From 0cd3e8771b01774bcfda000634395c10d1410d89 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:13:20 +0200 Subject: l: use ipv4 addresses for wiregrill --- krebs/3modules/lass/default.nix | 4 ++++ lass/1systems/prism/config.nix | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2a75cc1bb..d2a945284 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -95,6 +95,7 @@ in { }; wiregrill = { via = internet; + ip4.addr = "10.244.1.103"; ip6.addr = w6 "1"; aliases = [ "prism.w" @@ -104,6 +105,7 @@ in { subnets = [ (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR + "10.244.1.0/24" ]; }; }; @@ -196,6 +198,7 @@ in { }; wiregrill = { ip6.addr = w6 "50da"; + ip4.addr = "10.244.1.4"; aliases = [ "shodan.w" ]; @@ -554,6 +557,7 @@ in { phone = { nets = { wiregrill = { + ip4.addr = "10.244.1.13"; ip6.addr = w6 "a"; aliases = [ "phone.w" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 33ec21e72..42d07f36a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -272,9 +272,9 @@ with import ; resolveLocalQueries = false; extraConfig= '' - listen-address=42:1:ce16::1 + listen-address=42:1:ce16::1,10.244.1.103 except-interface=lo - interface=wg0 + interface=wiregrill ''; }; } -- cgit v1.3.1 From 4f5cc276260bac44748634d10bbfdde8532c9ce8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:14:10 +0200 Subject: newsbot-js: use go.r as default shortener --- krebs/3modules/newsbot-js.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index 00e346f8e..a3640caa5 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -48,7 +48,7 @@ let }; urlShortenerHost = mkOption { type = types.str; - default = "go"; + default = "go.r"; description = "what server to use for url shortening, host"; }; urlShortenerPort = mkOption { -- cgit v1.3.1 From 9d7481303abc6779336cb0c0746c758dd5042a14 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:14:32 +0200 Subject: flameshot-once: raise default timeout to fail less often --- krebs/5pkgs/simple/flameshot-once/profile.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/flameshot-once/profile.nix b/krebs/5pkgs/simple/flameshot-once/profile.nix index 4427e5b23..5aed99597 100644 --- a/krebs/5pkgs/simple/flameshot-once/profile.nix +++ b/krebs/5pkgs/simple/flameshot-once/profile.nix @@ -118,7 +118,7 @@ let type = types.bool; }; timeout = mkOption { - default = 100; + default = 200; description = '' Maximum time in milliseconds allowed for the flameshot daemon to react. -- cgit v1.3.1 From e2a86527908e4ea0ccc30790b74ea2f9ba0409a6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:14:51 +0200 Subject: realwallpaper: check firemap every 7 days --- krebs/5pkgs/simple/realwallpaper/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 057983fec..72a314ba9 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -104,7 +104,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD10C1_E_SNOW') & fetch_older_days 7 chlora-raw.jpg $(get_neo_url \ 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MY1DMM_CHLORA') & - fetch_older_days 3 fire-raw.jpg $(get_neo_url \ + fetch_older_days 7 fire-raw.jpg $(get_neo_url \ 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') & # regular fetches -- cgit v1.3.1 From db997dd0742c8c180cf88d89db052f865c477773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:15:13 +0200 Subject: l blue: disable restic backups --- lass/1systems/blue/config.nix | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index c46bb351e..f6dc23d20 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -17,27 +17,6 @@ with import ; networking.nameservers = [ "1.1.1.1" ]; - services.restic.backups = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - initialize = true; - extraOptions = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - repository = "sftp:backup@${dest}.r:/backups/blue"; - passwordFile = (toString ) + "/restic/${dest}"; - timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; - paths = [ - "/home/" - "/var/lib" - ]; - }); - time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } -- cgit v1.3.1 From 985e70c5b4485467d85c014d8d8654b9cdd51b7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:15:36 +0200 Subject: l morpheus.r: add ag to pkgs --- lass/1systems/morpheus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index c3a8ea6c8..79fbe4c97 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -18,6 +18,7 @@ with import ; gitAndTools.hub nix-review firefox + ag ]; services.openssh.forwardX11 = true; -- cgit v1.3.1 From 353fd8b647e74f8aab5d9574998ea943ed582fec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:16:11 +0200 Subject: l mors.r: migrate to new hardware --- lass/1systems/mors/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 2f3a68442..a9108104b 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -23,7 +23,7 @@ services.udev.extraRules = '' SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:4f:42:35", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! -- cgit v1.3.1 From 77e19ca192e5baab0d09f34ae1f9dd533ec1ea65 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:19:42 +0200 Subject: l mors.r: remove iodine from pkgs --- lass/1systems/mors/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c1ceb0633..b03d95c49 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -126,8 +126,6 @@ with import ; remmina transmission - iodine - macchanger dpass -- cgit v1.3.1 From 707ffcfebb2f7689ff5129bf25d1cd99e12c4498 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:22:33 +0200 Subject: l prism.r: allow more bandwidth for murmur --- lass/1systems/prism/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 42d07f36a..b335353be 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -284,7 +284,10 @@ with import ; ]; } { - services.murmur.enable = true; + services.murmur = { + enable = true; + bandwidth = 10000000; + }; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} -- cgit v1.3.1 From 4f6084494b146fde7e6ebc8d6724aa078b78a266 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:23:59 +0200 Subject: l prism.r: add wallpaper & xanf mounts --- lass/1systems/prism/physical.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 7458f5ffd..1a3bee850 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -55,6 +55,16 @@ fsType = "zfs"; }; + fileSystems."/var/realwallpaper/archive" = { + device = "tank/wallpaper"; + fsType = "zfs"; + }; + + fileSystems."/home/xanf" = { + device = "/dev/disk/by-id/wwn-0x500a07511becb076"; + fsType = "ext4"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -- cgit v1.3.1 From 41accf7ac76136c929c69679c45df2b3f6216e77 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:24:24 +0200 Subject: l shodan.r: use new luks device schema --- lass/1systems/shodan/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 39a4d9661..55e91b0e4 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -10,7 +10,7 @@ loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.lusksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; -- cgit v1.3.1 From e778f9d6f511874ae0dff55dbfa2b0694d96b06d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:26:35 +0200 Subject: l wizard.r: fix local testing --- lass/1systems/wizard/run-vm.sh | 7 +++++++ lass/1systems/wizard/test.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100755 lass/1systems/wizard/run-vm.sh diff --git a/lass/1systems/wizard/run-vm.sh b/lass/1systems/wizard/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/1systems/wizard/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix index c7a27102a..165b9f14d 100644 --- a/lass/1systems/wizard/test.nix +++ b/lass/1systems/wizard/test.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ - ./default.nix + ./config.nix ]; virtualisation.emptyDiskImages = [ 8000 -- cgit v1.3.1 From 2aa02e6f60aa10119ae0f085e6dec509616a64ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:27:31 +0200 Subject: l xerxes.r: remove the_playlist share --- lass/1systems/xerxes/config.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index e4a4fb505..6f64c6999 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -41,22 +41,6 @@ displayManager.lightdm.autoLogin.user = "lass"; }; - services.syncthing.declarative = { - folders = { - the_playlist = { - path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; - }; - }; - }; - krebs.permown = { - "/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; - }; - }; - boot.blacklistedKernelModules = [ "xpad" ]; systemd.services.xboxdrv = { wantedBy = [ "multi-user.target" ]; -- cgit v1.3.1 From 9a38ff748296af8a8ef90ae7f4212f6c6173cf4b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:27:57 +0200 Subject: l xerxes.r: activate bluetooth --- lass/1systems/xerxes/config.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 6f64c6999..8c4362865 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -77,7 +77,15 @@ }; }; - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + # config.General.Disable = "Headset"; + extraConfig = '' + [General] + Disable = Headset + ''; + }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' # load-module module-bluetooth-policy -- cgit v1.3.1 From 33a37f3d2194a7f9cfaf94e249a049a921d3f679 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:28:46 +0200 Subject: l yellow.r: use new nordvpn endpoint --- lass/1systems/yellow/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index bc3b1f5d5..d400697d7 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -172,7 +172,7 @@ with import ; client dev tun proto udp - remote 89.249.65.83 1194 + remote 185.230.127.27 1194 resolv-retry infinite remote-random nobind @@ -195,7 +195,6 @@ with import ; fast-io cipher AES-256-CBC auth SHA512 - -----BEGIN CERTIFICATE----- MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ -- cgit v1.3.1 From 2fb25e24dfefd5bfd1d6dc84550c77d1f6c22cb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:29:20 +0200 Subject: l baseX: add libarchive to pkgs --- lass/2configs/baseX.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index baf93ffe5..9eb0120c5 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -72,10 +72,11 @@ in { git-preview gnome3.dconf iodine + libarchive lm_sensors ncdu nix-index - nix-review + nixpkgs-review nmap pavucontrol ponymix -- cgit v1.3.1 From 2dcf7167e7f4c60be29ab629a1f4d3f529ceaca0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:29:38 +0200 Subject: l baseX: add -efu to screenshot script --- lass/2configs/baseX.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9eb0120c5..e92ddbcca 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -93,6 +93,8 @@ in { xsel zathura (pkgs.writeDashBin "screenshot" '' + set -efu + ${pkgs.flameshot-once}/bin/flameshot-once ${pkgs.klem}/bin/klem '') -- cgit v1.3.1 From 63412ba8b964d0782e2cbb1f48d0d5e30b5cd298 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:31:40 +0200 Subject: l blue: add dovecot2 to serve mails --- lass/2configs/blue.