default = { + name = "power-action"; + }; + }; + startAt = mkOption { + type = types.str; + default = "*:0/1"; + }; + plans = mkOption { + type = with types; attrsOf (submodule { + options = { + charging = mkOption { + type = nullOr bool; + default = null; + description = '' + check for charging status. + null = don't care + true = only if system is charging + false = only if system is discharging + ''; + }; + upperLimit = mkOption { + type = int; + }; + lowerLimit = mkOption { + type = int; + }; + action = mkOption { + type = path; + }; + }; + }); + }; + }; + + imp = { + systemd.services.power-action = { + serviceConfig = rec { + ExecStart = startScript; + User = cfg.user.name; + }; + startAt = cfg.startAt; + }; + users.users.${cfg.user.name} = { + inherit (cfg.user) name uid; + }; + }; + + startScript = pkgs.writeDash "power-action" '' + set -euf + + power="$(${powerlvl})" + state="$(${state})" + ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} + ''; + charging_check = plan: + if (plan.charging == null) then "" else + if plan.charging + then ''&& [ "$state" = "true" ]'' + else ''&& ! [ "$state" = "true" ]'' + ; + + writeRule = _: plan: + "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; + + powerlvl = pkgs.writeDash "powerlvl" '' + cat /sys/class/power_supply/${cfg.battery}/capacity + ''; + + state = pkgs.writeDash "state" '' + if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] + then echo "false" + else echo "true" + fi + ''; + +in out diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 5f161d731..53026a6fb 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -58,7 +58,7 @@ with config.krebs.lib; # }; #} { - lass.power-action.battery = "BAT1"; + krebs.power-action.battery = "BAT1"; } ]; diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index 0ff8547c7..133966498 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -11,7 +11,7 @@ let ''; in { - lass.power-action = { + krebs.power-action = { enable = true; plans.low-battery = { upperLimit = 30; @@ -36,6 +36,6 @@ in { ]; security.sudo.extraConfig = '' - ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} ''; } diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 6a3b41ca4..60370b230 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./ejabberd ./folderPerms.nix ./mysql-backup.nix - ./power-action.nix ./umts.nix ./urxvtd.nix ./wordpress_nginx.nix diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix deleted file mode 100644 index 30875c9a9..000000000 --- a/lass/3modules/power-action.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - cfg = config.lass.power-action; - - out = { - options.lass.power-action = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "power-action"; - battery = mkOption { - type = types.str; - default = "BAT0"; - }; - user = mkOption { - type = types.user; - default = { - name = "power-action"; - }; - }; - startAt = mkOption { - type = types.str; - default = "*:0/1"; - }; - plans = mkOption { - type = with types; attrsOf (submodule { - options = { - charging = mkOption { - type = nullOr bool; - default = null; - description = '' - check for charging status. - null = don't care - true = only if system is charging - false = only if system is discharging - ''; - }; - upperLimit = mkOption { - type = int; - }; - lowerLimit = mkOption { - type = int; - }; - action = mkOption { - type = path; - }; - }; - }); - }; - }; - - imp = { - systemd.services.power-action = { - serviceConfig = rec { - ExecStart = startScript; - User = cfg.user.name; - }; - startAt = cfg.startAt; - }; - users.users.${cfg.user.name} = { - inherit (cfg.user) name uid; - }; - }; - - startScript = pkgs.writeDash "power-action" '' - set -euf - - power="$(${powerlvl})" - state="$(${state})" - ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} - ''; - charging_check = plan: - if (plan.charging == null) then "" else - if plan.charging - then ''&& [ "$state" = "true" ]'' - else ''&& ! [ "$state" = "true" ]'' - ; - - writeRule = _: plan: - "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; - - powerlvl = pkgs.writeDash "powerlvl" '' - cat /sys/class/power_supply/${cfg.battery}/capacity - ''; - - state = pkgs.writeDash "state" '' - if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] - then echo "false" - else echo "true" - fi - ''; - -in out -- cgit v1.2.3 From 88a220f78825c1bfc60f0e885e02eacc0b7cd6a9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Jul 