diff options
37 files changed, 402 insertions, 251 deletions
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0317d1eca..bcd9da5ea 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -17,29 +17,57 @@ let # see `repo-sync --help` # `ref` provides sane defaults and can be omitted + # you can have multiple repo-sync groups and therefore multiple @latest + # configuration entries. # attrset will be converted to json and be used as config - { repo = { + # each attrset defines a group of repos for syncing + + { nxpkgs = { makefu = { origin = { - url = http://github.com/makefu/repo ; + url = http://github.com/makefu/nixpkgs; ref = "heads/dev" ; }; mirror = { - url = "git@internal:mirror" ; + url = "git@internal:nixpkgs-mirror" ; ref = "heads/github-mirror-dev" ; }; }; lass = { origin = { - url = http://github.com/lass/repo ; + url = http://github.com/lass/nixpkgs; + }; + mirror = { + url = "git@internal:nixpkgs-mirror" ; + }; + }; + "@latest" = { + mirror = { + url = "git@internal:nixpkgs-mirror"; + ref = "heads/master"; + }; + }; + }; + stockholm = { + lass = { + origin = { + url = http://cgit.prism.r/stockholm; + }; + mirror = { + url = "git@internal:stockholm-mirror" ; + }; + }; + makefu = { + origin = { + url = http://gum.krebsco.de/stockholm; }; mirror = { - url = "git@internal:mirror" ; + url = "git@internal:stockholm-mirror" ; }; }; "@latest" = { mirror = { - url = "git@internal:mirror"; + url = "git@internal:stockholm-mirror"; ref = "heads/master"; }; }; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 57a579bc0..d53482339 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -336,7 +336,6 @@ let pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = / - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/krebs/5pkgs/passwdqc-utils/default.nix b/krebs/5pkgs/passwdqc-utils/default.nix index 0299715ba..53e7f5482 100644 --- a/krebs/5pkgs/passwdqc-utils/default.nix +++ b/krebs/5pkgs/passwdqc-utils/default.nix @@ -1,13 +1,18 @@ -{stdenv,pam,fetchurl,...}: +{ stdenv, pam, + fetchurl, lib, + wordset-file ? null, # set your own wordset-file + ... }: stdenv.mkDerivation rec { name = "passwdqc-utils-${version}"; version = "1.3.0"; buildInputs = [ pam ]; + src = fetchurl { url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz"; sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93"; }; + buildTargets = "utils"; installFlags= [ "BINDIR=$(out)/bin" "CONFDIR=$(out)/etc" @@ -15,7 +20,12 @@ stdenv.mkDerivation rec { "DEVEL_LIBDIR=$(out)/lib" "SECUREDIR=$(out)/lib/security" "INCLUDEDIR=$(out)/include" - "MANDIR=$(out)/man"]; + "MANDIR=$(out)/man" ]; + + patchPhase = lib.optionalString (wordset-file != null) '' + cp -f ${wordset-file} wordset_4k.c + ''; + installTargets = "install_lib install_utils"; meta = { diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 26ad316ce..8ce1d5748 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -102,6 +102,11 @@ with config.krebs.lib; device = "/dev/pool/bku"; fsType = "ext4"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; #services.udev.extraRules = '' diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1aa4d9b23..1028ca652 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -23,7 +23,7 @@ with config.krebs.lib; ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/c-base.nix + #../2configs/c-base.nix ../2configs/mail.nix ../2configs/krebs-pass.nix ../2configs/repo-sync.nix @@ -54,8 +54,8 @@ with config.krebs.lib; enable = true; package = pkgs.postgresql; }; - virtualisation.docker.enable = true; - users.users.mainUser.extraGroups = [ "docker" ]; + #virtualisation.docker.enable = true; + #users.users.mainUser.extraGroups = [ "docker" ]; } { lass.umts = { @@ -140,6 +140,11 @@ with config.krebs.lib; device = "/dev/big/conf"; fsType = "ext4"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; services.udev.extraRules = '' @@ -192,8 +197,12 @@ with config.krebs.lib; urban mk_sql_pair remmina + thunderbird logf + iodine + + macchanger ]; #TODO: fix this shit diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index b508103c5..51d106b5e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -120,6 +120,12 @@ in { device = "/dev/pool/bku"; }; + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + } { sound.enable = false; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index af98c6968..5140591af 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -50,6 +50,11 @@ with builtins; device = "/dev/pool/home-lass"; fsType = "ext4"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; services.udev.extraRules = '' diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index c6d4dbd89..aa5286ae0 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -23,7 +23,6 @@ with config.krebs.lib; useDefaultShell = true; }; networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; hardware.pulseaudio = { enable = true; systemWide = true; @@ -41,8 +40,6 @@ with config.krebs.lib; krebs.build.host = config.krebs.hosts.uriel; - networking.wireless.enable = true; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; @@ -77,6 +74,11 @@ with config.krebs.lib; "/boot" = { device = "/dev/sda1"; }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; }; services.udev.extraRules = '' diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index ea79053ce..90f420674 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: +with config.krebs.lib; let - inherit (config.krebs.lib) genid; mainUser = config.users.extraUsers.mainUser; - createChromiumUser = name: extraGroups: packages: - { + + browser-select = pkgs.writeScriptBin "browser-select" '' + BROWSER=$(echo -e "${concatStringsSep "\\n" (attrNames config.lass.browser.paths)}" | ${pkgs.dmenu}/bin/dmenu) + case $BROWSER in + ${concatMapStringsSep "\n" (n: '' + ${n}) + export BIN=${config.lass.browser.paths.${n}}/bin/${n} + ;; + '') (attrNames config.lass.browser.paths)} + esac + $BIN "$@" + ''; + + createChromiumUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -14,19 +31,21 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i chromium $@ - '') + bin ]; }; - createFirefoxUser = name: extraGroups: packages: - { + createFirefoxUser = name: extraGroups: + let + bin = pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + ''; + in { users.extraUsers.${name} = { inherit name; inherit extraGroups; @@ -35,14 +54,12 @@ let useDefaultShell = true; createHome = true; }; - krebs.per-user.${name}.packages = packages; + lass.browser.paths.${name} = bin; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i firefox $@ - '') + bin ]; }; @@ -50,19 +67,26 @@ let in { + lass.browser.select = browser-select; + environment.systemPackages = [ - (pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu) - $BROWSER $@ - '') + browser-select ]; imports = [ - ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "com" [ "video" "audio" ] [ pkgs.chromium ] ) + { + options.lass.browser.select = mkOption { + type = types.path; + }; + options.lass.browser.paths = mkOption { + type = with types; attrsOf path; + }; + } + ( createFirefoxUser "ff" [ "audio" ] ) + ( createChromiumUser "cr" [ "video" "audio" ] ) + ( createChromiumUser "wk" [ "video" "audio" ] ) + ( createChromiumUser "fb" [ "video" "audio" ] ) + ( createChromiumUser "gm" [ "video" "audio" ] ) + ( createChromiumUser "com" [ "video" "audio" ] ) ]; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index af3ed1d36..0b7ca8eaa 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -67,7 +67,7 @@ with config.krebs.lib; }; }; - nix.useChroot = true; + nix.useSandbox = true; users.mutableUsers = false; @@ -97,6 +97,7 @@ with config.krebs.lib; jq parallel proot + populate #style most @@ -141,15 +142,6 @@ with config.krebs.lib; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd - - #fancy colors - if [ -e ~/LS_COLORS ]; then - eval $(dircolors ~/LS_COLORS) - fi - - if [ -e /etc/nixos/dotfiles/link ]; then - /etc/nixos/dotfiles/link - fi ''; promptInit = '' if test $UID = 0; then diff --git a/lass/2configs/iodined.nix b/lass/2configs/iodined.nix index 3108a6b23..f67e2ae86 100644 --- a/lass/2configs/iodined.nix +++ b/lass/2configs/iodined.nix @@ -6,15 +6,15 @@ let pw = import <secrets/iodinepw.nix>; in { - services.iodined = { + services.iodine.server = { enable = true; domain = domain; ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; }; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 54"; target = "ACCEPT";} + { predicate = "-p udp --dport 53"; target = "ACCEPT";} ]; } diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 9e3fe888c..6e9138b61 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/lassulus/nixpkgs; - ref = "3fb009d94e70f5d1151f4ec239a90d2de1979a74"; + url = https://github.com/nixos/nixpkgs; + ref = "354fd3728952c229fee4f2924737c601d7ab4725"; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2f93c1f9c..e05f40d97 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -143,23 +143,11 @@ in { }; }; - - #services.phpfpm.phpOptions = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = ${sendmail} -t - #''; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - always_populate_raw_post_data = -1 - upload_max_filesize = 100M - post_max_size = 100M - file_uploads = on - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + sendmail_path = ${sendmail} -t + upload_max_filesize = 100M + post_max_size = 100M + file_uploads = on ''; # MAIL STUFF diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 467229c0c..23f417195 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -167,7 +167,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes @@ -220,7 +219,6 @@ rec { pm.max_spare_servers = 3 listen.owner = nginx listen.group = nginx - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index 5d3661706..0f04540c3 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -11,7 +11,7 @@ pkgs.writeText "Xresources" '' ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: browser-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select URxvt.url-select.underline: true URxvt.keysym.M-u: perl:url-select:select_next URxvt.keysym.M-Escape: perl:keyboard-select:activate diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 73b148bf7..0f9b1f84a 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -1,143 +1,112 @@ -{ config, lib, pkgs, ... }@args: - +{ config, pkgs, ... }@args: with config.krebs.lib; - let - # TODO krebs.build.user - user = config.users.users.mainUser; + user = config.krebs.build.user; +in { + + environment.systemPackages = [ + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; - out = { - services.xserver = { - display = 11; - tty = 11; + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; + services.xserver = { + enable = true; + display = 11; + tty = 11; - #keyboard stuff - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; }; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - ExecReload = need-reload "urxvtd.service"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; + systemd.services.display-manager.enable = false; - krebs.per-user.lass.packages = [ - pkgs.rxvt_unicode_with-plugins - ]; + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; - systemd.services.display-manager.enable = false; + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; - services.xserver.enable = true; + XMONAD_STATE = "/tmp/xmonad.state"; - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = xmonad-environment; - restartIfChanged = true; - serviceConfig = { - ExecStart = "${xmonad-start}/bin/xmonad"; - ExecStop = "${xmonad-stop}/bin/xmonad-stop"; - User = user.name; - WorkingDirectory = user.home; - }; + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "dashboard" # we start here + ]); }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = xserver-environment; - serviceConfig = { - ExecReload = need-reload "xserver.service"; - ExecStart = "${xserver}/bin/xserver"; - }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; + ExecStop = pkgs.writeScript "xmonad-stop" '' + #! /bin/sh + ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ${pkgs.coreutils}/bin/sleep 2s + ''; + User = user.name; + WorkingDirectory = user.home; }; }; - xmonad-environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" - ]); + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + ]; + }; }; - xmonad-start = pkgs.writeScriptBin "xmonad" '' - #! ${pkgs.bash}/bin/bash - set -efu - export PATH; PATH=${makeSearchPath "bin" ([ - pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers - settle() {( - # Use PATH for a clean journal - command=''${1##*/} - PATH=''${1%/*}; export PATH - shift - until "$command" "$@"; do - ${pkgs.coreutils}/bin/sleep 1 - done - )&} - settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} - settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' - exec ${pkgs.xmonad-lass}/bin/xmonad - ''; - - xmonad-stop = pkgs.writeScriptBin "xmonad-stop" '' - #! /bin/sh - ${pkgs.xmonad-lass}/bin/xmonad --shutdown - ${pkgs.coreutils}/bin/sleep 2s - ''; - - xserver-environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; }; - - xserver = pkgs.writeScriptBin "xserver" '' - #! /bin/sh - set -efu - exec ${pkgs.xorg.xorgserver.out}/bin/X \ - :${toString config.services.xserver.display} \ - vt${toString config.services.xserver.tty} \ - -config ${import ./xserver.conf.nix args} \ - -logfile /var/log/X.