diff options
85 files changed, 1012 insertions, 339 deletions
diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 59edd4273..242f1f7bb 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -10,7 +10,7 @@ { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; }; secrets = if test then { diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 061dc9ab9..b80198b03 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -137,6 +137,7 @@ in { systemPlugin ]; username = "reaktor2"; + port = "6697"; }; r = { nick = "reaktor2|krebs"; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index e1667cb68..f9a7e7f36 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -18,12 +18,15 @@ with import <stockholm/lib>; in { hosts = mapAttrs hostDefaults { - catullus = { + toum = { owner = config.krebs.users.kmein; nets = { retiolum = { ip4.addr = "10.243.2.3"; - aliases = [ "catullus.r" ]; + aliases = [ + "toum.r" + "toum.kmein.r" + ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx @@ -48,7 +51,10 @@ in { nets = { retiolum = { ip4.addr = "10.243.2.4"; - aliases = [ "wilde.r" ]; + aliases = [ + "wilde.r" + "wilde.kmein.r" + ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk @@ -100,6 +106,7 @@ in { ip4.addr = "10.243.2.1"; aliases = [ "homeros.r" + "homeros.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -221,6 +228,32 @@ in { wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + rtjure = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.122"; + aliases = [ + "rtjure.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3YkPPsO3WDGrXyOBdAxxP1MNNuPa19Gx1pA73FKv0gnfp4wYyjwl + sc9A0C5yr741+LhJNqfkUT9Vb7dE2PZcEcAxZ6Vk9FBkkCWHGVyMfeqeK/hTuYqk + FKGNPcGWCKZDM6CYSNYr2PW3ER8xMrQP9VSvHk1smdqr8cj3wWJ8TRtUmHzkvPZc + C4bgrLDiQ8uev5VCt4POilrnjfcBNzgOFxWZ5uneTwM6tLhOj9uaylJEtDbW2XrF + ocm8cGrYkS4c1x77mz/eYfJUJQFhTVGp29QTIiIHglP7W67LLq4qMvREvRhGTovd + AT4KUOEXRgcPzHhbcVNeu2/ekKGHAubpjFfqxW7Y9zRTOXeSwyDnVbh+jg/VBGIV + 2BQZnUqNSQIHVeHQCoI3ugdSsqK5Gf1z9cKqpeNfwo+JK72NTC+nH2d5ypRksTzv + VoTrFrv0P2qtKkhI79zY3ezw3HjCf6osKz9/EAYgzGH1Ix4WD3jjc1gqePiHYYlL + EQV4HkwmarmMNrNA8qRDhKCTK4G7CS6btOcSsCM3y1lYbkubaOncIACSWIJ1uAMJ + SEY30YYtOw2PPWstaWdy8MMZK8/MAXGEkt10OBpai7AdFZq8Oyz6xmLpgVIsWPbt + UI8BvkKmFhMU2EHKUbe0qe5M1r218dsrOjPk99QI99iazMG34hyxQB8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; scardanelli = { owner = config.krebs.users.kmein; nets = { @@ -228,6 +261,7 @@ in { ip4.addr = "10.243.2.2"; aliases = [ "scardanelli.r" + "scardanelli.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -477,6 +511,8 @@ in { mail = "macxylo@gmail.com"; pubkey = ssh-for "raute"; }; + rtjure = { + }; sokratess = { }; ulrich = { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 5a766664f..39d738337 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -485,5 +485,28 @@ in { }; }; }; + doctor = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.doctor.nets.retiolum.ip4.addr + config.krebs.hosts.doctor.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.186"; + aliases = [ "doctor.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx0zdjPX9C0fBQR+8kdlsBTuMr4KxWhqw4ARqW02oSGKJxY+D57oO + ORVfjBhrvIiZJfXaY0M+/n+M4Bvt4r5ol3N1NxkT7vc0bAbz9Kk/0M8dlspNoSO9 + WW+mITVfxg/DgzDegjj4TOrsWC1jBjo4PVrvA+PnxZC4VucnqZZ55JHWAk/mPtzs + PUc3mkn3e9pwwrJMQRy7qg9fbatljHCb/fJoDk6DiQP4ZRE/pCf4OYCx7huHibsd + EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv + KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2a75cc1bb..d2a945284 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -95,6 +95,7 @@ in { }; wiregrill = { via = internet; + ip4.addr = "10.244.1.103"; ip6.addr = w6 "1"; aliases = [ "prism.w" @@ -104,6 +105,7 @@ in { subnets = [ (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR + "10.244.1.0/24" ]; }; }; @@ -196,6 +198,7 @@ in { }; wiregrill = { ip6.addr = w6 "50da"; + ip4.addr = "10.244.1.4"; aliases = [ "shodan.w" ]; @@ -554,6 +557,7 @@ in { phone = { nets = { wiregrill = { + ip4.addr = "10.244.1.13"; ip6.addr = w6 "a"; aliases = [ "phone.w" diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp index 0c7791ce8..d7b3c29c5 100644 --- a/krebs/3modules/lass/pgp/yubikey.pgp +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -35,30 +35,30 @@ N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs 8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE -cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ -EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA -CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2 -ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP -ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h -UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L -4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5 -c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz -efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv -aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S -LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D -MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE -P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl -Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z -7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj -8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa -QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc -Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d -7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL -5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont -2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut -senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw -dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE -5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML +cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB +dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc +z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu +L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+ +zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ +g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi +qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz +U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO +93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8 +SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX +xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO +JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw +/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj +AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK +IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT +KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB +uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ +wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx +MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ +D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D +duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ +5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31 +ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG +5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd @@ -69,19 +69,19 @@ qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk 5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW -kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb -zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke -D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj -nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs -dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk -Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E -i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f -06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P -60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc -0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV -u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/ -MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ -z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97 +kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW +IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds +D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc +OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+ +NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz +0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN +kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE +saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4 +6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw +73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc +MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL +pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx +WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97 rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a @@ -92,18 +92,18 @@ pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh 81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN 6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO -Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN -dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP -/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF -rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3 -Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+ -VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk -EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty -keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw -uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB -vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw -JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4 -gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx -z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq -=U2Jf +Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh +BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP ++gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/ +Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X +qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG +qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb +YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt +Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq +eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt +Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k +nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt +Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC +QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7 +=h9fX -----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index 00e346f8e..a3640caa5 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -48,7 +48,7 @@ let }; urlShortenerHost = mkOption { type = types.str; - default = "go"; + default = "go.r"; description = "what server to use for url shortening, host"; }; urlShortenerPort = mkOption { diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 67454d1f7..978939f69 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -3,6 +3,14 @@ with import <stockholm/lib>; cfg = config.krebs.secret; in { options.krebs.secret = { + directory = mkOption { + default = toString <secrets>; + type = types.absolute-pathname; + }; + file = mkOption { + default = relpath: "${cfg.directory}/${relpath}"; + readOnly = true; + }; files = mkOption { type = with types; attrsOf secret-file; default = {}; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index c86fda05d..6a09cc834 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -52,7 +52,7 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_rsa>; + ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa"; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; au = { @@ -79,7 +79,7 @@ in { }; }; secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; mu = { @@ -103,7 +103,7 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu"; }; ni = { @@ -177,7 +177,7 @@ in { }; }; secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; wu = { @@ -203,7 +203,7 @@ in { }; }; secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; querel = { @@ -262,7 +262,7 @@ in { }; }; secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; zu = { diff --git a/krebs/5pkgs/simple/flameshot-once/profile.nix b/krebs/5pkgs/simple/flameshot-once/profile.nix index 4427e5b23..5aed99597 100644 --- a/krebs/5pkgs/simple/flameshot-once/profile.nix +++ b/krebs/5pkgs/simple/flameshot-once/profile.nix @@ -118,7 +118,7 @@ let type = types.bool; }; timeout = mkOption { - default = 100; + default = 200; description = '' Maximum time in milliseconds allowed for the flameshot daemon to react. diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 057983fec..72a314ba9 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -104,7 +104,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD10C1_E_SNOW') & fetch_older_days 7 chlora-raw.jpg $(get_neo_url \ 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MY1DMM_CHLORA') & - fetch_older_days 3 fire-raw.jpg $(get_neo_url \ + fetch_older_days 7 fire-raw.jpg $(get_neo_url \ 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') & # regular fetches diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 35e74c3b1..22c33bd66 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { - "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38", - "date": "2020-08-20T19:08:02+02:00", - "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v", + "url": "https://github.com/NixOS/nixpkgs", + "rev": "007126eef72271480cb7670e19e501a1ad2c1ff2", + "date": "2020-10-20T10:30:15+10:00", + "sha256": "1rfvw560vp2wn3dxdhqn1rk1fgk0ak9lnqm2dqpnsrkl4b8ay9mq", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 363d68583..161a099e5 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { - "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "42674051d12540d4a996504990c6ea3619505953", - "date": "2020-09-06T21:21:08-04:00", - "sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy", + "url": "https://github.com/NixOS/nixpkgs", + "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1", + "date": "2020-10-20T09:32:31+02:00", + "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh index 592023f20..ab04914c1 100755 --- a/krebs/update-nixpkgs-unstable.sh +++ b/krebs/update-nixpkgs-unstable.sh @@ -2,7 +2,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ - --url https://github.com/NixOS/nixpkgs-channels \ + --url https://github.com/NixOS/nixpkgs \ --rev refs/heads/nixos-unstable' \ > $dir/nixpkgs-unstable.json newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index bb4b54793..b0ffb6adc 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -2,7 +2,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ - --url https://github.com/NixOS/nixpkgs-channels \ + --url https://github.com/NixOS/nixpkgs \ --rev refs/heads/nixos-20.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index c46bb351e..f6dc23d20 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -17,27 +17,6 @@ with import <stockholm/lib>; networking.nameservers = [ "1.1.1.1" ]; - services.restic.backups = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - initialize = true; - extraOptions = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - repository = "sftp:backup@${dest}.r:/backups/blue"; - passwordFile = (toString <secrets>) + "/restic/${dest}"; - timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; - paths = [ - "/home/" - "/var/lib" - ]; - }); - time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index c3a8ea6c8..79fbe4c97 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -18,6 +18,7 @@ with import <stockholm/lib>; gitAndTools.hub nix-review firefox + ag ]; services.openssh.forwardX11 = true; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c1ceb0633..b03d95c49 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -126,8 +126,6 @@ with import <stockholm/lib>; remmina transmission - iodine - macchanger dpass diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 2f3a68442..a9108104b 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -23,7 +23,7 @@ services.udev.extraRules = '' SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:4f:42:35", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:37:15:d9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 33ec21e72..b335353be 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -272,9 +272,9 @@ with import <stockholm/lib>; resolveLocalQueries = false; extraConfig= '' - listen-address=42:1:ce16::1 + listen-address=42:1:ce16::1,10.244.1.103 except-interface=lo - interface=wg0 + interface=wiregrill ''; }; } @@ -284,7 +284,10 @@ with import <stockholm/lib>; ]; } { - services.murmur.enable = true; + services.murmur = { + enable = true; + bandwidth = 10000000; + }; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 7458f5ffd..1a3bee850 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -55,6 +55,16 @@ fsType = "zfs"; }; + fileSystems."/var/realwallpaper/archive" = { + device = "tank/wallpaper"; + fsType = "zfs"; + }; + + fileSystems."