2016 00:05:59 +0200 Subject: m 1 omo: configure mergerfs --- makefu/1systems/omo.nix | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e11abd40d..ead8f49b6 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -4,6 +4,7 @@ { config, pkgs, lib, ... }: let + toMapper = id: "/media/crypt${builtins.toString id}"; byid = dev: "/dev/disk/by-id/" + dev; keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; @@ -33,7 +34,8 @@ let # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + allDisks = [ rootDisk ] ++ dataDisks; in { imports = [ @@ -73,25 +75,34 @@ in { virtualisation.docker.enable = true; - # HDD Array stuff - environment.systemPackages = [ pkgs.mergerfs ]; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - makefu.snapraid = let - toMapper = id: "/media/crypt${builtins.toString id}"; - in { + makefu.snapraid = { enable = true; disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; + # TODO create folders in /media + system.activationScripts.createCryptFolders = '' + ${lib.concatMapStringsSep "\n" + (d: "install -m 755 -d " + (toMapper d) ) + [ 0 1 2 "X" ]} + ''; + environment.systemPackages = [ pkgs.mergerfs ]; fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" // cryptMount "crypt1" - // cryptMount "crypt2"; + // cryptMount "crypt2" + // { "/media/cryptX" = { + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); + fsType = "mergerfs"; + options = [ "defaults" "allow_other" ]; + }; + }; powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} -- cgit v1.2.3 From 8c465870fc94d8544a164e547f174fd0bb9d8661 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 10:55:34 +0200 Subject: retiolum: support nets..tinc.port --- krebs/3modules/retiolum.nix | 6 ++++-- krebs/4lib/types.nix | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 18e0dd65a..8e91ee6e1 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -132,8 +132,9 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 = - [ "${external-ip} ${external-port}" ] + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = + "${external-ip} ${external-port}" + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; ''; }; @@ -176,6 +177,7 @@ let Interface = ${netname} ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} PrivateKeyFile = ${cfg.privkey.path} + Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} ${cfg.extraConfig} ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 8906eff4a..d057cef1d 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -130,7 +130,7 @@ types // rec { type = str; default = concatStringsSep "\n" ( (optionals (net.via != null) - (map (a: "Address = ${a}") net.via.addrs)) + (map (a: "Address = ${a} ${toString config.port}") net.via.addrs)) ++ (map (a: "Subnet = ${a}") net.addrs) ++ @@ -140,6 +140,11 @@ types // rec { pubkey = mkOption { type = tinc-pubkey; }; + port = mkOption { + type = int; + description = "tinc port to use to connect to host"; + default = 655; + }; }; })); default = null; -- cgit v1.2.3 From b1569158057042aa50e6816e38f0305bab8e5f9c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 12:58:54 +0200 Subject: makefu: pornocauster -> x --- krebs/3modules/makefu/default.nix | 16 ++++--- lass/2configs/buildbot-standalone.nix | 2 +- makefu/1systems/pornocauster.nix | 81 ----------------------------------- makefu/1systems/wbob.nix | 2 +- makefu/1systems/x.nix | 73 +++++++++++++++++++++++++++++++ makefu/2configs/tinc/siem.nix | 12 ++++++ 6 files changed, 96 insertions(+), 90 deletions(-) delete mode 100644 makefu/1systems/pornocauster.nix create mode 100644 makefu/1systems/x.nix create mode 100644 makefu/2configs/tinc/siem.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a878f50ee..dffb6b0a1 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -126,15 +126,15 @@ with config.krebs.lib; }; }; }; - pornocauster = { + x = { cores = 2; nets = { retiolum = { ip4.addr = "10.243.0.91"; ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ - "pornocauster.retiolum" - "pornocauster.r" + "x.retiolum" + "x.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -167,7 +167,7 @@ with config.krebs.lib; }; }; ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; }; @@ -441,8 +441,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; shoney = rec { cores = 1; - nets = { + nets = rec { siem = { + via = internet; ip4.addr = "10.8.10.1"; ip4.prefix = "10.8.10.0/24"; aliases = [ @@ -459,6 +460,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.port = 1655; }; internet = { ip4.addr = "64.137.234.215"; @@ -790,8 +792,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; users = rec { makefu = { - mail = "makefu@pornocauster.retiolum"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; + mail = "makefu@x.