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index a4000cada..15408a200 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -26,6 +26,8 @@ with (import ); { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";} ]; systemd.services.chat = let @@ -64,4 +66,9 @@ with (import ); ExecStop = "${tmux} kill-session -t IM"; }; }; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; } -- cgit v1.3.1 From 5b44319083e8ae5386e181d73b1585be8ecd4a35 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:32:38 +0200 Subject: l blue-host: disable syncing --- lass/2configs/blue-host.nix | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 718a92e9c..7aabf0931 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -49,54 +49,54 @@ in { }; - systemd.services = builtins.listToAttrs (map (host: - let - in nameValuePair "sync-blue-${host}" { - bindsTo = [ "container@blue.service" ]; - wantedBy = [ "container@blue.service" ]; - # ssh needed for rsync - path = [ pkgs.openssh ]; - serviceConfig = { - Restart = "always"; - RestartSec = 10; - ExecStart = pkgs.writeDash "sync-blue-${host}" '' - set -efu - #make sure blue is running - /run/wrappers/bin/ping -c1 blue.r > /dev/null + #systemd.services = builtins.listToAttrs (map (host: + # let + # in nameValuePair "sync-blue-${host}" { + # bindsTo = [ "container@blue.service" ]; + # wantedBy = [ "container@blue.service" ]; + # # ssh needed for rsync + # path = [ pkgs.openssh ]; + # serviceConfig = { + # Restart = "always"; + # RestartSec = 10; + # ExecStart = pkgs.writeDash "sync-blue-${host}" '' + # set -efu + # #make sure blue is running + # /run/wrappers/bin/ping -c1 blue.r > /dev/null - #make sure the container is unlocked - ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + # #make sure the container is unlocked + # ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' - #make sure our target is reachable - ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + # #make sure our target is reachable + # ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null - #start sync - ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' - settings { - nodaemon = true, - inotifyMode = "CloseWrite or Modify", - } - sync { - default.rsyncssh, - source = "/var/lib/containers/.blue", - host = "${host}.r", - targetdir = "/var/lib/containers/.blue", - rsync = { - archive = true, - owner = true, - group = true, - }; - ssh = { - binary = "${pkgs.openssh}/bin/ssh"; - identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", - }, - } - ''} - ''; - }; - unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - } - ) remote_hosts); + # #start sync + # ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + # settings { + # nodaemon = true, + # inotifyMode = "CloseWrite or Modify", + # } + # sync { + # default.rsyncssh, + # source = "/var/lib/containers/.blue", + # host = "${host}.r", + # targetdir = "/var/lib/containers/.blue", + # rsync = { + # archive = true, + # owner = true, + # group = true, + # }; + # ssh = { + # binary = "${pkgs.openssh}/bin/ssh"; + # identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + # }, + # } + # ''} + # ''; + # }; + # unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + # } + #) remote_hosts); environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' -- cgit v1.3.1 From e73200db951ebd2fb891b0656f2d9c7fc76f4cc3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:33:14 +0200 Subject: l: add nix user to all systems --- lass/2configs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ae2754c96..e4996743d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -44,7 +44,15 @@ with import ; config.krebs.users.lass-yubikey.pubkey ]; }; + nix = { + isNormalUser = true; + uid = genid_uint31 "nix"; + openssh.authorizedKeys.keys = [ + config.krebs.hosts.mors.ssh.pubkey + ]; + }; }; + nix.trustedUsers = ["nix"]; } { environment.variables = { -- cgit v1.3.1 From 9bb40397b71ae61b5e6b5a282fb8efc6f37a3f51 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:33:24 +0200 Subject: l: use 24:00 time format again --- lass/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e4996743d..f59988b75 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -220,4 +220,7 @@ with import ; networking.dhcpcd.extraConfig = '' noipv4ll ''; + + # use 24:00 time format, the default got sneakily changed around 20.03 + i18n.defaultLocale = mkDefault "C.UTF-8"; } -- cgit v1.3.1 From a2f2cff1c1d7161fd040ff7083fe2016f7c9b354 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:34:10 +0200 Subject: l exim-smarthost: mail only to blue --- lass/2configs/exim-smarthost.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 82839beba..012f44a05 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -2,8 +2,6 @@ to = concatStringsSep "," [ "lass@blue.r" - "lass@xerxes.r" - "lass@mors.r" ]; mails = [ -- cgit v1.3.1 From 8564c687e5a1867d33fa5b95809f3e8f13cab150 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:34:24 +0200 Subject: l exim-smarthost: add more mail aliases --- lass/2configs/exim-smarthost.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 012f44a05..797864b15 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -108,6 +108,12 @@ "auschein@lassul.us" "tleech@lassul.us" "durstexpress@lassul.us" + "acme@lassul.us" + "antstore@lassul.us" + "openweather@lassul.us" + "lobsters@lassul.us" + "rewe@lassul.us" + "spotify@lassul.us" ]; in { -- cgit v1.3.1 From fc60a8a77794bfe608925dee51af9366fe81aa8c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:34:44 +0200 Subject: l gc: delete older than 15 days --- lass/2configs/gc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 0ddb63a03..f9c61c461 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -4,5 +4,6 @@ with import ; { nix.gc = { automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); + options = "--delete-older-than 15d"; }; } -- cgit v1.3.1 From fbbd72feab82207992b410315d0e8a8f84bfe47e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:35:01 +0200 Subject: l git: add grib2json-bin repo --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index eba68c0bc..edec2dcb4 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -58,6 +58,10 @@ let cgit.desc = "url shortener"; cgit.section = "software"; }; + grib2json-bin = { + cgit.desc = "build jar of grib2json"; + cgit.section = "deployment"; + }; krebspage = { cgit.desc = "homepage of krebs"; cgit.section = "configuration"; -- cgit v1.3.1 From 0cee1b93024ff9ca0e89687324682b69814b7107 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:35:28 +0200 Subject: l x220: use new luks device schema --- lass/2configs/hw/x220.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 89b119347..668dcdf60 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -5,7 +5,7 @@ ]; boot = { - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda3"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; extraModulePackages = [ -- cgit v1.3.1 From d450eb6c37745af467c30c1c1a83f764fdeb6ce6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:36:01 +0200 Subject: l hass: make lovelace configurable --- lass/2configs/hass/default.nix | 1 + lass/2configs/hass/rooms/bett.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index a48c61a69..66d430cd1 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -23,6 +23,7 @@ with import ./lib.nix { inherit lib; }; # extraComponents = [ "hue" ]; }; configWritable = true; + lovelaceConfigWritable = true; }; lass.hass.config = let diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index b5da9221c..16227fcb6 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -5,4 +5,35 @@ with import ../lib.nix { inherit lib; }; lass.hass.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; + + lass.hass.love = { + resources = [{ + url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + type = "js"; + }]; + views = [{ + title = "bett"; + cards = [ + { + type = "markdown"; + title = "hello world"; + content = "This is just a test"; + } + { + type = "light"; + entity = "light.${lights.bett}"; + } + { + type = "custom:light-entity-card"; + entity = "light.${lights.bett}"; + } + { + type = "history-graph"; + entities = [ + "light.${lights.bett}" + ]; + } + ]; + }]; + }; } -- cgit v1.3.1 From 519223df33e8ff4573f7ce63d32834ad73c31fe5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:36:35 +0200 Subject: l x220: disable charging threshold --- lass/2configs/hw/x220.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 668dcdf60..31f9787e0 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -47,9 +47,10 @@ services.logind.lidSwitchDocked = "ignore"; services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - STOP_CHARGE_THRESH_BAT0=95 - ''; + #services.tlp.extraConfig = '' + # START_CHARGE_THRESH_BAT0=80 + # STOP_CHARGE_THRESH_BAT0=95 + #''; + services.xserver.dpi = 80; } -- cgit v1.3.1 From 919bf188859d077887f87fca7e19c133ac72437c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:37:26 +0200 Subject: l mail: update config to reflect upstream changes --- lass/2configs/mail.nix | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 174c1ab5e..98affdd83 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -107,10 +107,12 @@ let set mailcap_path = ${mailcap} # notmuch - set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir + set folder="$HOME/Maildir" + set nm_default_uri = "notmuch://$HOME/Maildir" set nm_record = yes set nm_record_tags = "-inbox me archive" - set virtual_spoolfile=yes # enable virtual folders + set spoolfile = +Inbox + set virtual_spoolfile = yes set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail @@ -132,8 +134,8 @@ let # V ''} %r |" - virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" virtual-mailboxes "Unread" "notmuch://?query=tag:unread" + virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" virtual-mailboxes "Starred" "notmuch://?query=tag:*" @@ -200,9 +202,15 @@ let macro pager ] ,@1 'Toggle indexbar # sidebar + set sidebar_divider_char = '│' + set sidebar_delim_chars = "/" + set sidebar_short_path + set sidebar_folder_indent + set sidebar_visible = yes + set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?' set sidebar_width = 20 - set sidebar_visible = yes # set to "no" to disable sidebar view at startup - color sidebar_new yellow default + color sidebar_new yellow red + # sidebar bindings bind index sidebar-prev # got to previous folder in sidebar bind index sidebar-next # got to next folder in sidebar @@ -229,7 +237,6 @@ in { mutt pkgs.notmuch pkgs.muchsync - pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; -- cgit v1.3.1 From 7023f780542b8976e1e609e43ad2f135ffef9bb5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:37:48 +0200 Subject: l mpv: use gpu video output by default --- lass/2configs/mpv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 5d7bfed60..210551a62 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv --no-config --script=${autosub} "$@" + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" '') pkgs.mpv ]; -- cgit v1.3.1 From e998c4b789109ce6e941a4d23da28118303c32b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:38:10 +0200 Subject: l paste: add imgur api under /image --- lass/2configs/paste.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 23cab8e6e..0cf62ec0b 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -7,7 +7,17 @@ with import ; locations."/".extraConfig = '' client_max_body_size 4G; proxy_set_header Host $host; - proxy_pass http://localhost:9081; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; + ''; + locations."/image".extraConfig = /* nginx */ '' + client_max_body_size 40M; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; ''; }; services.nginx.virtualHosts."p.krebsco.de" = { @@ -19,21 +29,36 @@ with import ; return 403; } proxy_set_header Host $host; - proxy_pass http://localhost:9081; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; + ''; + locations."/image".