/home/xanf" = { + device = "/dev/disk/by-id/wwn-0x500a07511becb076"; + fsType = "ext4"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 39a4d9661..55e91b0e4 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -10,7 +10,7 @@ loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.lusksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; diff --git a/lass/1systems/wizard/run-vm.sh b/lass/1systems/wizard/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/1systems/wizard/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix index c7a27102a..165b9f14d 100644 --- a/lass/1systems/wizard/test.nix +++ b/lass/1systems/wizard/test.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ - ./default.nix + ./config.nix ]; virtualisation.emptyDiskImages = [ 8000 diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index e4a4fb505..8c4362865 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -41,22 +41,6 @@ displayManager.lightdm.autoLogin.user = "lass"; }; - services.syncthing.declarative = { - folders = { - the_playlist = { - path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; - }; - }; - }; - krebs.permown = { - "/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; - }; - }; - boot.blacklistedKernelModules = [ "xpad" ]; systemd.services.xboxdrv = { wantedBy = [ "multi-user.target" ]; @@ -93,7 +77,15 @@ }; }; - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + # config.General.Disable = "Headset"; + extraConfig = '' + [General] + Disable = Headset + ''; + }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' # load-module module-bluetooth-policy diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index bc3b1f5d5..d400697d7 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -172,7 +172,7 @@ with import <stockholm/lib>; client dev tun proto udp - remote 89.249.65.83 1194 + remote 185.230.127.27 1194 resolv-retry infinite remote-random nobind @@ -195,7 +195,6 @@ with import <stockholm/lib>; fast-io cipher AES-256-CBC auth SHA512 - <ca> -----BEGIN CERTIFICATE----- MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index baf93ffe5..e92ddbcca 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -72,10 +72,11 @@ in { git-preview gnome3.dconf iodine + libarchive lm_sensors ncdu nix-index - nix-review + nixpkgs-review nmap pavucontrol ponymix @@ -92,6 +93,8 @@ in { xsel zathura (pkgs.writeDashBin "screenshot" '' + set -efu + ${pkgs.flameshot-once}/bin/flameshot-once ${pkgs.klem}/bin/klem '') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 718a92e9c..7aabf0931 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -49,54 +49,54 @@ in { }; - systemd.services = builtins.listToAttrs (map (host: - let - in nameValuePair "sync-blue-${host}" { - bindsTo = [ "container@blue.service" ]; - wantedBy = [ "container@blue.service" ]; - # ssh needed for rsync - path = [ pkgs.openssh ]; - serviceConfig = { - Restart = "always"; - RestartSec = 10; - ExecStart = pkgs.writeDash "sync-blue-${host}" '' - set -efu - #make sure blue is running - /run/wrappers/bin/ping -c1 blue.r > /dev/null + #systemd.services = builtins.listToAttrs (map (host: + # let + # in nameValuePair "sync-blue-${host}" { + # bindsTo = [ "container@blue.service" ]; + # wantedBy = [ "container@blue.service" ]; + # # ssh needed for rsync + # path = [ pkgs.openssh ]; + # serviceConfig = { + # Restart = "always"; + # RestartSec = 10; + # ExecStart = pkgs.writeDash "sync-blue-${host}" '' + # set -efu + # #make sure blue is running + # /run/wrappers/bin/ping -c1 blue.r > /dev/null - #make sure the container is unlocked - ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + # #make sure the container is unlocked + # ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' - #make sure our target is reachable - ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + # #make sure our target is reachable + # ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null - #start sync - ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' - settings { - nodaemon = true, - inotifyMode = "CloseWrite or Modify", - } - sync { - default.rsyncssh, - source = "/var/lib/containers/.blue", - host = "${host}.r", - targetdir = "/var/lib/containers/.blue", - rsync = { - archive = true, - owner = true, - group = true, - }; - ssh = { - binary = "${pkgs.openssh}/bin/ssh"; - identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", - }, - } - ''} - ''; - }; - unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - } - ) remote_hosts); + # #start sync + # ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + # settings { + # nodaemon = true, + # inotifyMode = "CloseWrite or Modify", + # } + # sync { + # default.rsyncssh, + # source = "/var/lib/containers/.blue", + # host = "${host}.r", + # targetdir = "/var/lib/containers/.blue", + # rsync = { + # archive = true, + # owner = true, + # group = true, + # }; + # ssh = { + # binary = "${pkgs.openssh}/bin/ssh"; + # identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + # }, + # } + # ''} + # ''; + # }; + # unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + # } + #) remote_hosts); environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index a4000cada..15408a200 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -26,6 +26,8 @@ with (import <stockholm/lib>); { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";} ]; systemd.services.chat = let @@ -64,4 +66,9 @@ with (import <stockholm/lib>); ExecStop = "${tmux} kill-session -t IM"; }; }; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ae2754c96..f59988b75 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -44,7 +44,15 @@ with import <stockholm/lib>; config.krebs.users.lass-yubikey.pubkey ]; }; + nix = { + isNormalUser = true; + uid = genid_uint31 "nix"; + openssh.authorizedKeys.keys = [ + config.krebs.hosts.mors.ssh.pubkey + ]; + }; }; + nix.trustedUsers = ["nix"]; } { environment.variables = { @@ -212,4 +220,7 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; + + # use 24:00 time format, the default got sneakily changed around 20.03 + i18n.defaultLocale = mkDefault "C.UTF-8"; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 82839beba..797864b15 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -2,8 +2,6 @@ to = concatStringsSep "," [ "lass@blue.r" - "lass@xerxes.r" - "lass@mors.r" ]; mails = [ @@ -110,6 +108,12 @@ "auschein@lassul.us" "tleech@lassul.us" "durstexpress@lassul.us" + "acme@lassul.us" + "antstore@lassul.us" + "openweather@lassul.us" + "lobsters@lassul.us" + "rewe@lassul.us" + "spotify@lassul.us" ]; in { diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 0ddb63a03..f9c61c461 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -4,5 +4,6 @@ with import <stockholm/lib>; { nix.gc = { automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); + options = "--delete-older-than 15d"; }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index eba68c0bc..edec2dcb4 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -58,6 +58,10 @@ let cgit.desc = "url shortener"; cgit.section = "software"; }; + grib2json-bin = { + cgit.desc = "build jar of grib2json"; + cgit.section = "deployment"; + }; krebspage = { cgit.desc = "homepage of krebs"; cgit.section = "configuration"; diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 0cccbc30e..6cccab4b3 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -1,38 +1,44 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; -{ +let + + cname = "green"; + cryfs = pkgs.cryfs.overrideAttrs (old: { + patches = [ + (pkgs.writeText "file_mode.patch" '' + --- a/src/cryfs/filesystem/CryNode.cpp + +++ b/src/cryfs/filesystem/CryNode.cpp + @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const { + result.uid = fspp::uid_t(getuid()); + result.gid = fspp::gid_t(getgid()); + #endif + - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag(); + + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();; + result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE; + //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..") + result.nlink = 1; + '') + ] ++ old.patches; + }); + +in { imports = [ <stockholm/lass/2configs/container-networking.nix> <stockholm/lass/2configs/syncthing.nix> - { #hack for already defined - systemd.services."container@green".reloadIfChanged = mkForce false; - systemd.services."container@green".preStart = '' - ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' - ''; - systemd.services."container@green".postStop = '' - set -x - ${pkgs.umount}/bin/umount /var/lib/containers/green - ls -la /dev/mapper/control - ${pkgs.devicemapper}/bin/dmsetup ls - ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img - ''; - } ]; - services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ]; - krebs.permown."