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; pgp.pubkeys.default = builtins.readFile ./default.pgp; pgp.pubkeys.brain = builtins.readFile ./brain.pgp; }; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7c7693ab7..766fd715e 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -95,7 +95,7 @@ in { method=build \ system={}".format(i)]) - for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]: + for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["make \ diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix deleted file mode 100644 index b683e5630..000000000 --- a/makefu/1systems/pornocauster.nix +++ /dev/null @@ -1,81 +0,0 @@ -# -# -# -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ../. - ../2configs/main-laptop.nix #< base-gui + zsh - ../2configs/laptop-utils.nix - - # Krebs - #../2configs/disable_v6.nix - - - # applications - - ../2configs/exim-retiolum.nix - ../2configs/mail-client.nix - ../2configs/printer.nix - ../2configs/virtualization.nix - ../2configs/virtualization-virtualbox.nix - ../2configs/wwan.nix - - # services - ../2configs/git/brain-retiolum.nix - ../2configs/tor.nix - ../2configs/steam.nix - # ../2configs/buildbot-standalone.nix - - # hardware specifics are in here - ../2configs/hw/tp-x220.nix - ../2configs/hw/rtl8812au.nix - # mount points - ../2configs/fs/sda-crypto-root-home.nix - # ../2configs/mediawiki.nix - #../2configs/wordpress.nix - ../2configs/nginx/public_html.nix - - ../2configs/tinc/retiolum.nix - # temporary modules - ../2configs/temp/share-samba.nix - # ../2configs/temp/elkstack.nix - # ../2configs/temp/sabnzbd.nix - ]; - - services.tinc.networks.siem = { - name = "makefu"; - extraConfig = '' - ConnectTo = sdarth - ConnectTo = sjump - ''; - }; - - krebs.nginx = { - default404 = false; - servers.default.listen = [ "80 default_server" ]; - servers.default.server-names = [ "_" ]; - }; - - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; - - virtualisation.docker.enable = true; - - # configure pulseAudio to provide a HDMI sink as well - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 ]; - networking.firewall.allowedUDPPorts = [ 665 ]; - - krebs.build.host = config.krebs.hosts.pornocauster; - krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; - - krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; - - networking.extraHosts = '' - 192.168.1.11 omo.local - ''; - # hard dependency because otherwise the device will not be unlocked - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; -} diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index e8e0b091f..ff593ab35 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -66,7 +66,7 @@ in { client = { enable = true; screenName = "wbob"; - serverAddress = "pornocauster.r"; + serverAddress = "x.r"; }; }; } diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix new file mode 100644 index 000000000..d41edfa46 --- /dev/null +++ b/makefu/1systems/x.nix @@ -0,0 +1,73 @@ +# +# +# +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../. + ../2configs/main-laptop.nix #< base-gui + zsh + ../2configs/laptop-utils.nix + + # Krebs + #../2configs/disable_v6.nix + + + # applications + + ../2configs/exim-retiolum.nix + ../2configs/mail-client.nix + ../2configs/printer.nix + ../2configs/virtualization.nix + ../2configs/virtualization-virtualbox.nix + ../2configs/wwan.nix + + # services + ../2configs/git/brain-retiolum.nix + ../2configs/tor.nix + ../2configs/steam.nix + # ../2configs/buildbot-standalone.nix + + # hardware specifics are in here + ../2configs/hw/tp-x220.nix + ../2configs/hw/rtl8812au.nix + # mount points + ../2configs/fs/sda-crypto-root-home.nix + # ../2configs/mediawiki.nix + #../2configs/wordpress.nix + ../2configs/nginx/public_html.nix + + ../2configs/tinc/retiolum.nix + # temporary modules + ../2configs/temp/share-samba.nix + # ../2configs/temp/elkstack.nix + # ../2configs/temp/sabnzbd.nix + ../2configs/tinc/siem.nix + ]; + krebs.nginx = { + default404 = false; + servers.default.listen = [ "80 default_server" ]; + servers.default.server-names = [ "_" ]; + }; + + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; + + virtualisation.docker.enable = true; + + # configure pulseAudio to provide a HDMI sink as well + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 80 24800 26061 ]; + networking.firewall.allowedUDPPorts = [ 665 26061 ]; + + krebs.build.host = config.krebs.hosts.x; + krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; + + krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; + + networking.extraHosts = '' + 192.168.1.11 omo.local + ''; + # hard dependency because otherwise the device will not be unlocked + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; +} diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix new file mode 100644 index 000000000..fae72590f --- /dev/null +++ b/makefu/2configs/tinc/siem.nix @@ -0,0 +1,12 @@ +{lib, config, ... }: +{ + # TODO do not know why we need to force it, port is only set via default to 655 + krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; + + networking.firewall.allowedUDPPorts = [ 1665 ]; + networking.firewall.allowedTCPPorts = [ 1655 ]; + krebs.tinc.siem = { + enable = true; + connectTo = [ "shoney" ]; + }; +} -- cgit v1.2.3 From 469fc88a6f4015dc1a71bc668107488fdb6a4a52 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 12:59:29 +0200 Subject: m ps3netsrv: init --- makefu/3modules/default.nix | 7 +++-- makefu/3modules/ps3netsrv.nix | 58 ++++++++++++++++++++++++++++++++++++++ makefu/5pkgs/ps3netsrv/default.nix | 2 +- 3 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 makefu/3modules/ps3netsrv.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index febebaa18..7fc095bab 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,11 +2,12 @@ _: { imports = [ - ./snapraid.nix - ./umts.nix - ./taskserver.nix ./awesome-extra.nix ./forward-journal.nix + ./ps3netsrv.nix + ./snapraid.nix + ./taskserver.nix + ./umts.nix ]; } diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix new file mode 100644 index 000000000..22681637c --- /dev/null +++ b/makefu/3modules/ps3netsrv.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.ps3netsrv; + + out = { + options.makefu.ps3netsrv = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "ps3netsrv"; + + servedir = mkOption { + description = "path to serve, must be set"; + type = types.str; + }; + + package = mkOption { + type = types.package; + default = pkgs.ps3netsrv; + }; + + user = mkOption { + description = ''user which will run ps3netsrv''; + type = types.str; + default = "ps3netsrv"; + }; + }; + + imp = { + systemd.services.ps3netsrv = { + description = "ps3netsrv server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + unitConfig = { + Documentation = "https://www.arm-blog.com/playing-ps3-games-from-your-nas/" ; + ConditionPathExists = cfg.servedir; + }; + serviceConfig = { + Type = "simple"; + ExecStart = "${cfg.package}/bin/ps3netsrv++ ${shell.escape cfg.servedir}"; + PrivateTmp = true; + User = "${cfg.user}"; + }; + }; + + # TODO only create if user is ps3netsrv + users.users.ps3netsrv = { + uid = genid "ps3netsrv"; + }; + users.groups.ps3netsrv.gid = genid "ps3netsrv"; + }; +in +out + diff --git a/makefu/5pkgs/ps3netsrv/default.nix b/makefu/5pkgs/ps3netsrv/default.nix index 904185934..f62ee0c9a 100644 --- a/makefu/5pkgs/ps3netsrv/default.nix +++ b/makefu/5pkgs/ps3netsrv/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { url = "https://github.com/dirkvdb/ps3netsrv--"; fetchSubmodules = true; rev = "e54a66cbf142b86e2cffc1701984b95adb921e81"; # latest @ 2016-05-24 - sha256 = "0l7bp18cs3xr2qgsmcf18diccski49mj9whngxm9isi8wd4r9inj"; + sha256 = "09hvmfzqy2jckpsml0z1gkcnar8sigmgs1q66k718fph2d3g54sa"; }; nativeBuildInputs = [ gnugrep ]; -- cgit v1.2.3 From 0916d0167c5ff983bc0202f7351be807e2fa1a1b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 13:00:24 +0200 Subject: m 5 git-xlsx-textconv: fix builder --- makefu/5pkgs/git-xlsx-textconv/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/5pkgs/git-xlsx-textconv/default.nix b/makefu/5pkgs/git-xlsx-textconv/default.nix index 1f631f020..66dde76ef 100644 --- a/makefu/5pkgs/git-xlsx-textconv/default.nix +++ b/makefu/5pkgs/git-xlsx-textconv/default.nix @@ -1,6 +1,6 @@ -{ stdenv, lib, goPackages, fetchFromGitHub }: +{ stdenv, lib, buildGoPackage, fetchFromGitHub }: let - go-xlsx = goPackages.buildGoPackage rec { + go-xlsx = buildGoPackage rec { name = "go-xlsx-${version}"; version = "46e6e472d"; @@ -13,7 +13,7 @@ let }; }; in -(goPackages.buildGoPackage rec { +(buildGoPackage rec { name = "git-xlsx-textconv-${version}"; version = "70685e7f8"; -- cgit v1.2.3 From 64f0e746992f9ab1395a917f43af09a86add70b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 13:02:06 +0200 Subject: m 1 omo: enable ps3netsrv --- makefu/1systems/omo.nix | 5 ++++- makefu/2configs/nginx/euer.wiki.nix | 38 ++++++++++++++++++++++++++++--------- 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index ead8f49b6..699cdb2e1 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -74,7 +74,10 @@ in { systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; virtualisation.docker.enable = true; - + makefu.ps3netsrv = { + enable = true; + servedir = "/media/cryptX/emu/ps3"; + }; # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 10985c833..655dee7b2 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -3,8 +3,15 @@ with config.krebs.lib; let sec = toString ; - ssl_cert = "${sec}/wildcard.krebsco.de.crt"; - ssl_key = "${sec}/wildcard.krebsco.de.key"; + ext-dom = "wiki.euer.krebsco.de"; + acmepath = "/var/lib/acme/"; + acmechall = acmepath + "/challenges/"; + + #ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + #ssl_key = "${sec}/wildcard.krebsco.de.key"; + ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem"; + ssl_key = "${acmepath}/${ext-dom}/key.pem"; + user = config.services.nginx.user; group = config.services.nginx.group; fpm-socket = "/var/run/php5-fpm.sock"; @@ -80,22 +87,23 @@ in { listen = [ "${external-ip}:80" "${external-ip}:443 ssl" "${internal-ip}:80" "${internal-ip}:443 ssl" ]; server-names = [ - "wiki.euer.krebsco.de" + ext-dom "wiki.makefu.retiolum" "wiki.makefu" ]; + ssl = { + enable = true; + # these certs will be needed if acme has not yet created certificates: + certificate = ssl_cert; + certificate_key = ssl_key; + force_encryption = true; + }; extraConfig = '' gzip on; gzip_buffers 4 32k; gzip_types text/plain application/x-javascript text/css; - ssl_certificate ${ssl_cert}; - ssl_certificate_key ${ssl_key}; default_type text/plain; - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } - ''; locations = [ (nameValuePair "/" '' @@ -111,8 +119,20 @@ in { include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; '') + (nameValuePair "/.well-known/acme-challenge" '' + root ${acmechall}/${ext-dom}/; + '') + ]; }; }; }; + security.acme.certs."${ext-dom}" = { + email = "acme@syntax-fehler.de"; + webroot = "${acmechall}/${ext-dom}/"; + group = "nginx"; + allowKeysForGroup = true; + postRun = "systemctl reload nginx.service"; + extraDomains."${ext-dom}" = null ; + }; } -- cgit v1.2.3 From de10a917de07ef3eb2ba3aed0e97d738975652a9 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 13:02:41 +0200 Subject: k 4 types: tinc.extraConfig --- krebs/4lib/types.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index d057cef1d..37d44606b 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -134,12 +134,19 @@ types // rec { ++ (map (a: "Subnet = ${a}") net.addrs) ++ + [config.extraConfig] + ++ [config.pubkey] ); }; pubkey = mkOption { type = tinc-pubkey; }; + extraConfig = mkOption { + description = "Extra Configuration to be appended to the hosts file"; + default = ""; + type = string; + }; port = mkOption { type = int; description = "tinc port to use to connect to host"; -- cgit v1.2.3 From 8ef63b024dfa1f1e414f2d077828cd9e8488e575 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 13:03:09 +0200 Subject: k 3 retiolum: fix documentation text --- krebs/3modules/retiolum.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 8e91ee6e1..2b181a556 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -132,8 +132,7 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = - "${external-ip} ${external-port}" + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; ''; }; -- cgit v1.2.3 From d3e9830f9850591e5a0e0820b785fd324087ac40 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 30 Jul 2016 18:31:17 +0200 Subject: m 5 wol: init --- makefu/5pkgs/default.nix | 9 +++++---- makefu/5pkgs/wol/default.nix | 22 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 makefu/5pkgs/wol/default.nix diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 718b23c9e..29e762f27 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -5,20 +5,21 @@ let in { nixpkgs.config.packageOverrides = rec { - alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; + alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; awesomecfg = callPackage ./awesomecfg {}; bintray-upload = callPackage ./bintray-upload {}; + inherit (callPackage ./devpi {}) devpi-web devpi-server; + farpd = callPackage ./farpd {}; git-xlsx-textconv = callPackage ./git-xlsx-textconv {}; mergerfs = callPackage ./mergerfs {}; mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; + ps3netsrv = callPackage ./ps3netsrv {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; - inherit (callPackage ./devpi {}) devpi-web devpi-server; skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; - ps3netsrv = callPackage ./ps3netsrv {}; - farpd = callPackage ./farpd {}; + wol = callPackage ./wol {}; }; } diff --git a/makefu/5pkgs/wol/default.nix b/makefu/5pkgs/wol/default.nix new file mode 100644 index 000000000..a6d54b8a2 --- /dev/null +++ b/makefu/5pkgs/wol/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + proj = "wake-on-lan"; + name = "wol-${version}"; + version = "0.7.1"; + + enableParallelBuilding = true; + + src = fetchurl { + url = "mirror://sourceforge/${proj}/${name}.tar.gz"; + sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270"; + }; + + meta = { + description = "simple wake-on-lan client"; + homepage = https://sourceforge.net/projects/wake-on-lan/; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} -- cgit v1.2.3 From 75cecd1f2e1ea789d574e4092bc5c2725edf2c00 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 30 Jul 2016 18:42:57 +0200 Subject: m 1 filepimp: enable wol --- makefu/1systems/filepimp.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index c6966c99c..4037f693d 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -3,6 +3,7 @@ let byid = dev: "/dev/disk/by-id/" + dev; part1 = disk: disk + "-part1"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; + primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc # N54L Chassis: # ____________________ # |______FRONT_______| @@ -75,4 +76,11 @@ in { (xfsmount "j2" (part1 jDisk2)) // (xfsmount "par0" (part1 jDisk3)) ; + services.wakeonlan.interfaces = [ + { + interface = primary-interface; + method = "password"; + password = "CA:FE:BA:BE:13:37"; + } + ]; } -- cgit v1.2.3 From d82d6dfb8609fadc8a65c6ff61e8ced2fdbde9ba Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 30 Jul 2016 18:43:21 +0200 Subject: m 1 omo: add wol pkg to systempkgs --- makefu/1systems/omo.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 699cdb2e1..3aa5e943e 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -93,7 +93,10 @@ in { (d: "install -m 755 -d " + (toMapper d) ) [ 0 1 2 "X" ]} ''; - environment.systemPackages = [ pkgs.mergerfs ]; + environment.systemPackages = with pkgs;[ + mergerfs # hard requirement for mount + wol # wake up filepimp + ]; fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; -- cgit v1.2.3 From e215b30483a4275ac831c6def9c27b004d4d6887 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 11:49:24 +0200 Subject: m 2 base-gui: xhost +local: --- makefu/2configs/base-gui.nix | 5 ++++- makefu/2configs/fetchWallpaper.nix | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index f7d6991c5..a028e5073 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -87,5 +87,8 @@ in URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s ''; - in "cat ${xdefaultsfile} | xrdb -merge"; + in '' + cat ${xdefaultsfile} | xrdb -merge + ${pkgs.xorg.xhost}/bin/xhost +local: + ''; } diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index 786df6d40..fb74919c4 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -3,7 +3,7 @@ { krebs.fetchWallpaper = { enable = true; - display = ":0"; + display = ":0.0"; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; timerConfig = { OnCalendar = "*:0/30"; -- cgit v1.2.3 From 278e34c393988b3e039c7e47bbb73eb8adb978f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 11:50:16 +0200 Subject: m 2 main-laptop: add power-action --- makefu/2configs/main-laptop.