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; ''; }; + krebs.htgen.paste = { port = 9081; script = toString [ "PATH=${makeBinPath [ pkgs.nix + pkgs.file ]}:$PATH" "STATEDIR=$HOME" ". ${pkgs.htgen}/examples/paste" ]; }; + krebs.htgen.imgur = { + port = 7771; + script = /* sh */ '' + (. ${pkgs.htgen-imgur}/bin/htgen-imgur) + ''; + }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9081"; target = "ACCEPT";} ]; } -- cgit v1.3.1 From 7919c36f5c860fbcde9fed27b0b3c374261b224d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:39:04 +0200 Subject: l radio: announce more to irc, filter .graveyard --- lass/2configs/radio.nix | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6245691fe..3e8d12381 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -12,7 +12,16 @@ let music_dir = "/home/radio/music"; add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" | grep -v '/other/' | grep '\.ogg$' | shuf -n1 | sed 's,${music_dir}/,,')" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \ + | grep -Ev '/other/|/.graveyard/' \ + | grep '\.ogg$' \ + | shuf -n1 \ + | sed 's,${music_dir}/,,' \ + )" + ''; + + get_current_track_position = pkgs.writeDash "get_current_track_position" '' + ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }' ''; skip_track = pkgs.writeBashBin "skip_track" '' @@ -28,8 +37,8 @@ let ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track" echo skipping: "$track_infos" skip_count: "$skip_count" else - mkdir -p "$music_dir"/.graveyard/ - mv "$music_dir"/"$current_track" "$music_dir"/.graveyard/ + mkdir -p "$music_dir"/the_playlist/.graveyard/ + mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/ echo killing: "$track_infos" fi ${pkgs.mpc_cli}/bin/mpc -q next @@ -62,10 +71,18 @@ let print_current_json = pkgs.writeDashBin "print_current_json" '' ${pkgs.jq}/bin/jq -n -c \ --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \ + --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \ + --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \ --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \ + --arg position "$(${get_current_track_position})" \ + --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \ --arg youtube "$(${track_youtube_link})" '{ name: $name, + artist: $artist, + title: $title, filename: $filename, + position: $position, + length: $length, youtube: $youtube }' ''; @@ -193,7 +210,7 @@ in { timeLeft () { playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + currentTime=$(${get_current_track_position}) expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -221,9 +238,11 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do + listeners=$(${pkgs.curl}/bin/curl 'http://localhost:8000/status-json.xsl' \ + | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add') echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${write_to_irc} "playing: $track" + ${write_to_irc} "playing: $track listeners: $listeners" done ''; in { -- cgit v1.3.1 From aaefc7edd2157dd1985052a972c2816bd21ba779 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:39:23 +0200 Subject: l steam: add Halo MCC fix --- lass/2configs/steam.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index eae31aec4..2b9811959 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -13,7 +13,11 @@ nixpkgs.config.steam.java = true; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - users.users.games.packages = [ pkgs.steam ]; + users.users.games.packages = [ (pkgs.steam.override { + extraPkgs = p: with p; [ + gnutls # needed for Halo MCC + ]; + }) ]; #ports for inhome streaming krebs.iptables = { -- cgit v1.3.1 From 9463cb64457bf4648ebfccc3f133d73843ae2046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:39:47 +0200 Subject: l syncthing: keepGoing with permown --- lass/2configs/syncthing.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 5397c2ca6..7758b860d 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -31,5 +31,6 @@ in { owner = "lass"; group = "syncthing"; umask = "0002"; + keepGoing = true; }; } -- cgit v1.3.1 From f76b72358dabd94c1e17a415e7e13cb8ecba2438 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:40:10 +0200 Subject: l domsen: apanowicz.de is now a static site --- lass/2configs/websites/domsen.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index bd113567f..48ea5f0a2 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,6 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "aldonasiech.com" "www.aldonasiech.com" ]) + (servePage [ "apanowicz.de" "www.apanowicz.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "freemonkey.art" @@ -34,7 +35,6 @@ in { (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" - "apanowicz.de" "nirwanabluete.de" "ubikmedia.eu" "youthtube.xyz" @@ -42,7 +42,6 @@ in { "weirdwednesday.de" "jarugadesign.de" - "www.apanowicz.de" "www.nirwanabluete.de" "www.ubikmedia.eu" "www.youthtube.xyz" @@ -52,7 +51,6 @@ in { "www.jarugadesign.de" "aldona2.ubikmedia.de" - "apanowicz.ubikmedia.de" "cinevita.ubikmedia.de" "factscloud.ubikmedia.de" "illucloud.ubikmedia.de" -- cgit v1.3.1 From c361849c38cc1bfb86536043c9554bdc75953508 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:40:34 +0200 Subject: l domsen: add legacy ssl certs for legacy devices --- lass/2configs/websites/domsen.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 48ea5f0a2..8cd489bd5 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -105,6 +105,10 @@ in { # MAIL STUFF # TODO: make into its own module + + # workaround for android 7 + security.acme.certs."lassul.us".keyType = "rsa4096"; + services.dovecot2 = { enable = true; mailLocation = "maildir:~/Mail"; -- cgit v1.3.1 From bdc1cb2f02e61810e3e5ccd674cecb91d50c8e80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:40:52 +0200 Subject: l domsen: use nextcloud 18 --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 8cd489bd5..2d2ba79be 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -91,6 +91,7 @@ in { services.nextcloud = { enable = true; hostName = "o.xanf.org"; + package = pkgs.nextcloud18; config = { adminpassFile = toString + "/nextcloud_pw"; overwriteProtocol = "https"; -- cgit v1.3.1 From e1251ee299af6b00dc81a76560d4810cd0a6126c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:41:35 +0200 Subject: l domsen: update mail aliases --- lass/2configs/websites/domsen.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2d2ba79be..a177a0228 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -134,18 +134,16 @@ in { server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "dma@ubikmedia.de"; to = "domsen"; } { from = "dma@ubikmedia.eu"; to = "domsen"; } { from = "mail@habsys.de"; to = "domsen"; } { from = "mail@habsys.eu"; to = "domsen"; } + { from = "hallo@apanowicz.de"; to = "domsen"; } { from = "bruno@apanowicz.de"; to = "bruno"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } - { from = "akayguen@freemonkey.art"; to ="akayguen"; } - { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "hallo@jarugadesign.de"; to ="kasia"; } @@ -156,9 +154,14 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "apanowicz.de" "alewis.de" "jarugadesign.de" ]; + dkim = [ + { domain = "ubikmedia.eu"; } + { domain = "apanowicz.de"; } + ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; -- cgit v1.3.1 From 687ae7ca86bad6648ef53bf8ef5c6f335ad88037 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:42:33 +0200 Subject: l init: update with local tests, sgdisk, etc.. --- lass/2configs/websites/lassulus.nix | 2 +- lass/5pkgs/init/default.nix | 45 +++++++++++-------------------------- lass/5pkgs/init/run-vm.sh | 7 ++++++ lass/5pkgs/init/test.nix | 13 +++++++++++ lass/5pkgs/init/test.sh | 11 +++++++++ 5 files changed, 45 insertions(+), 33 deletions(-) create mode 100755 lass/5pkgs/init/run-vm.sh create mode 100644 lass/5pkgs/init/test.nix create mode 100755 lass/5pkgs/init/test.sh diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index baeac213b..5a45f03ef 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -61,7 +61,7 @@ in { pubkey = config.krebs.users.lass.pubkey; }; in '' - alias ${initscript}; + alias ${initscript}/bin/init; ''; locations."= /blue.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index cbcfe2c00..ee49951b1 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -2,10 +2,10 @@ with lib; -pkgs.writeScript "init" '' +pkgs.writeScriptBin "init" '' #!/usr/bin/env nix-shell - #! nix-shell -i bash -p jq parted libxfs - set -efu + #! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs + set -xefuo pipefail disk=$1 @@ -14,12 +14,12 @@ pkgs.writeScript "init" '' exit 2 fi + bootdev="$disk"2 luksdev="$disk"3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} - bootdev=/dev/sda2 rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home @@ -35,15 +35,13 @@ pkgs.writeScript "init" '' # dd if=/dev/zero bs=512 count=34 of=/dev/sda # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted -s -a optimal "$disk" \ - mklabel gpt \ - mkpart no-fs 0 1024KiB \ - set 1 bios_grub on \ - mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - mkpart primary 1025MiB 100% + sgdisk -og "$disk" + sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk" + sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk" + sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk" fi - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then echo zonk2 exit 23 fi @@ -58,7 +56,6 @@ pkgs.writeScript "init" '' if ! test -e "$luksmap"; then echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then pvcreate "$luksmap" @@ -68,11 +65,7 @@ pkgs.writeScript "init" '' lvchange -a y /dev/mapper/"$vgname" - if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi - - # lvchange -a n "$vgname" - + if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi # # formatting @@ -82,35 +75,23 @@ pkgs.writeScript "init" '' mkfs.vfat "$bootdev" fi - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then mkfs.xfs "$rootdev" fi - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.xfs "$homedev" - fi - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mkdir -p /mnt mount "$rootdev" /mnt fi if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then mkdir -m 0000 -p /mnt/boot mount "$bootdev" /mnt/boot fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - - # umount -R /mnt # # dependencies for stockholm # - nix-env -iA nixos.git - # TODO: get sentinal file from target_path mkdir -p /mnt/var/src touch /mnt/var/src/.populate @@ -119,7 +100,7 @@ pkgs.writeScript "init" '' # print all the infos # - parted "$disk" print + gdisk -l "$disk" lsblk "$disk" echo READY. diff --git a/lass/5pkgs/init/run-vm.sh b/lass/5pkgs/init/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/5pkgs/init/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/5pkgs/init/test.nix b/lass/5pkgs/init/test.nix new file mode 100644 index 000000000..e76e7e009 --- /dev/null +++ b/lass/5pkgs/init/test.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + virtualisation.emptyDiskImages = [ + 8000 + ]; + virtualisation.memorySize = 1500; + boot.tmpOnTmpfs = true; + + environment.systemPackages = [ + (pkgs.callPackage ./default.nix {}) + ]; + services.mingetty.autologinUser = lib.mkForce "root"; +} diff --git a/lass/5pkgs/init/test.sh b/lass/5pkgs/init/test.sh new file mode 100755 index 000000000..0ceaa73ca --- /dev/null +++ b/lass/5pkgs/init/test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -xefu + +WD=$(realpath $(dirname "$0")) +TMPDIR=$(mktemp -d) +cd "$TMPDIR" +nixos-generate -c "$WD"/test.nix -f vm-nogui --run "$@" +cd - +rm -r "$TMPDIR" -- cgit v1.3.1 From e870fd3ef82c06ad620ebff4ead8e7be9fb4a6c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:43:33 +0200 Subject: l websites: serve yubi pubkey --- lass/2configs/websites/lassulus.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 5a45f03ef..74585a6f8 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -69,6 +69,9 @@ in { locations."= /mors.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; + locations."= /yubi.pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { -- cgit v1.3.1 From 3eafd0943b9c473e4900fc9cec98392a228ced18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:44:07 +0200 Subject: l wine: minimize footprint --- lass/2configs/wine.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 02d7ffc8c..5cb019c13 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,7 @@ in { ]; createHome = true; packages = [ - pkgs.wine - pkgs.winetricks + pkgs.wineMinimal ]; }; }; -- cgit v1.3.1 From b1d3ce19c4d89a8a8cc940346b90ae8626c494ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:44:29 +0200 Subject: l zsh: fix weird multiline errors --- lass/2configs/zsh.