${toString config.services.xserver.display}.log \ - -nolisten tcp \ - -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \ - ''; - - need-reload = s: let - pkg = pkgs.writeScriptBin "need-reload" '' - #! /bin/sh - echo "$*" - ''; - in "${pkg}/bin/need-reload ${s}"; - -in out +} diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index b221d7677..aa159be07 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,5 +118,4 @@ fi ''; }; - users.defaultUserShell = "/run/current-system/sw/bin/zsh"; } diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 6e1e20dd3..6588ca0d3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _: imports = [ ./ejabberd ./folderPerms.nix + ./hosts.nix ./mysql-backup.nix ./umts.nix ./urxvtd.nix diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix new file mode 100644 index 000000000..f2ff10c06 --- /dev/null +++ b/lass/3modules/hosts.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +with config.krebs.lib; + +{ + options.lass.hosts = mkOption { + type = types.attrsOf types.host; + default = + filterAttrs (_: host: host.owner.name == "lass") + config.krebs.hosts; + }; +} diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index 35d8d04a5..4a79311a4 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -111,7 +111,6 @@ let pm.max_spare_servers = 3 listen.owner = ${user} listen.group = ${group} - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index 01adc0409..7daaba89e 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -41,10 +41,6 @@ let wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 - #modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; - modem-device = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0"; - - # TODO: currently it is only netzclub umts-bin = pkgs.writeScriptBin "umts" '' #!/bin/sh set -euf diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 108054cb6..4305a121b 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -154,7 +154,6 @@ let pm.max_spare_servers = 3 listen.owner = ${user} listen.group = ${group} - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 86e69b10c..96b12b9d4 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -9,7 +9,7 @@ pkgs.writeHaskell "xmonad-lass" { "xmonad-contrib" "xmonad-stockholm" ]; - text = '' + text = /* haskell */ '' {-# LANGUAGE DeriveDataTypeable #-} -- for XS {-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} @@ -24,6 +24,7 @@ import Control.Exception import Data.List (isInfixOf) import System.Environment (getArgs, withArgs, getEnv) import System.IO (hPutStrLn, stderr) +import System.Posix.Process (executeFile) import Text.Read (readEither) import XMonad.Actions.CopyWindow (copy, kill1) import XMonad.Actions.CycleWS (toggleWS) @@ -41,13 +42,13 @@ import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNext import XMonad.Layout.NoBorders (smartBorders) import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) -import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent) import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Layout.SimpleFloat (simpleFloat) +import XMonad.Stockholm.Shutdown -myTerm :: String -myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc" +urxvtcPath :: FilePath +urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" @@ -63,12 +64,14 @@ mainNoArgs = do xmonad' $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def - { terminal = myTerm + { terminal = urxvtcPath , modMask = mod4Mask , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = spawn "echo emit XMonadStartup" + , startupHook = do + path <- liftIO (getEnv "XMONAD_STARTUP_HOOK") + forkFile path [] Nothing , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent @@ -84,7 +87,7 @@ xmonad' conf = do path <- getEnv "XMONAD_STATE" try (readFile path) >>= \case Right content -> do - hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content) + hPutStrLn stderr ("resuming from " ++ path) withArgs ("--resume" : lines content) (xmonad conf) Left e -> do hPutStrLn stderr (displaySomeException e) @@ -108,7 +111,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-<F11>", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f") + [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%") @@ -124,8 +127,8 @@ myKeyMap = , ("M4-S-<Backspace>", removeEmptyWorkspace) , ("M4-S-c", kill1) , ("M4-<Esc>", toggleWS) - , ("M4-S-<Enter>", spawn myTerm) - , ("M4-x", floatNext True >> spawn myTerm) + , ("M4-S-<Enter>", spawn urxvtcPath) + , ("M4-x", floatNext True >> spawn urxvtcPath) , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) @@ -142,6 +145,10 @@ myKeyMap = , ("M4-S-q", return ()) ] +forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () +forkFile path args env = + xfork (executeFile path False args env) >> return () + autoXPConfig :: XPConfig autoXPConfig = def { autoComplete = Just 5000 @@ -160,8 +167,6 @@ gridConfig = def , gs_navigate = navNSearch , gs_font = myFont } - ''; }; } - diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index ab369d192..401ec6093 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -22,6 +22,8 @@ in { ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix ../2configs/torrent.nix + ../2configs/sabnzbd.nix + ../2configs/opentracker.nix ]; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 96f7be9fc..71fb85ff6 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -43,9 +43,11 @@ in { # TODO: unlock home partition via ssh ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix + ../2configs/urlwatch.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../2configs/disable_v6.nix #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix ../2configs/omo-share.nix @@ -56,13 +58,11 @@ in { # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; makefu.full-populate = true; - makefu.deluge.cfg = { - max_active_seeding = 1; - stop_seed_ratio = 1; - natpmp = true; - upnp = true; - max_upload_speed = 200; - + krebs.rtorrent = { + downloadDir = lib.mkForce "/media/crypt0/torrent"; + extraConfig = '' + upload_rate = 200 + ''; }; users.groups.share = { gid = config.krebs.lib.genid "share"; @@ -109,6 +109,7 @@ in { environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount wol # wake up filepimp + f3 ]; fileSystems = let cryptMount = name: diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 4829aaabd..0243856ab 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -9,6 +9,7 @@ ../. ../2configs/main-laptop.nix #< base-gui + zsh ../2configs/laptop-utils.nix + ../2configs/laptop-backup.nix # Krebs #../2configs/disable_v6.nix @@ -42,13 +43,14 @@ ../2configs/tinc/retiolum.nix # temporary modules ../2configs/temp/share-samba.nix - ../2configs/temp/elkstack.nix + ../2configs/laptop-backup.nix + # ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ../2configs/tinc/siem.nix - ../2configs/torrent.nix + #../2configs/torrent.nix ]; makefu.full-populate = true; - makefu.deluge.web.enable = true; + krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cdaa38f27..a7c2a983e 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with config.krebs.lib; build = { user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; in { - nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then + nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { # stable @ 2016-07-20 git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; } diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix index d57c91ce8..ca489d073 100644 --- a/makefu/2configs/iodined.nix +++ b/makefu/2configs/iodined.nix @@ -7,10 +7,12 @@ let in { services.iodined = { - enable = true; - domain = domain; - ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + server = { + enable = true; + domain = domain; + ip = "172.16.10.1/24"; + extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; + }; }; } diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix new file mode 100644 index 000000000..8df7043c8 --- /dev/null +++ b/makefu/2configs/laptop-backup.nix @@ -0,0 +1,12 @@ +{config, lib, pkgs, ... }: + +{ + systemd.user.services.duply-secrets = { + description = "run daily secrets backup"; + startAt = "daily"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup"; + }; + }; +} diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 7e9842e14..86f768662 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -21,7 +21,6 @@ in { sendfile on; sendfile_max_chunk 512k; directio 512; - aio threads; mp4; autoindex on; root /media; diff --git a/makefu/2configs/sabnzbd.nix b/makefu/2configs/sabnzbd.nix new file mode 100644 index 000000000..6b0f2ac3a --- /dev/null +++ b/makefu/2configs/sabnzbd.nix @@ -0,0 +1,16 @@ +{ pkgs, config, ... }: + +with config.krebs.lib; +let + web-port = 8080; +in { + services.sabnzbd.enable = true; + services.sabnzbd.group = "download"; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + users.users.sabnzbd.group = mkForce "download"; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT + ''; +} diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index c021e66c6..34f0ab0b4 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -2,9 +2,11 @@ users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; + group = "share"; description = "smb guest user"; home = "/var/empty"; }; + users.groups.share.members = [ "makefu" ]; networking.firewall.allowedTCPPorts = [ 139 445 # samba diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix index 6d55ffaf8..922743bf1 100644 --- a/makefu/2configs/udpt.nix +++ b/makefu/2configs/udpt.nix @@ -1,6 +1,7 @@ {pkgs, ...