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 3cc91b630..92cc1fc43 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -16,6 +16,44 @@ with config.krebs.lib; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + krebs.power-action = let + speak = "${pkgs.espeak}/bin/espeak"; + whisper = text: ''${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"''; + note = "${pkgs.libnotify}/bin/notify-send"; + in { + enable = true; + plans.low-battery = { + upperLimit = 25; + lowerLimit = 15; + charging = false; + action = whisper "power level low, please plug me in"; + }; + plans.nag-harder = { + upperLimit = 15; + lowerLimit = 5; + action = pkgs.writeDash "crit-speak" '' + ${whisper "Power level critical, do something"} + ${note} Battery -u critical -t 600000 "Power level critical, do something!" + ''; + }; + plans.last-chance = { + upperLimit = 5; + lowerLimit = 3; + charging = false; + action = pkgs.writeDash "suspend-wrapper" '' + ${note} Battery -u crit "You've had your chance, suspend in 5 seconds" + ${concatMapStringsSep "\n" (i: '' + ${note} -u critical -t 1000 ${toString i} + ${speak} ${toString i} & + sleep 1 + '') + [ 5 4 3 2 1 ]} + /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend + ''; + }; + }; + users.users.power-action.extraGroups = [ "audio" ]; + security.sudo.extraConfig = "${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; services.redshift = { enable = true; -- cgit v1.2.3 From 9ef2790f099115a4759ae7ae45945a4d85ad097d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 11:50:53 +0200 Subject: m 2 tinc/siem: add krebs dns provider --- makefu/2configs/tinc/siem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix index fae72590f..8f17f1a0a 100644 --- a/makefu/2configs/tinc/siem.nix +++ b/makefu/2configs/tinc/siem.nix @@ -2,7 +2,7 @@ { # TODO do not know why we need to force it, port is only set via default to 655 krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; - + krebs.dns.providers.siem = "hosts"; networking.firewall.allowedUDPPorts = [ 1665 ]; networking.firewall.allowedTCPPorts = [ 1655 ]; krebs.tinc.siem = { -- cgit v1.2.3 From def975ffb2c1d955e30f12a92f49789ace8d8eb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Aug 2016 14:59:31 +0200 Subject: k 3 power-action: don't create configured user --- krebs/3modules/power-action.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index 4c2533eb7..7227f4a9a 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -17,10 +17,8 @@ let default = "BAT0"; }; user = mkOption { - type = types.user; - default = { - name = "power-action"; - }; + type = types.string; + default = "power-action"; }; startAt = mkOption { type = types.str; @@ -57,13 +55,10 @@ let systemd.services.power-action = { serviceConfig = rec { ExecStart = startScript; - User = cfg.user.name; + User = cfg.user; }; startAt = cfg.startAt; }; - users.users.${cfg.user.name} = { - inherit (cfg.user) name uid; - }; }; startScript = pkgs.writeDash "power-action" '' -- cgit v1.2.3 From 35f0b5a22326fa67016a112ab78ffeaf55da4cef Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Aug 2016 14:59:58 +0200 Subject: k 3 power-action: fix description --- krebs/3modules/power-action.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index 7227f4a9a..bb5b3e521 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -33,7 +33,7 @@ let description = '' check for charging status. null = don't care - true = only if system is charging + true = only if system is charging or unknown false = only if system is discharging ''; }; -- cgit v1.2.3 From 127b8c0989f1dc71313af67fb5e69c709df019f3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Aug 2016 15:00:15 +0200 Subject: l 2 power-action: reflect api change --- lass/2configs/power-action.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index 133966498..c83dc80dc 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -29,6 +29,7 @@ in { /var/setuid-wrappers/sudo ${suspend} ''; }; + user = "lass"; }; users.users.power-action.extraGroups = [ @@ -36,6 +37,6 @@ in { ]; security.sudo.extraConfig = '' - ${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} ''; } -- cgit v1.2.3 From 4719eb8d581dc6462e8531959c6e841e51c4f0d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 2 Aug 2016 15:40:41 +0200 Subject: m 2 main-laptop: remove obsolete display --- makefu/2configs/base-gui.nix | 2 +- makefu/2configs/main-laptop.nix | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index a028e5073..b039c12ca 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -55,7 +55,7 @@ in hardware.pulseaudio = { enable = true; - # systemWide = true; + systemWide = true; }; services.xserver.displayManager.sessionCommands = let xdefaultsfile = pkgs.writeText "Xdefaults" '' diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 92cc1fc43..9d5b06f70 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -6,7 +6,10 @@ # TODO split generic desktop stuff and laptop-specifics like lidswitching with config.krebs.lib; -{ +let + window-manager = "awesome"; + user = config.krebs.build.user.