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 05964eb51..e65cdd97d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -122,14 +122,15 @@ case $TERM in (*xterm* | *rxvt*) function precmd { - PROMPT_EVALED="$(print -P $TITLE)" + PROMPT_EVALED=$(print -P "$TITLE") echo -ne "\033]0;$$ $PROMPT_EVALED\007" } - # This is seen while the shell waits for a command to complete. - function preexec { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" - } + # This seems broken for some reason + # # This is seen while the shell waits for a command to complete. + # function preexec { + # PROMPT_EVALED=$(print -P "$TITLE") + # echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + # } ;; esac ''; -- cgit v1.3.1 From 570ba85941e0d8756b8b000df74fbda69590699b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:45:17 +0200 Subject: l xmonad: use different float tactics, remove old junk --- lass/5pkgs/custom/xmonad-lass/default.nix | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index e6d4b0664..5a741353d 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -19,6 +19,8 @@ import System.Environment (getArgs, lookupEnv) import System.Exit (exitFailure) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) +import Data.Ratio + import XMonad.Actions.CopyWindow (copy, copyToAll, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) @@ -29,14 +31,17 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) +import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>)) +import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Layout.Grid (Grid(..)) import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) +import XMonad.ManageHook (composeAll) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) @@ -76,7 +81,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = floatHooks <+> floatNextHook + , manageHook = floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -88,14 +93,17 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile) - -floatHooks :: Query (Endo WindowSet) -floatHooks = composeOne - [ className =? "Pinentry" -?> doCenterFloat - , title =? "fzfmenu" -?> doCenterFloat - , title =? "glxgears" -?> doCenterFloat - , resource =? "Dialog" -?> doFloat + defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) + +floatHooks = composeAll + [ className =? "Pinentry" --> doCenterFloat + , title =? "fzfmenu" --> doCenterFloat + , title =? "glxgears" --> doCenterFloat + , resource =? "Dialog" --> doFloat + , title =? "Upload to Imgur" --> + doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8)) + , placeHook (smart (1,0)) + , floatNextHook ] myKeyMap :: [([Char], X ())] @@ -105,7 +113,6 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-S-p", spawn "${pkgs.otpmenu}/bin/otpmenu") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") - , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") -- cgit v1.3.1 From 9b5c11239956ff5cd7a24fe1ef32cd49a3aa8d26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:45:41 +0200 Subject: l emot-menu: clearmodifiers when typing --- lass/5pkgs/emot-menu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix index 440e160d0..3ce635dac 100644 --- a/lass/5pkgs/emot-menu/default.nix +++ b/lass/5pkgs/emot-menu/default.nix @@ -29,6 +29,6 @@ writeDashBin "emoticons" '' data=$(${coreutils}/bin/cat ${emoticons}) emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') - ${xdotool}/bin/xdotool type -- "$emoticon" + ${xdotool}/bin/xdotool type --clearmodifiers -- "$emoticon" exit 0 '' -- cgit v1.3.1 From 22d52b8ed4faf55be5d37790e9f84b24fdec80eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2020 15:58:38 +0200 Subject: l hass: add love option --- lass/3modules/hass.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix index 30158e78a..96521aaa9 100644 --- a/lass/3modules/hass.nix +++ b/lass/3modules/hass.nix @@ -22,6 +22,22 @@ in { }; in valueType; }; + love = mkOption { + default = {}; + type = with lib.types; let + valueType = nullOr (oneOf [ + bool + int + float + str + (attrsOf valueType) + (listOf valueType) + ]) // { + description = "Yaml value"; + emptyValue.value = {}; + }; + in valueType; + }; }; config = @@ -29,6 +45,7 @@ in { mkIf (cfg.config != {}) { services.home-assistant.config = cfg.config; + # services.home-assistant.lovelaceConfig = cfg.love; }; } -- cgit v1.3.1 From 0cbb18c16e17e220ec3a7d9a44da8f22f083dd48 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 01:23:07 +0200 Subject: tv th-env: init at 1.0.0 --- tv/5pkgs/haskell/th-env/default.nix | 10 ++++++++ tv/5pkgs/haskell/th-env/src/THEnv.hs | 49 ++++++++++++++++++++++++++++++++++++ tv/5pkgs/haskell/th-env/th-env.cabal | 20 +++++++++++++++ 3 files changed, 79 insertions(+) create mode 100644 tv/5pkgs/haskell/th-env/default.nix create mode 100644 tv/5pkgs/haskell/th-env/src/THEnv.hs create mode 100644 tv/5pkgs/haskell/th-env/th-env.cabal diff --git a/tv/5pkgs/haskell/th-env/default.nix b/tv/5pkgs/haskell/th-env/default.nix new file mode 100644 index 000000000..474a63b85 --- /dev/null +++ b/tv/5pkgs/haskell/th-env/default.nix @@ -0,0 +1,10 @@ +{ mkDerivation, base, stdenv, template-haskell, text }: +mkDerivation { + pname = "th-env"; + version = "1.0.0"; + src = ./.; + libraryHaskellDepends = [ base template-haskell text ]; + homepage = "https://stackoverflow.com/q/57635686"; + license = "unknown"; + hydraPlatforms = stdenv.lib.platforms.none; +} diff --git a/tv/5pkgs/haskell/th-env/src/THEnv.hs b/tv/5pkgs/haskell/th-env/src/THEnv.hs new file mode 100644 index 000000000..b04f2ce0b --- /dev/null +++ b/tv/5pkgs/haskell/th-env/src/THEnv.hs @@ -0,0 +1,49 @@ +{-# LANGUAGE TemplateHaskell #-} +module THEnv + ( + -- * Compile-time configuration + lookupCompileEnv + , lookupCompileEnvExp + , getCompileEnv + , getCompileEnvExp + , fileAsString + ) where + +import Control.Monad +import qualified Data.Text as T +import qualified Data.Text.IO as T +import Language.Haskell.TH +import Language.Haskell.TH.Syntax (Lift(..)) +import System.Environment (getEnvironment) + +-- Functions that work with compile-time configuration + +-- | Looks up a compile-time environment variable. +lookupCompileEnv :: String -> Q (Maybe String) +lookupCompileEnv key = lookup key `liftM` runIO getEnvironment + +-- | Looks up a compile-time environment variable. The result is a TH +-- expression of type @Maybe String@. +lookupCompileEnvExp :: String -> Q Exp +lookupCompileEnvExp = (`sigE` [t| Maybe String |]) . lift <=< lookupCompileEnv + -- We need to explicly type the result so that things like `print Nothing` + -- work. + +-- | Looks up an compile-time environment variable and fail, if it's not +-- present. +getCompileEnv :: String -> Q String +getCompileEnv key = + lookupCompileEnv key >>= + maybe (fail $ "Environment variable " ++ key ++ " not defined") return + +-- | Looks up an compile-time environment variable and fail, if it's not +-- present. The result is a TH expression of type @String@. +getCompileEnvExp :: String -> Q Exp +getCompileEnvExp = lift <=< getCompileEnv + +-- | Loads the content of a file as a string constant expression. +-- The given path is relative to the source directory. +fileAsString :: FilePath -> Q Exp +fileAsString = do + -- addDependentFile path -- works only with template-haskell >= 2.7 + stringE . T.unpack . T.strip <=< runIO . T.readFile diff --git a/tv/5pkgs/haskell/th-env/th-env.cabal b/tv/5pkgs/haskell/th-env/th-env.cabal new file mode 100644 index 000000000..b9a2cff39 --- /dev/null +++ b/tv/5pkgs/haskell/th-env/th-env.cabal @@ -0,0 +1,20 @@ +name: th-env +version: 1.0.0 +-- license: https://creativecommons.org/licenses/by-sa/4.0/ +license: OtherLicense +author: https://stackoverflow.com/users/9348482 +homepage: https://stackoverflow.com/q/57635686 +maintainer: tv +build-type: Simple +cabal-version: >=1.10 + +library + hs-source-dirs: src + build-depends: + base, + template-haskell, + text + exposed-modules: + THEnv + default-language: Haskell2010 + ghc-options: -O2 -Wall -- cgit v1.3.1 From 291bc460d522b2e2c785ec3c3b71a80f22b67853 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 03:23:18 +0200 Subject: tv xmonad: read screen/font width from build env --- tv/2configs/xserver/default.nix | 8 +++++++- tv/5pkgs/haskell/xmonad-tv/default.nix | 9 +++++---- tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs | 18 ++++++++++++++++++ tv/5pkgs/haskell/xmonad-tv/src/main.hs | 21 ++++++++++++++++++--- tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal | 7 ++++++- 5 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 4e9e30741..256604a4c 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -6,6 +6,12 @@ let configDir = "/var/empty"; dataDir = "/run/xdg/${cfg.user.name}/xmonad"; user = config.krebs.build.user; + xmonad.pkg = pkgs.haskellPackages.xmonad-tv.overrideAttrs (_: { + XMONAD_BUILD_SCREEN_WIDTH = 1366; + XMONAD_BUILD_TERM_FONT_WIDTH = 6; + XMONAD_BUILD_TERM_FONT = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + XMONAD_BUILD_TERM_PADDING = 2; + }); }; in { @@ -51,7 +57,7 @@ in { systemd.services.display-manager.enable = false; systemd.services.xmonad = let - xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad"; + xmonad = "${cfg.xmonad.pkg}/bin/xmonad"; xmonad-start = pkgs.writeDash "xmonad-start" '' ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CACHE_DIR" ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CONFIG_DIR" diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix index 42eb13d41..36dffaa13 100644 --- a/tv/5pkgs/haskell/xmonad-tv/default.nix +++ b/tv/5pkgs/haskell/xmonad-tv/default.nix @@ -1,5 +1,6 @@ -{ mkDerivation, base, containers, directory, extra, stdenv, unix -, X11, xmonad, xmonad-contrib, xmonad-stockholm +{ mkDerivation, aeson, base, bytestring, containers, directory +, extra, stdenv, template-haskell, th-env, unix, X11, xmonad +, xmonad-contrib, xmonad-stockholm }: mkDerivation { pname = "xmonad-tv"; @@ -8,8 +9,8 @@ mkDerivation { isLibrary = false; isExecutable = true; executableHaskellDepends = [ - base containers directory extra unix X11 xmonad xmonad-contrib - xmonad-stockholm + aeson base bytestring containers directory extra template-haskell + th-env unix X11 xmonad xmonad-contrib xmonad-stockholm ]; license = stdenv.lib.licenses.mit; } diff --git a/tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs b/tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs new file mode 100644 index 000000000..2a3a0e523 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs @@ -0,0 +1,18 @@ +{-# LANGUAGE ScopedTypeVariables #-} + +module THEnv.JSON where + +import Data.Aeson (eitherDecode,FromJSON) +import Data.ByteString.Lazy.Char8 (pack) +import Language.Haskell.TH.Syntax (Exp,Lift(lift),Q) +import THEnv (getCompileEnv) +import Control.Monad + +getCompileEnvJSON :: (FromJSON a) => String -> Q a +getCompileEnvJSON name = + either error (id :: a -> a) . eitherDecode . pack <$> getCompileEnv name + +getCompileEnvJSONExp :: + forall proxy a. (FromJSON a, Lift a) => proxy a -> String -> Q Exp +getCompileEnvJSONExp _ = + (lift :: a -> Q Exp) <=< getCompileEnvJSON diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index c83b411bd..b8ddd27e8 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -1,4 +1,6 @@ {-# LANGUAGE LambdaCase #-} +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE TypeApplications #-} module Main (main) where @@ -32,10 +34,23 @@ import XMonad.Stockholm.Pager import XMonad.Stockholm.Shutdown import qualified Paths +import THEnv.JSON (getCompileEnvJSONExp) + myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" +myScreenWidth :: Dimension +myScreenWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH") + +myTermFontWidth :: Dimension +myTermFontWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH") + +myTermPadding :: Dimension +myTermPadding = 2 + main :: IO () main = getArgs >>= \case @@ -46,7 +61,6 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do - let width = 1366 workspaces0 <- getWorkspaces0 handleShutdownEvent <- newShutdownEventHandler launch @@ -60,8 +74,9 @@ mainNoArgs = do smartBorders $ ResizableTall 1 - (10 * 6 / width) - ((80 * 6 + 2 * (1+1+1))/width) [] + (fromIntegral (10 * myTermFontWidth) / fromIntegral myScreenWidth) + (fromIntegral (80 * myTermFontWidth + 2 * (myTermPadding + borderWidth def)) / fromIntegral myScreenWidth) + [] ||| Full , manageHook = diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal index f10bc4aeb..d07e2b159 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -9,10 +9,14 @@ cabal-version: >=1.10 executable xmonad main-is: main.hs build-depends: + aeson, base, + bytestring, containers, directory, extra, + template-haskell, + th-env, unix, X11, xmonad, @@ -20,6 +24,7 @@ executable xmonad xmonad-stockholm other-modules: Helpers.Path, - Paths + Paths, + THEnv.JSON default-language: Haskell2010 ghc-options: -O2 -Wall -threaded -- cgit v1.3.1 From 9a63bb8769217a0240d00c226735f3bca95dbdee Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 03:34:32 +0200 Subject: tv xserver: reconfigure xmonad for au --- tv/2configs/xserver/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 256604a4c..032df5d90 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -7,6 +7,13 @@ let dataDir = "/run/xdg/${cfg.user.name}/xmonad"; user = config.krebs.build.user; xmonad.pkg = pkgs.haskellPackages.xmonad-tv.overrideAttrs (_: { + au = { + XMONAD_BUILD_SCREEN_WIDTH = 1920; + XMONAD_BUILD_TERM_FONT_WIDTH = 10; + XMONAD_BUILD_TERM_FONT = "xft:Input Mono:size=12:style=Regular"; + XMONAD_BUILD_TERM_PADDING = 2; + }; + }.