}: let + daemon-port = 6969; cfgfile = pkgs.writeText "udpt-config" '' [db] driver=sqlite3 @@ -11,7 +12,9 @@ let port=6969 threads=5 allow_remotes=yes - allow_iana_ips=no + + # allow retiolum: + allow_iana_ips=yes announce_interval=1800 cleanup_interval=120 @@ -19,7 +22,7 @@ let enable=yes [logging] - filename=- + filename=/tmp/udpt.log level=warning ''; in { @@ -27,5 +30,8 @@ in { enable = true; inherit cfgfile; }; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p udp --dport ${toString daemon-port} -j ACCEPT + ''; } diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index f869f5a78..e0fbefa36 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -1,22 +1,6 @@ { config, lib, ... }: { - nixpkgs.config.packageOverrides = pkgs: { - urlwatch = with pkgs.pythonPackages; buildPythonPackage rec { - name = "urlwatch-1.18"; - - propagatedBuildInputs = [ futures ]; - - src = pkgs.fetchurl { - url = "http://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb"; - }; - - postFixup = '' - wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH" - ''; - }; - }; krebs.urlwatch = { enable = true; mailto = config.krebs.users.makefu.mail; diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix index 2086bd540..59602e4a9 100644 --- a/makefu/3modules/udpt.nix +++ b/makefu/3modules/udpt.nix @@ -40,8 +40,9 @@ let restartIfChanged = true; serviceConfig = { Type = "simple"; - ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}"; + ExecStart = "${cfg.package}/bin/udpt -i -c ${shell.escape cfg.cfgfile}"; PrivateTmp = true; + WorkingDirectory = "/tmp"; User = "${cfg.user}"; }; }; diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 51987c35b..6d020406d 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -2,9 +2,16 @@ let inherit (pkgs) callPackage; + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + in { nixpkgs.config.packageOverrides = rec { + cups = nixpkgs-1509.cups; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; @@ -18,6 +25,13 @@ in mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; ps3netsrv = callPackage ./ps3netsrv {}; + pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils { + wordset-file = pkgs.fetchurl { + url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; + sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; + }; + }; + qcma = pkgs.qt5.callPackage ./qcma {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; diff --git a/makefu/5pkgs/qcma/default.nix b/makefu/5pkgs/qcma/default.nix new file mode 100644 index 000000000..6eb1a971d --- /dev/null +++ b/makefu/5pkgs/qcma/default.nix @@ -0,0 +1,64 @@ +{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git, +gettext, automake, libxml2 , qmakeHook, makeQtWrapper, +qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }: +let + libvitamtp = stdenv.mkDerivation rec { + name = "libvitamtp-${version}"; + version = "2.5.9"; + + src = fetchFromGitHub { + owner = "codestation"; + repo = "vitamtp"; + rev = "v"+version; + sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8"; + }; + + buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ]; + preConfigure = "sh ./autogen.sh"; + + meta = { + description = "Content Manager Assistant for the PS Vita"; + homepage = https://github.com/codestation/qcma; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; + }; +in stdenv.mkDerivation rec { + name = "qcma-${version}"; + version = "0.3.13"; + + src = fetchgit { + url = "git://github.com/codestation/qcma.git"; + rev = "refs/tags/v"+version; + leaveDotGit = true; + sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i"; + }; + + preConfigure = '' + lrelease common/resources/translations/*.ts + ''; + + # TODO: manually adding qtbase and qtmultimedia to the library path is shit, + # this should be done somewhere before when building the project, idk. + installPhase = '' + make INSTALL_ROOT="$(out)" install + for i in qcma qcma_cli; do + wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ + qtbase qtmultimedia ]} + done + ''; + + enableParallelBuilding = true; + + buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ]; + nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ]; + + meta = { + description = "Content Manager Assistant for the PS Vita"; + homepage = https://github.com/codestation/qcma; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} |