/var/lib/sync-containers" = { - owner = "root"; - group = "syncthing"; - umask = "0007"; - }; + programs.fuse.userAllowOther = true; - system.activationScripts.containerPermissions = '' - mkdir -p /var/lib/containers - chmod 711 /var/lib/containers - ''; + services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ]; + # krebs.permown."/var/lib/sync-containers/${cname}" = { + # owner = "root"; + # group = "syncthing"; + # umask = "0007"; + # }; - containers.green = { + systemd.services."container@green".reloadIfChanged = mkForce false; + containers.${cname} = { config = { ... }: { environment.systemPackages = [ pkgs.git @@ -42,41 +48,52 @@ with import <stockholm/lib>; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; + system.activationScripts.fuse = { + text = '' + ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 + ''; + deps = []; + }; }; + allowedDevices = [ + { modifier = "rwm"; node = "/dev/fuse"; } + ]; autoStart = false; enableTun = true; privateNetwork = true; - hostAddress = "10.233.2.15"; - localAddress = "10.233.2.16"; + hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs + localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs }; environment.systemPackages = [ - (pkgs.writeDashBin "start-green" '' - set -fu - CONTAINER='green' - IMAGE='/var/lib/sync-containers/green.img' - - ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null - if [ "$?" -ne 0 ]; then - ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" - fi - - mkdir -p /var/lib/containers/"$CONTAINER" + (pkgs.writeDashBin "start-${cname}" '' + set -euf - ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " - if [ "$?" -ne 0 ]; then - ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + mkdir -p /var/lib/containers/${cname}/var/state + chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state + if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then + /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \ + ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions fi - STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname}) if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + ${pkgs.nixos-container}/bin/nixos-container start ${cname} fi - ping -c1 green.r - if [ "$?" -ne 0 ]; then - ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + + if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then + ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" '' + mkdir -p /var/state/var_src + ln -sf state/var_Src /var/src + nixos-rebuild -I /var/src switch + ''} fi + '') + (pkgs.writeDashBin "stop-${cname}" '' + set -euf + ${pkgs.nixos-container}/bin/nixos-container stop ${cname} + ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state '') ]; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index a48c61a69..66d430cd1 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -23,6 +23,7 @@ with import ./lib.nix { inherit lib; }; # extraComponents = [ "hue" ]; }; configWritable = true; + lovelaceConfigWritable = true; }; lass.hass.config = let diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index b5da9221c..16227fcb6 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -5,4 +5,35 @@ with import ../lib.nix { inherit lib; }; lass.hass.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; + + lass.hass.love = { + resources = [{ + url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + type = "js"; + }]; + views = [{ + title = "bett"; + cards = [ + { + type = "markdown"; + title = "hello world"; + content = "This is just a test"; + } + { + type = "light"; + entity = "light.${lights.bett}"; + } + { + type = "custom:light-entity-card"; + entity = "light.${lights.bett}"; + } + { + type = "history-graph"; + entities = [ + "light.${lights.bett}" + ]; + } + ]; + }]; + }; } diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 89b119347..31f9787e0 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -5,7 +5,7 @@ ]; boot = { - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda3"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; extraModulePackages = [ @@ -47,9 +47,10 @@ services.logind.lidSwitchDocked = "ignore"; services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - STOP_CHARGE_THRESH_BAT0=95 - ''; + #services.tlp.extraConfig = '' + # START_CHARGE_THRESH_BAT0=80 + # STOP_CHARGE_THRESH_BAT0=95 + #''; + services.xserver.dpi = 80; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 174c1ab5e..98affdd83 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -107,10 +107,12 @@ let set mailcap_path = ${mailcap} # notmuch - set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir + set folder="$HOME/Maildir" + set nm_default_uri = "notmuch://$HOME/Maildir" set nm_record = yes set nm_record_tags = "-inbox me archive" - set virtual_spoolfile=yes # enable virtual folders + set spoolfile = +Inbox + set virtual_spoolfile = yes set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail @@ -132,8 +134,8 @@ let # V ''} %r |" - virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" virtual-mailboxes "Unread" "notmuch://?query=tag:unread" + virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" virtual-mailboxes "Starred" "notmuch://?query=tag:*" @@ -200,9 +202,15 @@ let macro pager ] ,@1 'Toggle indexbar # sidebar + set sidebar_divider_char = '│' + set sidebar_delim_chars = "/" + set sidebar_short_path + set sidebar_folder_indent + set sidebar_visible = yes + set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?' set sidebar_width = 20 - set sidebar_visible = yes # set to "no" to disable sidebar view at startup - color sidebar_new yellow default + color sidebar_new yellow red + # sidebar bindings bind index <left> sidebar-prev # got to previous folder in sidebar bind index <right> sidebar-next # got to next folder in sidebar @@ -229,7 +237,6 @@ in { mutt pkgs.notmuch pkgs.muchsync - pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 5d7bfed60..210551a62 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv --no-config --script=${autosub} "$@" + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" '') pkgs.mpv ]; diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 23cab8e6e..0cf62ec0b 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -7,7 +7,17 @@ with import <stockholm/lib>; locations."/".extraConfig = '' client_max_body_size 4G; proxy_set_header Host $host; - proxy_pass http://localhost:9081; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; + ''; + locations."/image".extraConfig = /* nginx */ '' + client_max_body_size 40M; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; ''; }; services.nginx.virtualHosts."p.krebsco.de" = { @@ -19,21 +29,36 @@ with import <stockholm/lib>; return 403; } proxy_set_header Host $host; - proxy_pass http://localhost:9081; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; + ''; + locations."/image".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; ''; }; + krebs.htgen.paste = { port = 9081; script = toString [ "PATH=${makeBinPath [ pkgs.nix + pkgs.file ]}:$PATH" "STATEDIR=$HOME" ". ${pkgs.htgen}/examples/paste" ]; }; + krebs.htgen.imgur = { + port = 7771; + script = /* sh */ '' + (. ${pkgs.htgen-imgur}/bin/htgen-imgur) + ''; + }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9081"; target = "ACCEPT";} ]; } diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6245691fe..3e8d12381 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -12,7 +12,16 @@ let music_dir = "/home/radio/music"; add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" | grep -v '/other/' | grep '\.ogg$' | shuf -n1 | sed 's,${music_dir}/,,')" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \ + | grep -Ev '/other/|/.graveyard/' \ + | grep '\.ogg$' \ + | shuf -n1 \ + | sed 's,${music_dir}/,,' \ + )" + ''; + + get_current_track_position = pkgs.writeDash "get_current_track_position" '' + ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }' ''; skip_track = pkgs.writeBashBin "skip_track" '' @@ -28,8 +37,8 @@ let ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track" echo skipping: "$track_infos" skip_count: "$skip_count" else - mkdir -p "$music_dir"/.graveyard/ - mv "$music_dir"/"$current_track" "$music_dir"/.graveyard/ + mkdir -p "$music_dir"/the_playlist/.graveyard/ + mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/ echo killing: "$track_infos" fi ${pkgs.mpc_cli}/bin/mpc -q next @@ -62,10 +71,18 @@ let print_current_json = pkgs.writeDashBin "print_current_json" '' ${pkgs.jq}/bin/jq -n -c \ --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \ + --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \ + --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \ --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \ + --arg position "$(${get_current_track_position})" \ + --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \ --arg youtube "$(${track_youtube_link})" '{ name: $name, + artist: $artist, + title: $title, filename: $filename, + position: $position, + length: $length, youtube: $youtube }' ''; @@ -193,7 +210,7 @@ in { timeLeft () { playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + currentTime=$(${get_current_track_position}) expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -221,9 +238,11 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do + listeners=$(${pkgs.curl}/bin/curl 'http://localhost:8000/status-json.xsl' \ + | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add') echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${write_to_irc} "playing: $track" + ${write_to_irc} "playing: $track listeners: $listeners" done ''; in { diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index eae31aec4..2b9811959 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -13,7 +13,11 @@ nixpkgs.config.steam.java = true; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; - users.users.games.packages = [ pkgs.steam ]; + users.users.games.packages = [ (pkgs.steam.override { + extraPkgs = p: with p; [ + gnutls # needed for Halo MCC + ]; + }) ]; #ports for inhome streaming krebs.iptables = { diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 5397c2ca6..7758b860d 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -31,5 +31,6 @@ in { owner = "lass"; group = "syncthing"; umask = "0002"; + keepGoing = true; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index bd113567f..a177a0228 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,6 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "aldonasiech.com" "www.aldonasiech.com" ]) + (servePage [ "apanowicz.de" "www.apanowicz.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "freemonkey.art" @@ -34,7 +35,6 @@ in { (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" - "apanowicz.de" "nirwanabluete.de" "ubikmedia.eu" "youthtube.xyz" @@ -42,7 +42,6 @@ in { "weirdwednesday.de" "jarugadesign.de" - "www.apanowicz.de" "www.nirwanabluete.de" "www.ubikmedia.eu" "www.youthtube.xyz" @@ -52,7 +51,6 @@ in { "www.jarugadesign.de" "aldona2.ubikmedia.de" - "apanowicz.ubikmedia.de" "cinevita.ubikmedia.de" "factscloud.ubikmedia.de" "illucloud.ubikmedia.de" @@ -93,6 +91,7 @@ in { services.nextcloud = { enable = true; hostName = "o.xanf.org"; + package = pkgs.nextcloud18; config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; overwriteProtocol = "https"; @@ -107,6 +106,10 @@ in { # MAIL STUFF # TODO: make into its own module + + # workaround for android 7 + security.acme.certs."lassul.us".keyType = "rsa4096"; + services.dovecot2 = { enable = true; mailLocation = "maildir:~/Mail"; @@ -131,18 +134,16 @@ in { server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "dma@ubikmedia.de"; to = "domsen"; } { from = "dma@ubikmedia.eu"; to = "domsen"; } { from = "mail@habsys.de"; to = "domsen"; } { from = "mail@habsys.eu"; to = "domsen"; } + { from = "hallo@apanowicz.de"; to = "domsen"; } { from = "bruno@apanowicz.de"; to = "bruno"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } - { from = "akayguen@freemonkey.art"; to ="akayguen"; } - { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "hallo@jarugadesign.de"; to ="kasia"; } @@ -153,9 +154,14 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "apanowicz.de" "alewis.de" "jarugadesign.de" ]; + dkim = [ + { domain = "ubikmedia.eu"; } + { domain = "apanowicz.de"; } + ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index baeac213b..74585a6f8 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -61,7 +61,7 @@ in { pubkey = config.krebs.users.lass.pubkey; }; in '' - alias ${initscript}; + alias ${initscript}/bin/init; ''; locations."= /blue.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; @@ -69,6 +69,9 @@ in { locations."= /mors.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; + locations."= /yubi.pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 02d7ffc8c..5cb019c13 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,7 @@ in { ]; createHome = true; packages = [ - pkgs.wine - pkgs.winetricks + pkgs.wineMinimal ]; }; }; diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 05964eb51..e65cdd97d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -122,14 +122,15 @@ case $TERM in (*xterm* | *rxvt*) function precmd { - PROMPT_EVALED="$(print -P $TITLE)" + PROMPT_EVALED=$(print -P "$TITLE") echo -ne "\033]0;$$ $PROMPT_EVALED\007" } - # This is seen while the shell waits for a command to complete. - function preexec { - PROMPT_EVALED="$(print -P $TITLE)" - echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" - } + # This seems broken for some reason + # # This is seen while the shell waits for a command to complete. + # function preexec { + # PROMPT_EVALED=$(print -P "$TITLE") + # echo -ne "\033]0;$$ $PROMPT_EVALED $1\007" + # } ;; esac ''; diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix index 30158e78a..96521aaa9 100644 --- a/lass/3modules/hass.nix +++ b/lass/3modules/hass.nix @@ -22,6 +22,22 @@ in { }; in valueType; }; + love = mkOption { + default = {}; + type = with lib.types; let + valueType = nullOr (oneOf [ + bool + int + float + str + (attrsOf valueType) + (listOf valueType) + ]) // { + description = "Yaml value"; + emptyValue.value = {}; + }; + in valueType; + }; }; config = @@ -29,6 +45,7 @@ in { mkIf (cfg.config != {}) { services.home-assistant.config = cfg.config; + # services.home-assistant.lovelaceConfig = cfg.love; }; } diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index e6d4b0664..5a741353d 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -19,6 +19,8 @@ import System.Environment (getArgs, lookupEnv) import System.Exit (exitFailure) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) +import Data.Ratio + import XMonad.Actions.CopyWindow (copy, copyToAll, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) @@ -29,14 +31,17 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) +import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>)) +import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Layout.Grid (Grid(..)) import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) +import XMonad.ManageHook (composeAll) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) @@ -76,7 +81,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = floatHooks <+> floatNextHook + , manageHook = floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -88,14 +93,17 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile) + defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) -floatHooks :: Query (Endo WindowSet) -floatHooks = composeOne - [ className =? "Pinentry" -?> doCenterFloat - , title =? "fzfmenu" -?> doCenterFloat - , title =? "glxgears" -?> doCenterFloat - , resource =? "Dialog" -?> doFloat +floatHooks = composeAll + [ className =? "Pinentry" --> doCenterFloat + , title =? "fzfmenu" --> doCenterFloat + , title =? "glxgears" --> doCenterFloat + , resource =? "Dialog" --> doFloat + , title =? "Upload to Imgur" --> + doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8)) + , placeHook (smart (1,0)) + , floatNextHook ] myKeyMap :: [([Char], X ())] @@ -105,7 +113,6 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-S-p", spawn "${pkgs.otpmenu}/bin/otpmenu") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") - , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix index 440e160d0..3ce635dac 100644 --- a/lass/5pkgs/emot-menu/default.nix +++ b/lass/5pkgs/emot-menu/default.nix @@ -29,6 +29,6 @@ writeDashBin "emoticons" '' data=$(${coreutils}/bin/cat ${emoticons}) emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') - ${xdotool}/bin/xdotool type -- "$emoticon" + ${xdotool}/bin/xdotool type --clearmodifiers -- "$emoticon" exit 0 '' diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index cbcfe2c00..ee49951b1 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -2,10 +2,10 @@ with lib; -pkgs.writeScript "init" '' +pkgs.writeScriptBin "init" '' #!/usr/bin/env nix-shell - #! nix-shell -i bash -p jq parted libxfs - set -efu + #! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs + set -xefuo pipefail disk=$1 @@ -14,12 +14,12 @@ pkgs.writeScript "init" '' exit 2 fi + bootdev="$disk"2 luksdev="$disk"3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} - bootdev=/dev/sda2 rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home @@ -35,15 +35,13 @@ pkgs.writeScript "init" '' # dd if=/dev/zero bs=512 count=34 of=/dev/sda # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted -s -a optimal "$disk" \ - mklabel gpt \ - mkpart no-fs 0 1024KiB \ - set 1 bios_grub on \ - mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - mkpart primary 1025MiB 100% + sgdisk -og "$disk" + sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk" + sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk" + sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk" fi - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then echo zonk2 exit 23 fi @@ -58,7 +56,6 @@ pkgs.writeScript "init" '' if ! test -e "$luksmap"; then echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then pvcreate "$luksmap" @@ -68,11 +65,7 @@ pkgs.writeScript "init" '' lvchange -a y /dev/mapper/"$vgname" - if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi - - # lvchange -a n "$vgname" - + if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi # # formatting @@ -82,35 +75,23 @@ pkgs.writeScript "init" '' mkfs.vfat "$bootdev" fi - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then mkfs.xfs "$rootdev" fi - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.xfs "$homedev" - fi - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mkdir -p /mnt mount "$rootdev" /mnt fi if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then mkdir -m 0000 -p /mnt/boot mount "$bootdev" /mnt/boot fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - - # umount -R /mnt # # dependencies for stockholm # - nix-env -iA nixos.git - # TODO: get sentinal file from target_path mkdir -p /mnt/var/src touch /mnt/var/src/.populate @@ -119,7 +100,7 @@ pkgs.writeScript "init" '' # print all the infos # - parted "$disk" print + gdisk -l "$disk" lsblk "$disk" echo READY. diff --git a/lass/5pkgs/init/run-vm.sh b/lass/5pkgs/init/run-vm.sh new file mode 100755 index 000000000..13914ad5f --- /dev/null +++ b/lass/5pkgs/init/run-vm.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -efu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f vm-nogui --run diff --git a/lass/5pkgs/init/test.nix b/lass/5pkgs/init/test.nix new file mode 100644 index 000000000..e76e7e009 --- /dev/null +++ b/lass/5pkgs/init/test.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + virtualisation.emptyDiskImages = [ + 8000 + ]; + virtualisation.memorySize = 1500; + boot.tmpOnTmpfs = true; + + environment.systemPackages = [ + (pkgs.callPackage ./default.nix {}) + ]; + services.mingetty.autologinUser = lib.mkForce "root"; +} diff --git a/lass/5pkgs/init/test.sh b/lass/5pkgs/init/test.sh new file mode 100755 index 000000000..0ceaa73ca --- /dev/null +++ b/lass/5pkgs/init/test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -xefu + +WD=$(realpath $(dirname "$0")) +TMPDIR=$(mktemp -d) +cd "$TMPDIR" +nixos-generate -c "$WD"/test.nix -f vm-nogui --run "$@" +cd - +rm -r "$TMPDIR" diff --git a/lass/krops.nix b/lass/krops.nix index 5927b0062..128c9ee04 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,8 +11,9 @@ { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + shallow = true; }; secrets = if test then { file = toString ./2configs/tests/dummy-secrets; diff --git a/lib/default.nix b/lib/default.nix index f02959bba..be9f60f3b 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -60,13 +60,17 @@ let }.${typeOf x}; mapNixDir1 = f: dirPath: + let + toPackageName = name: + if test "^[0-9].*" name then "_${name}" else name; + in listToAttrs (map (relPath: let name = removeSuffix ".nix" relPath; path = dirPath + "/${relPath}"; in - nameValuePair name (f path)) + nameValuePair (toPackageName name) (f path)) (filter (name: name != "default.nix" && !hasPrefix "." name) (attrNames (readDir dirPath)))); diff --git a/lib/types.nix b/lib/types.nix index 3eda2262f..689a2c807 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -116,6 +116,10 @@ rec { type = listOf hostname; default = []; }; + mac = mkOption { + type = nullOr str; + default = null; + }; ip4 = mkOption { type = nullOr (submodule { options = { diff --git a/makefu/krops.nix b/makefu/krops.nix index bf2a7a19a..213af0497 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -48,7 +48,7 @@ } (lib.mkIf (host-src.unstable) { nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; + url = "https://github.com/nixos/nixpkgs"; ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; }; }) diff --git a/tv/1systems/au/config.nix b/tv/1systems/au/config.nix index fc4b216f5..3891b7570 100644 --- a/tv/1systems/au/config.nix +++ b/tv/1systems/au/config.nix @@ -3,6 +3,7 @@ ./disks.nix <stockholm/tv> <stockholm/tv/2configs/hw/x220.nix> + <stockholm/tv/2configs/ppp.nix> <stockholm/tv/2configs/retiolum.nix> ]; diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 9db35184a..2d813fe32 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,7 +1,7 @@ with import <stockholm/lib>; { config, pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = mkDefault pkgs.linuxPackages_latest; boot.tmpOnTmpfs = true; @@ -68,18 +68,13 @@ with import <stockholm/lib>; ]; environment.shellAliases = mkForce { - # alias cal='cal -m3' gp = "${pkgs.pari}/bin/gp -q"; df = "df -h"; du = "du -h"; - # alias grep='grep --color=auto' # TODO alias cannot contain #\' # "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep"; - # alias la='ls -lA' - lAtr = "ls -lAtr"; - # alias ll='ls -l' ls = "ls -h --color=auto --group-directories-first"; dmesg = "dmesg -L --reltime"; view = "vim -R"; diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 9cc7568a5..ff61f943f 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,9 +1,25 @@ -{ pkgs, ... }: { - - # usage: pppd call default - - environment.etc."ppp/peers/default".text = '' - /dev/ttyACM2 +{ config, pkgs, ... }: let + lib = import <stockholm/lib>; + cfg = { + pin = "@${toString <secrets/o2.pin>}"; + ttys.ppp = "/dev/ttyACM0"; + ttys.com = "/dev/ttyACM1"; + }; +in { + assertions = [ + { + assertion = config.networking.resolvconf.enable; + message = "ppp configuration needs resolvconf"; + } + ]; + environment.etc."ppp/ip-up".source = pkgs.writeDash "ppp.ip-up" '' + ${pkgs.openresolv}/bin/resolvconf -a "$IFNAME" < /etc/ppp/resolv.conf + ''; + environment.etc."ppp/ip-down".source = pkgs.writeDash "ppp.ip-down" '' + ${pkgs.openresolv}/bin/resolvconf -fd "$IFNAME" + ''; + environment.etc."ppp/peers/o2".text = /* sh */ '' + ${cfg.ttys.ppp} 921600 crtscts defaultroute @@ -16,17 +32,53 @@ passive persist usepeerdns - connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" '' + connect "${pkgs.ppp}/bin/chat ''${DEBUG+-v} -Ss -f ${pkgs.writeText "o2.chat" /* sh */ '' ABORT "BUSY" ABORT "NO CARRIER" REPORT CONNECT - "" "ATDT*99#" - CONNECT + "*EMRDY: 1" + ATZ OK + AT+CFUN=1 OK + ${cfg.pin} TIMEOUT 2 ERROR-AT-OK + AT+CGDCONT=1,\042IP\042,\042internet\042 OK + ATDT*99***1# CONNECT ''}" ''; - - environment.systemPackages = [ - pkgs.ppp + users.users.root.packages = [ + (pkgs.writeDashBin "connect" '' + # usage: + # connect wlan + # connect wwan [PEERNAME] + set -efu + rfkill_wlan=/sys/class/rfkill/rfkill2 + rfkill_wwan=/sys/class/rfkill/rfkill1 + case $1 in + wlan) + ${pkgs.procps}/bin/pkill pppd || : + echo 0 > "$rfkill_wwan"/state + echo 1 > "$rfkill_wlan"/state + ;; + wwan) + name=''${2-o2} + echo 0 > "$rfkill_wlan"/state + echo 1 > "$rfkill_wwan"/state + ${pkgs.ppp}/bin/pppd call "$name" updetach + ;; + *) + echo "$0: error: bad arguments: $*" >&2 + exit 1 + esac + '') + (pkgs.writeDashBin "modem-send" '' + # usage: modem-send ATCOMMAND + set -efu + tty=${lib.shell.escape cfg.ttys.com} + exec <"$tty" + printf '%s\r\n' "$1" >"$tty" + ${pkgs.gnused}/bin/sed -E ' + /^OK\r?$/q + /^ERROR\r?$/q + ' + '') ]; - } diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix index 25468f23e..79af5b01f 100644 --- a/tv/2configs/sshd.nix +++ b/tv/2configs/sshd.nix @@ -1,10 +1,22 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; - -{ +{ config, ... }: let + cfg.host = config.krebs.build.host; +in { services.openssh = { enable = true; }; tv.iptables.input-internet-accept-tcp = singleton "ssh"; + tv.iptables.extra.nat.OUTPUT = [ + "-o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22" + ]; + tv.iptables.extra4.nat.PREROUTING = [ + "-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT" + ]; + tv.iptables.extra6.nat.PREROUTING = [ + "-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT" + ]; + tv.iptables.extra.nat.PREROUTING = [ + "-p tcp --dport 22 -j REDIRECT --to-ports 0" + "-p tcp --dport 11423 -j REDIRECT --to-ports 22" + ]; } diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 4e9e30741..032df5d90 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -6,6 +6,19 @@ let configDir = "/var/empty"; dataDir = "/run/xdg/${cfg.user.name}/xmonad"; user = config.krebs.build.user; + xmonad.pkg = pkgs.haskellPackages.xmonad-tv.overrideAttrs (_: { + au = { + XMONAD_BUILD_SCREEN_WIDTH = 1920; + XMONAD_BUILD_TERM_FONT_WIDTH = 10; + XMONAD_BUILD_TERM_FONT = "xft:Input Mono:size=12:style=Regular"; + XMONAD_BUILD_TERM_PADDING = 2; + }; + }.