${config.krebs.build.host.name} or { XMONAD_BUILD_SCREEN_WIDTH = 1366; XMONAD_BUILD_TERM_FONT_WIDTH = 6; XMONAD_BUILD_TERM_FONT = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; -- cgit v1.3.1 From 2b63e26a2cdbce8438f3df5931a536569502a5bc Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 03:45:00 +0200 Subject: tv viljetic-pages: add favicon.ico --- tv/5pkgs/simple/viljetic-pages/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/5pkgs/simple/viljetic-pages/default.nix b/tv/5pkgs/simple/viljetic-pages/default.nix index 1ae55cca7..ee07c9277 100644 --- a/tv/5pkgs/simple/viljetic-pages/default.nix +++ b/tv/5pkgs/simple/viljetic-pages/default.nix @@ -11,6 +11,7 @@ stdenv.mkDerivation { installPhase = '' mkdir -p $out cp ${./index.html} $out/index.html + convert ${./logo.xpm} $out/favicon.ico convert ${./logo.xpm} $out/favicon2.png ''; } -- cgit v1.3.1 From 0d09e8aa03119ad7775ffc485abe48004d05d0eb Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 03:46:55 +0200 Subject: tv vim nix: fix trigger for js --- tv/5pkgs/vim/nix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index 4f3f83aaa..52c465dca 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -133,7 +133,7 @@ with import ; (writer "Jq") (writerExt "jq") ]; - javascript.extraStart = comment "jq"; + javascript.extraStart = comment "js"; lua = {}; #nginx = {}; python.extraStart = alts [ -- cgit v1.3.1 From 7921b70b11acb0cbe3c820f61c572bedf9434a5f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 03:47:58 +0200 Subject: tv vim nix: recognize markdown by extension --- tv/5pkgs/vim/nix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index 52c465dca..c121d815f 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -135,6 +135,7 @@ with import ; ]; javascript.extraStart = comment "js"; lua = {}; + markdown.extraStart = writerExt "md"; #nginx = {}; python.extraStart = alts [ (comment "py") -- cgit v1.3.1 From 58eb3302b0423347433d72248f90912f60b580bd Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 04:07:25 +0200 Subject: tv: make default kernel easily overridable --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 9db35184a..9132773ca 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,7 +1,7 @@ with import ; { config, pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = mkDefault pkgs.linuxPackages_latest; boot.tmpOnTmpfs = true; -- cgit v1.3.1 From 74a65a60eadb6990d6cd6bcb06767f1f40e89f52 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 04:09:45 +0200 Subject: tv: cleanup stale shell aliases --- tv/2configs/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 9132773ca..2d813fe32 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -68,18 +68,13 @@ with import ; ]; environment.shellAliases = mkForce { - # alias cal='cal -m3' gp = "${pkgs.pari}/bin/gp -q"; df = "df -h"; du = "du -h"; - # alias grep='grep --color=auto' # TODO alias cannot contain #\' # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep"; - # alias la='ls -lA' - lAtr = "ls -lAtr"; - # alias ll='ls -l' ls = "ls -h --color=auto --group-directories-first"; dmesg = "dmesg -L --reltime"; view = "vim -R"; -- cgit v1.3.1 From dac9dba691cb35300ee62199f5bf7b8975f62a1d Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 12:17:08 +0200 Subject: tv ppp: remove default config --- tv/2configs/ppp.nix | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 9cc7568a5..02227343c 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,32 +1,2 @@ { pkgs, ... }: { - - # usage: pppd call default - - environment.etc."ppp/peers/default".text = '' - /dev/ttyACM2 - 921600 - crtscts - defaultroute - holdoff 10 - lock - maxfail 0 - noauth - nodetach - noipdefault - passive - persist - usepeerdns - connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" '' - ABORT "BUSY" - ABORT "NO CARRIER" - REPORT CONNECT - "" "ATDT*99#" - CONNECT - ''}" - ''; - - environment.systemPackages = [ - pkgs.ppp - ]; - } -- cgit v1.3.1 From 3c9945364c294ab65c62c01447d00ebc980558bc Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 12:19:13 +0200 Subject: tv ppp: add o2 config --- tv/2configs/ppp.nix | 34 +++++++++++++++++++++++++++++++++- tv/dummy_secrets/o2.pin | 1 + 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 tv/dummy_secrets/o2.pin diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 02227343c..ecb17c3f8 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,2 +1,34 @@ -{ pkgs, ... }: { +{ pkgs, ... }: let + lib = import ; + cfg = { + pin = "@${toString }"; + ttys.ppp = "/dev/ttyACM0"; + }; +in { + environment.etc."ppp/peers/o2".text = /* sh */ '' + ${cfg.ttys.ppp} + 921600 + crtscts + defaultroute + holdoff 10 + lock + maxfail 0 + noauth + nodetach + noipdefault + passive + persist + usepeerdns + connect "${pkgs.ppp}/bin/chat ''${DEBUG+-v} -Ss -f ${pkgs.writeText "o2.chat" /* sh */ '' + ABORT "BUSY" + ABORT "NO CARRIER" + REPORT CONNECT + "*EMRDY: 1" + ATZ OK + AT+CFUN=1 OK + ${cfg.pin} TIMEOUT 2 ERROR-AT-OK + AT+CGDCONT=1,\042IP\042,\042internet\042 OK + ATDT*99***1# CONNECT + ''}" + ''; } diff --git a/tv/dummy_secrets/o2.pin b/tv/dummy_secrets/o2.pin new file mode 100644 index 000000000..53a3137cd --- /dev/null +++ b/tv/dummy_secrets/o2.pin @@ -0,0 +1 @@ +AT -- cgit v1.3.1 From 64a9aeed2298295d204efd05b321dea271ecdb2a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 12:22:04 +0200 Subject: tv ppp: add connect script --- tv/2configs/ppp.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index ecb17c3f8..0c74e1642 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -31,4 +31,30 @@ in { ATDT*99***1# CONNECT ''}" ''; + users.users.root.packages = [ + (pkgs.writeDashBin "connect" '' + # usage: + # connect wlan + # connect wwan [PEERNAME] + set -efu + rfkill_wlan=/sys/class/rfkill/rfkill2 + rfkill_wwan=/sys/class/rfkill/rfkill1 + case $1 in + wlan) + ${pkgs.procps}/bin/pkill pppd || : + echo 0 > "$rfkill_wwan"/state + echo 1 > "$rfkill_wlan"/state + ;; + wwan) + name=''${2-o2} + echo 0 > "$rfkill_wlan"/state + echo 1 > "$rfkill_wwan"/state + ${pkgs.ppp}/bin/pppd call "$name" updetach + ;; + *) + echo "$0: error: bad arguments: $*" >&2 + exit 1 + esac + '') + ]; } -- cgit v1.3.1 From 3f6a68eab4b49f16daf8373ee5d99b8ffd55a119 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 12:22:44 +0200 Subject: tv ppp: add modem-send script --- tv/2configs/ppp.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 0c74e1642..8c1dc65bc 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -3,6 +3,7 @@ cfg = { pin = "@${toString }"; ttys.ppp = "/dev/ttyACM0"; + ttys.com = "/dev/ttyACM1"; }; in { environment.etc."ppp/peers/o2".text = /* sh */ '' @@ -56,5 +57,16 @@ in { exit 1 esac '') + (pkgs.writeDashBin "modem-send" '' + # usage: modem-send ATCOMMAND + set -efu + tty=${lib.shell.escape cfg.ttys.com} + exec <"$tty" + printf '%s\r\n' "$1" >"$tty" + ${pkgs.gnused}/bin/sed -E ' + /^OK\r?$/q + /^ERROR\r?$/q + ' + '') ]; } -- cgit v1.3.1 From 885e7857c0f3ac7dc7d73ceb6db6de9924f9b570 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 12:24:25 +0200 Subject: tv ppp: reconfigure resolv.conf --- tv/2configs/ppp.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 8c1dc65bc..ff61f943f 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: let +{ config, pkgs, ... }: let lib = import ; cfg = { pin = "@${toString }"; @@ -6,6 +6,18 @@ ttys.com = "/dev/ttyACM1"; }; in { + assertions = [ + { + assertion = config.networking.resolvconf.enable; + message = "ppp configuration needs resolvconf"; + } + ]; + environment.etc."ppp/ip-up".source = pkgs.writeDash "ppp.ip-up" '' + ${pkgs.openresolv}/bin/resolvconf -a "$IFNAME" < /etc/ppp/resolv.conf + ''; + environment.etc."ppp/ip-down".source = pkgs.writeDash "ppp.ip-down" '' + ${pkgs.openresolv}/bin/resolvconf -fd "$IFNAME" + ''; environment.etc."ppp/peers/o2".text = /* sh */ '' ${cfg.ttys.ppp} 921600 -- cgit v1.3.1 From 654f64f05935a69607a540f2e8d15619cee9e15e Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 13:04:58 +0200 Subject: tv au: add ppp --- tv/1systems/au/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/1systems/au/config.nix b/tv/1systems/au/config.nix index fc4b216f5..3891b7570 100644 --- a/tv/1systems/au/config.nix +++ b/tv/1systems/au/config.nix @@ -3,6 +3,7 @@ ./disks.nix + ]; -- cgit v1.3.1 From 132549cded87755018df77b9c18e68d083cee4ca Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 3 Oct 2020 14:12:04 +0200 Subject: tv override: customize input-fonts --- tv/5pkgs/override/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 99c1b3ec9..789a3cfe8 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,5 +1,15 @@ with import ; self: super: { + input-fonts = super.input-fonts.overrideAttrs (old: rec { + src = self.fetchurl { + url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; + sha256 = "1vvipqcflz4ximy7xpqy9idrdpq3a0c490hp5137r2dq03h865y0"; + }; + outputHash = null; + outputHashAlgo = null; + outputHashMode = null; + }); + rxvt_unicode = self.callPackage ./rxvt_unicode.nix { rxvt_unicode = super.rxvt_unicode; }; -- cgit v1.3.1 From 504cba92f8c2104e819891b5e908259fc9091ae6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 5 Oct 2020 23:43:49 +0200 Subject: nixpkgs: 4267405 -> b4db68f --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 363d68583..7795004c5 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "42674051d12540d4a996504990c6ea3619505953", - "date": "2020-09-06T21:21:08-04:00", - "sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy", + "rev": "b4db68ff563895eea6aab4ff24fa04ef403dfe14", + "date": "2020-09-30T16:23:41+02:00", + "sha256": "1qbs7p0mmcmpg70ibd437hl57byqx5q0pc61p1dckrkazj7kq0pc", "fetchSubmodules": false } -- cgit v1.3.1 From 5a8aa6b8439fae020cdb917a0f69753d29bdf542 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 6 Oct 2020 15:48:36 +0200 Subject: nixpkgs-unstable: c59ea8b -> 84d74ae --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 35e74c3b1..69a074e3f 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38", - "date": "2020-08-20T19:08:02+02:00", - "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v", + "rev": "84d74ae9c9cbed73274b8e4e00be14688ffc93fe", + "date": "2020-09-26T18:54:09-07:00", + "sha256": "0ww70kl08rpcsxb9xdx8m48vz41dpss4hh3vvsmswll35l158x0v", "fetchSubmodules": false } -- cgit v1.3.1 From 7dfc0f431f2bd87fa4656e1940e6330172d81720 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Oct 2020 12:18:59 +0200 Subject: krebs.secret: add directory and file options --- krebs/3modules/secret.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 67454d1f7..978939f69 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -3,6 +3,14 @@ with import ; cfg = config.krebs.secret; in { options.krebs.secret = { + directory = mkOption { + default = toString ; + type = types.absolute-pathname; + }; + file = mkOption { + default = relpath: "${cfg.directory}/${relpath}"; + readOnly = true; + }; files = mkOption { type = with types; attrsOf secret-file; default = {}; -- cgit v1.3.1 From 2d3130e87095694be52962a8db0b7432b5661684 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Oct 2020 13:02:09 +0200 Subject: tv * ssh.privkey.path: use krebs.secret.file --- krebs/3modules/tv/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index c86fda05d..6a09cc834 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -52,7 +52,7 @@ in { ''; }; }; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa"; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; au = { @@ -79,7 +79,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; mu = { @@ -103,7 +103,7 @@ in { ''; }; }; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu"; }; ni = { @@ -177,7 +177,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; wu = { @@ -203,7 +203,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; querel = { @@ -262,7 +262,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; zu = { -- cgit v1.3.1 From f5133d7c26f467fa8fa43aa6665fbb678decf25d Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Oct 2020 13:18:34 +0200 Subject: tv rxvt-unicode-256color-terminfo: init --- .../simple/rxvt-unicode-256color-terminfo/default.nix | 16 ++++++++++++++++ .../rxvt-unicode-256color.terminfo | Bin 0 -> 2239 bytes 2 files changed, 16 insertions(+) create mode 100644 tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix create mode 100644 tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo diff --git a/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix new file mode 100644 index 000000000..d2f6f46b2 --- /dev/null +++ b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix @@ -0,0 +1,16 @@ +# This package is mainly intended for cross-built systems for which we cannot +# or don't want to build pkgs.rxvt_unicode for some reason. +# +# ${./rxvt-unicode-256color.terminfo} was copied from a previously built +# /run/current-system/sw/share/terminfo/r/rxvt-unicode-256color +{ runCommand }: + +runCommand "rxvt-unicode-256color-terminfo" {} /* sh */ '' + mkdir -p $out/nix-support + mkdir -p $out/share/terminfo/r + + ln -s ${./rxvt-unicode-256color.terminfo} \ + $out/share/terminfo/r/rxvt-unicode-256color + + echo "$out" >> $out/nix-support/propagated-user-env-packages +'' diff --git a/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo new file mode 100644 index 000000000..3f43d0d56 Binary files /dev/null and b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo differ -- cgit v1.3.1 From a0110673120e5f72582ea02b7bc6d360a108f38d Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Oct 2020 14:22:40 +0200 Subject: tv rpiPackages: init --- tv/5pkgs/rpi/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 tv/5pkgs/rpi/default.nix diff --git a/tv/5pkgs/rpi/default.nix b/tv/5pkgs/rpi/default.nix new file mode 100644 index 000000000..f0ac47f6a --- /dev/null +++ b/tv/5pkgs/rpi/default.nix @@ -0,0 +1,9 @@ +let + lib = import ; +in + +self: super: + +{ + rpiPackages = lib.mapNixDir (path: self.callPackage path {}) ./.; +} -- cgit v1.3.1 From 9ed980f603c3afce53b577726a3f6af2a9bbed75 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Oct 2020 13:47:46 +0200 Subject: tv rpiPacakges.WiringPi: init at 2020-09-14 --- tv/5pkgs/rpi/WiringPi/default.nix | 61 +++++++++++++++++++++++++++++++++++++++ tv/5pkgs/rpi/WiringPi/src.json | 6 ++++ 2 files changed, 67 insertions(+) create mode 100644 tv/5pkgs/rpi/WiringPi/default.nix create mode 100644 tv/5pkgs/rpi/WiringPi/src.json diff --git a/tv/5pkgs/rpi/WiringPi/default.nix b/tv/5pkgs/rpi/WiringPi/default.nix new file mode 100644 index 000000000..61c43556d --- /dev/null +++ b/tv/5pkgs/rpi/WiringPi/default.nix @@ -0,0 +1,61 @@ +{ fetchFromGitHub, runCommand, stdenv }: + +let + generic = name: extraAttrs: + stdenv.mkDerivation ({ + pname = "WiringPi-${name}"; + version = "2020-09-14"; + + src = fetchFromGitHub (stdenv.lib.importJSON ./src.json); + + buildPhase = '' + runHook postBuild + + make -C ${name} all + + runHook preBuild + ''; + + installPhase = '' + runHook preInstall + + export DESTDIR=$out + export PREFIX= + export LDCONFIG=true + + make -C ${name} install + + runHook postInstall + ''; + } // extraAttrs); + + fakeutils = runCommand "fakeutils-1.0" {} /* sh */ '' + mkdir -p $out/bin + for name in chown chmod; do + touch $out/bin/$name + chmod +x $out/bin/$name + done + ''; +in + +rec { + wiringPi = generic "wiringPi" {}; + wiringPiDev = generic "devLib" { + buildInputs = [ + wiringPi + ]; + }; + gpio = generic "gpio" { + preInstall = '' + # fakeutils cannot be buildInputs because they have to override existing + # executables and therefore need to be prepended to the search path. + PATH=${fakeutils}/bin:$PATH + + mkdir -p $out/bin + ''; + buildInputs = [ + wiringPi + wiringPiDev + ]; + }; +} diff --git a/tv/5pkgs/rpi/WiringPi/src.json b/tv/5pkgs/rpi/WiringPi/src.json new file mode 100644 index 000000000..edf4e8272 --- /dev/null +++ b/tv/5pkgs/rpi/WiringPi/src.json @@ -0,0 +1,6 @@ +{ + "owner": "WiringPi", + "repo": "WiringPi", + "rev": "5c6bab7d4279e8c0cc890984eaa1a69ff3af1c99", + "sha256": "1jlx7lb3ybwv06b2dpmsr718d0xj85awl1dgdqc607k50kk25mjb" +} -- cgit v1.3.1 From 83bcb46ce98ba3ec07b2208a82b05116352ec602 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Oct 2020 14:24:58 +0200 Subject: tv nix-prefetch-github: init at 3.0 --- tv/5pkgs/override/default.nix | 3 ++ tv/5pkgs/override/nix-prefetch-github.nix | 47 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 tv/5pkgs/override/nix-prefetch-github.nix diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 789a3cfe8..d18d66506 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -10,6 +10,9 @@ self: super: { outputHashMode = null; }); + nix-prefetch-github = + self.python3Packages.callPackage ./nix-prefetch-github.nix {}; + rxvt_unicode = self.callPackage ./rxvt_unicode.nix { rxvt_unicode = super.rxvt_unicode; }; diff --git a/tv/5pkgs/override/nix-prefetch-github.nix b/tv/5pkgs/override/nix-prefetch-github.nix new file mode 100644 index 000000000..67873f929 --- /dev/null +++ b/tv/5pkgs/override/nix-prefetch-github.nix @@ -0,0 +1,47 @@ +{ fetchPypi +, lib +, buildPythonPackage +, pythonOlder +, attrs +, click +, effect +, jinja2 +, git +, pytestCheckHook +, pytest-black +, pytestcov +, pytest-isort +}: + +buildPythonPackage rec { + pname = "nix-prefetch-github"; + version = "3.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA="; + }; + + propagatedBuildInputs = [ + attrs + click + effect + jinja2 + ]; + + checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ]; + checkPhase = '' + pytest -m 'not network' + ''; + + # latest version of isort will cause tests to fail + # ignore tests which are impure + disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ]; + + meta = with lib; { + description = "Prefetch sources from github"; + homepage = "https://github.com/seppeljordan/nix-prefetch-github"; + license = licenses.gpl3; + maintainers = with maintainers; [ seppeljordan ]; + }; +} -- cgit v1.3.1 From acdb2bea876aaadf30430e2ea3cbef62808ca24c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Oct 2020 14:38:36 +0200 Subject: lib.mapNixDir1: prefix names starting with a digit --- lib/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/default.nix b/lib/default.nix index f02959bba..be9f60f3b 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -60,13 +60,17 @@ let }.${typeOf x}; mapNixDir1 = f: dirPath: + let + toPackageName = name: + if test "^[0-9].*" name then "_${name}" else name; + in listToAttrs (map (relPath: let name = removeSuffix ".nix" relPath; path = dirPath + "/${relPath}"; in - nameValuePair name (f path)) + nameValuePair (toPackageName name) (f path)) (filter (name: name != "default.nix" && !hasPrefix "." name) (attrNames (readDir dirPath)))); -- cgit v1.3.1 From cbf844cdde559ebd19b7c98d99abd858017951f1 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Oct 2020 14:53:14 +0200 Subject: tv rpiPackages.433Utils: init at 2018-06-07 --- .../433Utils/RPi_utils.codesend.codestring.patch | 24 +++++++++++++ tv/5pkgs/rpi/433Utils/default.nix | 42 ++++++++++++++++++++++ tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch | 10 ++++++ tv/5pkgs/rpi/433Utils/src.json | 7 ++++ 4 files changed, 83 insertions(+) create mode 100644 tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch create mode 100644 tv/5pkgs/rpi/433Utils/default.nix create mode 100644 tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch create mode 100644 tv/5pkgs/rpi/433Utils/src.json diff --git a/tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch b/tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch new file mode 100644 index 000000000..447e42f1d --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch @@ -0,0 +1,24 @@ +--- a/RPi_utils/codesend.cpp ++++ b/RPi_utils/codesend.cpp +@@ -40,18 +40,18 @@ int main(int argc, char *argv[]) { + } + + // Change protocol and pulse length accroding to parameters +- int code = atoi(argv[1]); ++ const char *code = argv[1]; + if (argc >= 3) protocol = atoi(argv[2]); + if (argc >= 4) pulseLength = atoi(argv[3]); + + if (wiringPiSetup () == -1) return 1; +- printf("sending code[%i]\n", code); ++ printf("sending code[%s]\n", code); + RCSwitch mySwitch = RCSwitch(); + if (protocol != 0) mySwitch.setProtocol(protocol); + if (pulseLength != 0) mySwitch.setPulseLength(pulseLength); + mySwitch.enableTransmit(PIN); + +- mySwitch.send(code, 24); ++ mySwitch.send(code); + + return 0; + diff --git a/tv/5pkgs/rpi/433Utils/default.nix b/tv/5pkgs/rpi/433Utils/default.nix new file mode 100644 index 000000000..78be6de35 --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/default.nix @@ -0,0 +1,42 @@ +{ fetchFromGitHub, stdenv +, wiringPi ? WiringPi.wiringPi +, wiringPiDev ? WiringPi.wiringPiDev +, WiringPi ? rpiPackages.WiringPi +, rpiPackages +}: + +stdenv.mkDerivation { + pname = "433Utils-RPi_utils"; + version = "2018-06-07"; + + src = fetchFromGitHub (stdenv.lib.importJSON ./src.json); + + patches = [ + ./rc-switch.protocols.patch + ./RPi_utils.codesend.codestring.patch + ]; + + buildPhase = '' + runHook postBuild + + make -C RPi_utils + + runHook preBuild + ''; + + buildInputs = [ + wiringPi + wiringPiDev + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + for name in send codesend RFSniffer; do + cp RPi_utils/$name $out/bin/ + done + + runHook postInstall + ''; +} diff --git a/tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch b/tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch new file mode 100644 index 000000000..41304ef8e --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch @@ -0,0 +1,10 @@ +--- a/rc-switch/RCSwitch.cpp ++++ b/rc-switch/RCSwitch.cpp +@@ -78,6 +78,7 @@ static const RCSwitch::Protocol PROGMEM proto[] = { + { 100, { 30, 71 }, { 4, 11 }, { 9, 6 } }, // protocol 3 + { 380, { 1, 6 }, { 1, 3 }, { 3, 1 } }, // protocol 4 + { 500, { 6, 14 }, { 1, 2 }, { 2, 1 } }, // protocol 5 ++ { 136, { 1, 31 }, { 1, 3 }, { 3, 1 } }, // protocol 6 + }; + + enum { diff --git a/tv/5pkgs/rpi/433Utils/src.json b/tv/5pkgs/rpi/433Utils/src.json new file mode 100644 index 000000000..3cf232788 --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/src.json @@ -0,0 +1,7 @@ +{ + "owner": "ninjablocks", + "repo": "433Utils", + "rev": "31c0ea4e158287595a6f6116b6151e72691e1839", + "sha256": "04r2qlkdsz46qgpnbizrfccz1i0qlkb1iqz0jzyq4fzvksqp9dg1", + "fetchSubmodules": true +} \ No newline at end of file -- cgit v1.3.1 From d554acc06850a83399de48ff3bbcb3afdf38b4bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Oct 2020 20:19:57 +0200 Subject: l green-host: use cryfs & nixos-containers --- lass/2configs/green-host.nix | 109 +++++++++++++++++++++++++------------------ 1 file changed, 63 insertions(+), 46 deletions(-) diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 0cccbc30e..6cccab4b3 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -1,38 +1,44 @@ { config, lib, pkgs, ... }: with import ; -{ +let + + cname = "green"; + cryfs = pkgs.cryfs.overrideAttrs (old: { + patches = [ + (pkgs.writeText "file_mode.patch" '' + --- a/src/cryfs/filesystem/CryNode.cpp + +++ b/src/cryfs/filesystem/CryNode.cpp + @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const { + result.uid = fspp::uid_t(getuid()); + result.gid = fspp::gid_t(getgid()); + #endif + - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag(); + + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();; + result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE; + //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..") + result.nlink = 1; + '') + ] ++ old.patches; + }); + +in { imports = [ - { #hack for already defined - systemd.services."container@green".reloadIfChanged = mkForce false; - systemd.services."container@green".preStart = '' - ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' - ''; - systemd.services."container@green".postStop = '' - set -x - ${pkgs.umount}/bin/umount /var/lib/containers/green - ls -la /dev/mapper/control - ${pkgs.devicemapper}/bin/dmsetup ls - ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img - ''; - } ]; - services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ]; - krebs.permown."/var/lib/sync-containers" = { - owner = "root"; - group = "syncthing"; - umask = "0007"; - }; + programs.fuse.userAllowOther = true; - system.activationScripts.containerPermissions = '' - mkdir -p /var/lib/containers - chmod 711 /var/lib/containers - ''; + services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ]; + # krebs.permown."/var/lib/sync-containers/${cname}" = { + # owner = "root"; + # group = "syncthing"; + # umask = "0007"; + # }; - containers.green = { + systemd.services."container@green".reloadIfChanged = mkForce false; + containers.${cname} = { config = { ... }: { environment.systemPackages = [ pkgs.git @@ -42,41 +48,52 @@ with import ; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; + system.activationScripts.fuse = { + text = '' + ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 + ''; + deps = []; + }; }; + allowedDevices = [ + { modifier = "rwm"; node = "/dev/fuse"; } + ]; autoStart = false; enableTun = true; privateNetwork = true; - hostAddress = "10.233.2.15"; - localAddress = "10.233.2.16"; + hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs + localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs }; environment.systemPackages = [ - (pkgs.writeDashBin "start-green" '' - set -fu - CONTAINER='green' - IMAGE='/var/lib/sync-containers/green.img' - - ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null - if [ "$?" -ne 0 ]; then - ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" - fi - - mkdir -p /var/lib/containers/"$CONTAINER" + (pkgs.writeDashBin "start-${cname}" '' + set -euf - ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " - if [ "$?" -ne 0 ]; then - ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + mkdir -p /var/lib/containers/${cname}/var/state + chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state + if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then + /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \ + ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions fi - STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname}) if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + ${pkgs.nixos-container}/bin/nixos-container start ${cname} fi - ping -c1 green.r - if [ "$?" -ne 0 ]; then - ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + + if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then + ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" '' + mkdir -p /var/state/var_src + ln -sf state/var_Src /var/src + nixos-rebuild -I /var/src switch + ''} fi + '') + (pkgs.writeDashBin "stop-${cname}" '' + set -euf + ${pkgs.nixos-container}/bin/nixos-container stop ${cname} + ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state '') ]; } -- cgit v1.3.1 From f34ec6727854756c09f45ad350264b5836bc89ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 16 Oct 2020 12:38:21 +0200 Subject: l: rotate yubikey pubkey --- krebs/3modules/lass/pgp/yubikey.pgp | 102 ++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp index 0c7791ce8..d7b3c29c5 100644 --- a/krebs/3modules/lass/pgp/yubikey.pgp +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -35,30 +35,30 @@ N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs 8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE -cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ -EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA -CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2 -ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP -ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h -UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L -4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5 -c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz -efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv -aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S -LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D -MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE -P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl -Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z -7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj -8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa -QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc -Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d -7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL -5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont -2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut -senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw -dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE -5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML +cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB +dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc +z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu +L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+ +zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ +g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi +qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz +U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO +93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8 +SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX +xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO +JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw +/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj +AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK +IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT +KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB +uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ +wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx +MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ +D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D +duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ +5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31 +ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG +5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd @@ -69,19 +69,19 @@ qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk 5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW -kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb -zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke -D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj -nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs -dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk -Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E -i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f -06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P -60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc -0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV -u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/ -MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ -z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97 +kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW +IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds +D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc +OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+ +NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz +0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN +kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE +saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4 +6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw +73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc +MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL +pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx +WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97 rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a @@ -92,18 +92,18 @@ pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh 81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN 6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO -Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN -dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP -/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF -rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3 -Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+ -VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk -EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty -keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw -uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB -vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw -JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4 -gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx -z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq -=U2Jf +Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh +BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP ++gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/ +Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X +qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG +qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb +YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt +Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq +eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt +Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k +nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt +Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC +QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7 +=h9fX -----END PGP PUBLIC KEY BLOCK----- -- cgit v1.3.1 From 4d5c1b6dbed3c07c030e1dfe9f033f707608d84a Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 16 Oct 2020 22:25:35 +0200 Subject: types.net: add mac option --- lib/types.