${config.krebs.build.host.name} or { + XMONAD_BUILD_SCREEN_WIDTH = 1366; + XMONAD_BUILD_TERM_FONT_WIDTH = 6; + XMONAD_BUILD_TERM_FONT = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + XMONAD_BUILD_TERM_PADDING = 2; + }); }; in { @@ -51,7 +64,7 @@ in { systemd.services.display-manager.enable = false; systemd.services.xmonad = let - xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad"; + xmonad = "${cfg.xmonad.pkg}/bin/xmonad"; xmonad-start = pkgs.writeDash "xmonad-start" '' ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CACHE_DIR" ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CONFIG_DIR" diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 3974760d5..9cf0bd5a2 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -135,15 +135,8 @@ let { :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] - ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [ - "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0" - "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" - ]} - ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [ - "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" - ]} - ${formatTable cfg.extra.nat} ${formatTable cfg."extra${toString iptables-version}".nat} + ${formatTable cfg.extra.nat} COMMIT *filter :INPUT DROP [0:0] diff --git a/tv/5pkgs/haskell/th-env/default.nix b/tv/5pkgs/haskell/th-env/default.nix new file mode 100644 index 000000000..474a63b85 --- /dev/null +++ b/tv/5pkgs/haskell/th-env/default.nix @@ -0,0 +1,10 @@ +{ mkDerivation, base, stdenv, template-haskell, text }: +mkDerivation { + pname = "th-env"; + version = "1.0.0"; + src = ./.; + libraryHaskellDepends = [ base template-haskell text ]; + homepage = "https://stackoverflow.com/q/57635686"; + license = "unknown"; + hydraPlatforms = stdenv.lib.platforms.none; +} diff --git a/tv/5pkgs/haskell/th-env/src/THEnv.hs b/tv/5pkgs/haskell/th-env/src/THEnv.hs new file mode 100644 index 000000000..b04f2ce0b --- /dev/null +++ b/tv/5pkgs/haskell/th-env/src/THEnv.hs @@ -0,0 +1,49 @@ +{-# LANGUAGE TemplateHaskell #-} +module THEnv + ( + -- * Compile-time configuration + lookupCompileEnv + , lookupCompileEnvExp + , getCompileEnv + , getCompileEnvExp + , fileAsString + ) where + +import Control.Monad +import qualified Data.Text as T +import qualified Data.Text.IO as T +import Language.Haskell.TH +import Language.Haskell.TH.Syntax (Lift(..)) +import System.Environment (getEnvironment) + +-- Functions that work with compile-time configuration + +-- | Looks up a compile-time environment variable. +lookupCompileEnv :: String -> Q (Maybe String) +lookupCompileEnv key = lookup key `liftM` runIO getEnvironment + +-- | Looks up a compile-time environment variable. The result is a TH +-- expression of type @Maybe String@. +lookupCompileEnvExp :: String -> Q Exp +lookupCompileEnvExp = (`sigE` [t| Maybe String |]) . lift <=< lookupCompileEnv + -- We need to explicly type the result so that things like `print Nothing` + -- work. + +-- | Looks up an compile-time environment variable and fail, if it's not +-- present. +getCompileEnv :: String -> Q String +getCompileEnv key = + lookupCompileEnv key >>= + maybe (fail $ "Environment variable " ++ key ++ " not defined") return + +-- | Looks up an compile-time environment variable and fail, if it's not +-- present. The result is a TH expression of type @String@. +getCompileEnvExp :: String -> Q Exp +getCompileEnvExp = lift <=< getCompileEnv + +-- | Loads the content of a file as a string constant expression. +-- The given path is relative to the source directory. +fileAsString :: FilePath -> Q Exp +fileAsString = do + -- addDependentFile path -- works only with template-haskell >= 2.7 + stringE . T.unpack . T.strip <=< runIO . T.readFile diff --git a/tv/5pkgs/haskell/th-env/th-env.cabal b/tv/5pkgs/haskell/th-env/th-env.cabal new file mode 100644 index 000000000..b9a2cff39 --- /dev/null +++ b/tv/5pkgs/haskell/th-env/th-env.cabal @@ -0,0 +1,20 @@ +name: th-env +version: 1.0.0 +-- license: https://creativecommons.org/licenses/by-sa/4.0/ +license: OtherLicense +author: https://stackoverflow.com/users/9348482 +homepage: https://stackoverflow.com/q/57635686 +maintainer: tv <tv@krebsco.de> +build-type: Simple +cabal-version: >=1.10 + +library + hs-source-dirs: src + build-depends: + base, + template-haskell, + text + exposed-modules: + THEnv + default-language: Haskell2010 + ghc-options: -O2 -Wall diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix index 42eb13d41..36dffaa13 100644 --- a/tv/5pkgs/haskell/xmonad-tv/default.nix +++ b/tv/5pkgs/haskell/xmonad-tv/default.nix @@ -1,5 +1,6 @@ -{ mkDerivation, base, containers, directory, extra, stdenv, unix -, X11, xmonad, xmonad-contrib, xmonad-stockholm +{ mkDerivation, aeson, base, bytestring, containers, directory +, extra, stdenv, template-haskell, th-env, unix, X11, xmonad +, xmonad-contrib, xmonad-stockholm }: mkDerivation { pname = "xmonad-tv"; @@ -8,8 +9,8 @@ mkDerivation { isLibrary = false; isExecutable = true; executableHaskellDepends = [ - base containers directory extra unix X11 xmonad xmonad-contrib - xmonad-stockholm + aeson base bytestring containers directory extra template-haskell + th-env unix X11 xmonad xmonad-contrib xmonad-stockholm ]; license = stdenv.lib.licenses.mit; } diff --git a/tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs b/tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs new file mode 100644 index 000000000..2a3a0e523 --- /dev/null +++ b/tv/5pkgs/haskell/xmonad-tv/src/THEnv/JSON.hs @@ -0,0 +1,18 @@ +{-# LANGUAGE ScopedTypeVariables #-} + +module THEnv.JSON where + +import Data.Aeson (eitherDecode,FromJSON) +import Data.ByteString.Lazy.Char8 (pack) +import Language.Haskell.TH.Syntax (Exp,Lift(lift),Q) +import THEnv (getCompileEnv) +import Control.Monad + +getCompileEnvJSON :: (FromJSON a) => String -> Q a +getCompileEnvJSON name = + either error (id :: a -> a) . eitherDecode . pack <$> getCompileEnv name + +getCompileEnvJSONExp :: + forall proxy a. (FromJSON a, Lift a) => proxy a -> String -> Q Exp +getCompileEnvJSONExp _ = + (lift :: a -> Q Exp) <=< getCompileEnvJSON diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index c83b411bd..b8ddd27e8 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -1,4 +1,6 @@ {-# LANGUAGE LambdaCase #-} +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE TypeApplications #-} module Main (main) where @@ -32,10 +34,23 @@ import XMonad.Stockholm.Pager import XMonad.Stockholm.Shutdown import qualified Paths +import THEnv.JSON (getCompileEnvJSONExp) + myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" +myScreenWidth :: Dimension +myScreenWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_SCREEN_WIDTH") + +myTermFontWidth :: Dimension +myTermFontWidth = + $(getCompileEnvJSONExp (id @Dimension) "XMONAD_BUILD_TERM_FONT_WIDTH") + +myTermPadding :: Dimension +myTermPadding = 2 + main :: IO () main = getArgs >>= \case @@ -46,7 +61,6 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do - let width = 1366 workspaces0 <- getWorkspaces0 handleShutdownEvent <- newShutdownEventHandler launch @@ -60,8 +74,9 @@ mainNoArgs = do smartBorders $ ResizableTall 1 - (10 * 6 / width) - ((80 * 6 + 2 * (1+1+1))/width) [] + (fromIntegral (10 * myTermFontWidth) / fromIntegral myScreenWidth) + (fromIntegral (80 * myTermFontWidth + 2 * (myTermPadding + borderWidth def)) / fromIntegral myScreenWidth) + [] ||| Full , manageHook = diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal index f10bc4aeb..d07e2b159 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -9,10 +9,14 @@ cabal-version: >=1.10 executable xmonad main-is: main.hs build-depends: + aeson, base, + bytestring, containers, directory, extra, + template-haskell, + th-env, unix, X11, xmonad, @@ -20,6 +24,7 @@ executable xmonad xmonad-stockholm other-modules: Helpers.Path, - Paths + Paths, + THEnv.JSON default-language: Haskell2010 ghc-options: -O2 -Wall -threaded diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 99c1b3ec9..d18d66506 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,5 +1,18 @@ with import <stockholm/lib>; self: super: { + input-fonts = super.input-fonts.overrideAttrs (old: rec { + src = self.fetchurl { + url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; + sha256 = "1vvipqcflz4ximy7xpqy9idrdpq3a0c490hp5137r2dq03h865y0"; + }; + outputHash = null; + outputHashAlgo = null; + outputHashMode = null; + }); + + nix-prefetch-github = + self.python3Packages.callPackage ./nix-prefetch-github.nix {}; + rxvt_unicode = self.callPackage ./rxvt_unicode.nix { rxvt_unicode = super.rxvt_unicode; }; diff --git a/tv/5pkgs/override/nix-prefetch-github.nix b/tv/5pkgs/override/nix-prefetch-github.nix new file mode 100644 index 000000000..67873f929 --- /dev/null +++ b/tv/5pkgs/override/nix-prefetch-github.nix @@ -0,0 +1,47 @@ +{ fetchPypi +, lib +, buildPythonPackage +, pythonOlder +, attrs +, click +, effect +, jinja2 +, git +, pytestCheckHook +, pytest-black +, pytestcov +, pytest-isort +}: + +buildPythonPackage rec { + pname = "nix-prefetch-github"; + version = "3.