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index 3eda2262f..689a2c807 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -116,6 +116,10 @@ rec { type = listOf hostname; default = []; }; + mac = mkOption { + type = nullOr str; + default = null; + }; ip4 = mkOption { type = nullOr (submodule { options = { -- cgit v1.3.1 From b034f63f7a2e4361b32c33c0e1a980eecf1a5aa6 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 17 Oct 2020 01:00:54 +0200 Subject: tv iptables: move sshd stuff to sshd config --- tv/2configs/sshd.nix | 20 ++++++++++++++++---- tv/3modules/iptables.nix | 9 +-------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix index 25468f23e..79af5b01f 100644 --- a/tv/2configs/sshd.nix +++ b/tv/2configs/sshd.nix @@ -1,10 +1,22 @@ -{ config, lib, pkgs, ... }: - with import ; - -{ +{ config, ... }: let + cfg.host = config.krebs.build.host; +in { services.openssh = { enable = true; }; tv.iptables.input-internet-accept-tcp = singleton "ssh"; + tv.iptables.extra.nat.OUTPUT = [ + "-o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22" + ]; + tv.iptables.extra4.nat.PREROUTING = [ + "-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT" + ]; + tv.iptables.extra6.nat.PREROUTING = [ + "-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT" + ]; + tv.iptables.extra.nat.PREROUTING = [ + "-p tcp --dport 22 -j REDIRECT --to-ports 0" + "-p tcp --dport 11423 -j REDIRECT --to-ports 22" + ]; } diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 3974760d5..9cf0bd5a2 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -135,15 +135,8 @@ let { :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] - ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [ - "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0" - "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" - ]} - ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [ - "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" - ]} - ${formatTable cfg.extra.nat} ${formatTable cfg."extra${toString iptables-version}".nat} + ${formatTable cfg.extra.nat} COMMIT *filter :INPUT DROP [0:0] -- cgit v1.3.1 From 71dacb8fb2d159b2c6c12d310cb07344b2e427d9 Mon Sep 17 00:00:00 2001 From: Kierán Meinhardt Date: Sun, 18 Oct 2020 13:55:31 +0200 Subject: external: namespace kmein hosts under kmein, catullus -> toum --- krebs/3modules/external/default.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index e1667cb68..4a48a3393 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -18,12 +18,15 @@ with import ; in { hosts = mapAttrs hostDefaults { - catullus = { + toum = { owner = config.krebs.users.kmein; nets = { retiolum = { ip4.addr = "10.243.2.3"; - aliases = [ "catullus.r" ]; + aliases = [ + "toum.r" + "toum.kmein.r" + ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx @@ -48,7 +51,10 @@ in { nets = { retiolum = { ip4.addr = "10.243.2.4"; - aliases = [ "wilde.r" ]; + aliases = [ + "wilde.r" + "wilde.kmein.r" + ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk @@ -100,6 +106,7 @@ in { ip4.addr = "10.243.2.1"; aliases = [ "homeros.r" + "homeros.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -228,6 +235,7 @@ in { ip4.addr = "10.243.2.2"; aliases = [ "scardanelli.r" + "scardanelli.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- -- cgit v1.3.1 From 1b521044840b84867e0d886074e07173aeb728ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 14:10:49 +0200 Subject: nixpkgs: b4db68f -> ff6fda6 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 7795004c5..dc7918513 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "b4db68ff563895eea6aab4ff24fa04ef403dfe14", - "date": "2020-09-30T16:23:41+02:00", - "sha256": "1qbs7p0mmcmpg70ibd437hl57byqx5q0pc61p1dckrkazj7kq0pc", + "rev": "ff6fda61600cc60404bab5cb6b18b8636785b7bc", + "date": "2020-10-11T12:38:59+02:00", + "sha256": "0kwx0pbgi5nlfb055r2swzp56wpjncabpcpc1djxphi2vlcdy6f3", "fetchSubmodules": false } -- cgit v1.3.1 From 0be43e62346062304e0cf30dbabdae173f718fcd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 18:53:18 +0200 Subject: update-nixpkgs: use nixpkgs remote --- krebs/update-nixpkgs-unstable.sh | 2 +- krebs/update-nixpkgs.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh index 592023f20..ab04914c1 100755 --- a/krebs/update-nixpkgs-unstable.sh +++ b/krebs/update-nixpkgs-unstable.sh @@ -2,7 +2,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ - --url https://github.com/NixOS/nixpkgs-channels \ + --url https://github.com/NixOS/nixpkgs \ --rev refs/heads/nixos-unstable' \ > $dir/nixpkgs-unstable.json newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index bb4b54793..b0ffb6adc 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -2,7 +2,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ - --url https://github.com/NixOS/nixpkgs-channels \ + --url https://github.com/NixOS/nixpkgs \ --rev refs/heads/nixos-20.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') -- cgit v1.3.1 From b9c28c035f5552622fccc71196dc3636516fa972 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 18:53:54 +0200 Subject: nixpkgs: ff6fda6 -> ff6fda6 --- krebs/nixpkgs.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index dc7918513..56e9e8792 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,5 +1,5 @@ { - "url": "https://github.com/NixOS/nixpkgs-channels", + "url": "https://github.com/NixOS/nixpkgs", "rev": "ff6fda61600cc60404bab5cb6b18b8636785b7bc", "date": "2020-10-11T12:38:59+02:00", "sha256": "0kwx0pbgi5nlfb055r2swzp56wpjncabpcpc1djxphi2vlcdy6f3", -- cgit v1.3.1 From ef76fd70fefa460ecdd3d63737189be786dd00cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 18:59:17 +0200 Subject: nixpkgs-unstable: 84d74ae -> 24c9b05 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 69a074e3f..dba4a7150 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { - "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "84d74ae9c9cbed73274b8e4e00be14688ffc93fe", - "date": "2020-09-26T18:54:09-07:00", - "sha256": "0ww70kl08rpcsxb9xdx8m48vz41dpss4hh3vvsmswll35l158x0v", + "url": "https://github.com/NixOS/nixpkgs", + "rev": "24c9b05ac53e422f1af81a156f1fd58499eb27fb", + "date": "2020-10-11T16:18:20+02:00", + "sha256": "1aw5zxd91rzvvzqk8zi5qrnkjsgf4nv77pa3jbpsymhpwr0gj5i3", "fetchSubmodules": false } -- cgit v1.3.1 From 5e304ff70ec34800e3b847664757b363e1e88a9b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 19:07:09 +0200 Subject: l krops: shallow clone new remote --- lass/krops.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/krops.nix b/lass/krops.nix index 5927b0062..128c9ee04 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,8 +11,9 @@ { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + shallow = true; }; secrets = if test then { file = toString ./2configs/tests/dummy-secrets; -- cgit v1.3.1 From 8196db04dc94eff0c9fd898fd964dd0fb67e36f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 19:07:43 +0200 Subject: makefu: use new unstable remote --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index bf2a7a19a..213af0497 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -48,7 +48,7 @@ } (lib.mkIf (host-src.unstable) { nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; }; }) -- cgit v1.3.1 From 9626d3cda953929e903b5a06595e98972cb08ffc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2020 19:08:12 +0200 Subject: jeschli: use new unstable remote --- jeschli/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 59edd4273..242f1f7bb 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -10,7 +10,7 @@ { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; }; secrets = if test then { -- cgit v1.3.1 From c8869e99559ad72b67a1b6ef5784caa0ff6e1988 Mon Sep 17 00:00:00 2001 From: rtjure Date: Sun, 18 Oct 2020 14:39:33 +0000 Subject: external: init rtjure.r --- krebs/3modules/external/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 4a48a3393..f9a7e7f36 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -228,6 +228,32 @@ in { wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + rtjure = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.122"; + aliases = [ + "rtjure.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3YkPPsO3WDGrXyOBdAxxP1MNNuPa19Gx1pA73FKv0gnfp4wYyjwl + sc9A0C5yr741+LhJNqfkUT9Vb7dE2PZcEcAxZ6Vk9FBkkCWHGVyMfeqeK/hTuYqk + FKGNPcGWCKZDM6CYSNYr2PW3ER8xMrQP9VSvHk1smdqr8cj3wWJ8TRtUmHzkvPZc + C4bgrLDiQ8uev5VCt4POilrnjfcBNzgOFxWZ5uneTwM6tLhOj9uaylJEtDbW2XrF + ocm8cGrYkS4c1x77mz/eYfJUJQFhTVGp29QTIiIHglP7W67LLq4qMvREvRhGTovd + AT4KUOEXRgcPzHhbcVNeu2/ekKGHAubpjFfqxW7Y9zRTOXeSwyDnVbh+jg/VBGIV + 2BQZnUqNSQIHVeHQCoI3ugdSsqK5Gf1z9cKqpeNfwo+JK72NTC+nH2d5ypRksTzv + VoTrFrv0P2qtKkhI79zY3ezw3HjCf6osKz9/EAYgzGH1Ix4WD3jjc1gqePiHYYlL + EQV4HkwmarmMNrNA8qRDhKCTK4G7CS6btOcSsCM3y1lYbkubaOncIACSWIJ1uAMJ + SEY30YYtOw2PPWstaWdy8MMZK8/MAXGEkt10OBpai7AdFZq8Oyz6xmLpgVIsWPbt + UI8BvkKmFhMU2EHKUbe0qe5M1r218dsrOjPk99QI99iazMG34hyxQB8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; scardanelli = { owner = config.krebs.users.kmein; nets = { @@ -485,6 +511,8 @@ in { mail = "macxylo@gmail.com"; pubkey = ssh-for "raute"; }; + rtjure = { + }; sokratess = { }; ulrich = { -- cgit v1.3.1 From de632c43193ef21c560490d0ef3e0e0771642edf Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Mon, 19 Oct 2020 15:46:21 +0200 Subject: add doctor --- krebs/3modules/external/mic92.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 5a766664f..39d738337 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -485,5 +485,28 @@ in { }; }; }; + doctor = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.doctor.nets.retiolum.ip4.addr + config.krebs.hosts.doctor.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.186"; + aliases = [ "doctor.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx0zdjPX9C0fBQR+8kdlsBTuMr4KxWhqw4ARqW02oSGKJxY+D57oO + ORVfjBhrvIiZJfXaY0M+/n+M4Bvt4r5ol3N1NxkT7vc0bAbz9Kk/0M8dlspNoSO9 + WW+mITVfxg/DgzDegjj4TOrsWC1jBjo4PVrvA+PnxZC4VucnqZZ55JHWAk/mPtzs + PUc3mkn3e9pwwrJMQRy7qg9fbatljHCb/fJoDk6DiQP4ZRE/pCf4OYCx7huHibsd + EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv + KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; } -- cgit v1.3.1 From e66f557b1f6b029b99d572dd61225e45eff5278c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 22 Oct 2020 21:11:35 +0200 Subject: reaktor: use tls on freenode --- krebs/2configs/reaktor2.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 061dc9ab9..d5b1d7ed8 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -137,6 +137,7 @@ in { systemPlugin ]; username = "reaktor2"; + port = 6697; }; r = { nick = "reaktor2|krebs"; -- cgit v1.3.1 From fc298e07f8c225136c7d38da3366f2f6f108a511 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Oct 2020 12:21:03 +0200 Subject: reaktor2: port must be string --- krebs/2configs/reaktor2.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index d5b1d7ed8..b80198b03 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -137,7 +137,7 @@ in { systemPlugin ]; username = "reaktor2"; - port = 6697; + port = "6697"; }; r = { nick = "reaktor2|krebs"; -- cgit v1.3.1 From 134309ae8ad89ffc9cb1f3e571f6139724673026 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Oct 2020 18:37:35 +0200 Subject: nixpkgs: ff6fda6 -> 7c2a362 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 56e9e8792..161a099e5 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "ff6fda61600cc60404bab5cb6b18b8636785b7bc", - "date": "2020-10-11T12:38:59+02:00", - "sha256": "0kwx0pbgi5nlfb055r2swzp56wpjncabpcpc1djxphi2vlcdy6f3", + "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1", + "date": "2020-10-20T09:32:31+02:00", + "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4", "fetchSubmodules": false } -- cgit v1.3.1 From 242530680d5dcb37a5a023d0b8f6155ab441cead Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Oct 2020 18:39:47 +0200 Subject: nixpkgs-unstable: 24c9b05 -> 007126e --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index dba4a7150..22c33bd66 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "24c9b05ac53e422f1af81a156f1fd58499eb27fb", - "date": "2020-10-11T16:18:20+02:00", - "sha256": "1aw5zxd91rzvvzqk8zi5qrnkjsgf4nv77pa3jbpsymhpwr0gj5i3", + "rev": "007126eef72271480cb7670e19e501a1ad2c1ff2", + "date": "2020-10-20T10:30:15+10:00", + "sha256": "1rfvw560vp2wn3dxdhqn1rk1fgk0ak9lnqm2dqpnsrkl4b8ay9mq", "fetchSubmodules": false } -- cgit v1.3.1