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA="; + }; + + propagatedBuildInputs = [ + attrs + click + effect + jinja2 + ]; + + checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ]; + checkPhase = '' + pytest -m 'not network' + ''; + + # latest version of isort will cause tests to fail + # ignore tests which are impure + disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ]; + + meta = with lib; { + description = "Prefetch sources from github"; + homepage = "https://github.com/seppeljordan/nix-prefetch-github"; + license = licenses.gpl3; + maintainers = with maintainers; [ seppeljordan ]; + }; +} diff --git a/tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch b/tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch new file mode 100644 index 000000000..447e42f1d --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/RPi_utils.codesend.codestring.patch @@ -0,0 +1,24 @@ +--- a/RPi_utils/codesend.cpp ++++ b/RPi_utils/codesend.cpp +@@ -40,18 +40,18 @@ int main(int argc, char *argv[]) { + } + + // Change protocol and pulse length accroding to parameters +- int code = atoi(argv[1]); ++ const char *code = argv[1]; + if (argc >= 3) protocol = atoi(argv[2]); + if (argc >= 4) pulseLength = atoi(argv[3]); + + if (wiringPiSetup () == -1) return 1; +- printf("sending code[%i]\n", code); ++ printf("sending code[%s]\n", code); + RCSwitch mySwitch = RCSwitch(); + if (protocol != 0) mySwitch.setProtocol(protocol); + if (pulseLength != 0) mySwitch.setPulseLength(pulseLength); + mySwitch.enableTransmit(PIN); + +- mySwitch.send(code, 24); ++ mySwitch.send(code); + + return 0; + diff --git a/tv/5pkgs/rpi/433Utils/default.nix b/tv/5pkgs/rpi/433Utils/default.nix new file mode 100644 index 000000000..78be6de35 --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/default.nix @@ -0,0 +1,42 @@ +{ fetchFromGitHub, stdenv +, wiringPi ? WiringPi.wiringPi +, wiringPiDev ? WiringPi.wiringPiDev +, WiringPi ? rpiPackages.WiringPi +, rpiPackages +}: + +stdenv.mkDerivation { + pname = "433Utils-RPi_utils"; + version = "2018-06-07"; + + src = fetchFromGitHub (stdenv.lib.importJSON ./src.json); + + patches = [ + ./rc-switch.protocols.patch + ./RPi_utils.codesend.codestring.patch + ]; + + buildPhase = '' + runHook postBuild + + make -C RPi_utils + + runHook preBuild + ''; + + buildInputs = [ + wiringPi + wiringPiDev + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + for name in send codesend RFSniffer; do + cp RPi_utils/$name $out/bin/ + done + + runHook postInstall + ''; +} diff --git a/tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch b/tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch new file mode 100644 index 000000000..41304ef8e --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/rc-switch.protocols.patch @@ -0,0 +1,10 @@ +--- a/rc-switch/RCSwitch.cpp ++++ b/rc-switch/RCSwitch.cpp +@@ -78,6 +78,7 @@ static const RCSwitch::Protocol PROGMEM proto[] = { + { 100, { 30, 71 }, { 4, 11 }, { 9, 6 } }, // protocol 3 + { 380, { 1, 6 }, { 1, 3 }, { 3, 1 } }, // protocol 4 + { 500, { 6, 14 }, { 1, 2 }, { 2, 1 } }, // protocol 5 ++ { 136, { 1, 31 }, { 1, 3 }, { 3, 1 } }, // protocol 6 + }; + + enum { diff --git a/tv/5pkgs/rpi/433Utils/src.json b/tv/5pkgs/rpi/433Utils/src.json new file mode 100644 index 000000000..3cf232788 --- /dev/null +++ b/tv/5pkgs/rpi/433Utils/src.json @@ -0,0 +1,7 @@ +{ + "owner": "ninjablocks", + "repo": "433Utils", + "rev": "31c0ea4e158287595a6f6116b6151e72691e1839", + "sha256": "04r2qlkdsz46qgpnbizrfccz1i0qlkb1iqz0jzyq4fzvksqp9dg1", + "fetchSubmodules": true +}
\ No newline at end of file diff --git a/tv/5pkgs/rpi/WiringPi/default.nix b/tv/5pkgs/rpi/WiringPi/default.nix new file mode 100644 index 000000000..61c43556d --- /dev/null +++ b/tv/5pkgs/rpi/WiringPi/default.nix @@ -0,0 +1,61 @@ +{ fetchFromGitHub, runCommand, stdenv }: + +let + generic = name: extraAttrs: + stdenv.mkDerivation ({ + pname = "WiringPi-${name}"; + version = "2020-09-14"; + + src = fetchFromGitHub (stdenv.lib.importJSON ./src.json); + + buildPhase = '' + runHook postBuild + + make -C ${name} all + + runHook preBuild + ''; + + installPhase = '' + runHook preInstall + + export DESTDIR=$out + export PREFIX= + export LDCONFIG=true + + make -C ${name} install + + runHook postInstall + ''; + } // extraAttrs); + + fakeutils = runCommand "fakeutils-1.0" {} /* sh */ '' + mkdir -p $out/bin + for name in chown chmod; do + touch $out/bin/$name + chmod +x $out/bin/$name + done + ''; +in + +rec { + wiringPi = generic "wiringPi" {}; + wiringPiDev = generic "devLib" { + buildInputs = [ + wiringPi + ]; + }; + gpio = generic "gpio" { + preInstall = '' + # fakeutils cannot be buildInputs because they have to override existing + # executables and therefore need to be prepended to the search path. + PATH=${fakeutils}/bin:$PATH + + mkdir -p $out/bin + ''; + buildInputs = [ + wiringPi + wiringPiDev + ]; + }; +} diff --git a/tv/5pkgs/rpi/WiringPi/src.json b/tv/5pkgs/rpi/WiringPi/src.json new file mode 100644 index 000000000..edf4e8272 --- /dev/null +++ b/tv/5pkgs/rpi/WiringPi/src.json @@ -0,0 +1,6 @@ +{ + "owner": "WiringPi", + "repo": "WiringPi", + "rev": "5c6bab7d4279e8c0cc890984eaa1a69ff3af1c99", + "sha256": "1jlx7lb3ybwv06b2dpmsr718d0xj85awl1dgdqc607k50kk25mjb" +} diff --git a/tv/5pkgs/rpi/default.nix b/tv/5pkgs/rpi/default.nix new file mode 100644 index 000000000..f0ac47f6a --- /dev/null +++ b/tv/5pkgs/rpi/default.nix @@ -0,0 +1,9 @@ +let + lib = import <stockholm/lib>; +in + +self: super: + +{ + rpiPackages = lib.mapNixDir (path: self.callPackage path {}) ./.; +} diff --git a/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix new file mode 100644 index 000000000..d2f6f46b2 --- /dev/null +++ b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/default.nix @@ -0,0 +1,16 @@ +# This package is mainly intended for cross-built systems for which we cannot +# or don't want to build pkgs.rxvt_unicode for some reason. +# +# ${./rxvt-unicode-256color.terminfo} was copied from a previously built +# /run/current-system/sw/share/terminfo/r/rxvt-unicode-256color +{ runCommand }: + +runCommand "rxvt-unicode-256color-terminfo" {} /* sh */ '' + mkdir -p $out/nix-support + mkdir -p $out/share/terminfo/r + + ln -s ${./rxvt-unicode-256color.terminfo} \ + $out/share/terminfo/r/rxvt-unicode-256color + + echo "$out" >> $out/nix-support/propagated-user-env-packages +'' diff --git a/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo Binary files differnew file mode 100644 index 000000000..3f43d0d56 --- /dev/null +++ b/tv/5pkgs/simple/rxvt-unicode-256color-terminfo/rxvt-unicode-256color.terminfo diff --git a/tv/5pkgs/simple/viljetic-pages/default.nix b/tv/5pkgs/simple/viljetic-pages/default.nix index 1ae55cca7..ee07c9277 100644 --- a/tv/5pkgs/simple/viljetic-pages/default.nix +++ b/tv/5pkgs/simple/viljetic-pages/default.nix @@ -11,6 +11,7 @@ stdenv.mkDerivation { installPhase = '' mkdir -p $out cp ${./index.html} $out/index.html + convert ${./logo.xpm} $out/favicon.ico convert ${./logo.xpm} $out/favicon2.png ''; } diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index 4f3f83aaa..c121d815f 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -133,8 +133,9 @@ with import <stockholm/lib>; (writer "Jq") (writerExt "jq") ]; - javascript.extraStart = comment "jq"; + javascript.extraStart = comment "js"; lua = {}; + markdown.extraStart = writerExt "md"; #nginx = {}; python.extraStart = alts [ (comment "py") diff --git a/tv/dummy_secrets/o2.pin b/tv/dummy_secrets/o2.pin new file mode 100644 index 000000000..53a3137cd --- /dev/null +++ b/tv/dummy_secrets/o2.pin @@ -0,0 +1 @@ +AT |