From d6345a8b05f6882f8349edddf29c103926c134bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Sep 2018 23:31:47 +0200 Subject: ci: notify on build start --- krebs/3modules/buildbot/master.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a02f3645d..209dbe980 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -82,6 +82,7 @@ let irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}", channels=${builtins.toJSON cfg.irc.channels}, notify_events={ + 'started': 1, 'success': 1, 'failure': 1, 'exception': 1, -- cgit v1.3.1 From f23f483a8f282445aa2558ae1a820b43863e8a70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Sep 2018 23:49:43 +0200 Subject: buildbot slave: remove obsolete garbage deletion --- krebs/3modules/buildbot/slave.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index fba585448..544f9c4e0 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -160,8 +160,6 @@ let # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux - #remove garbage from old versions - rm -rf ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin -- cgit v1.3.1 From 20c69c0386df4606af544342d7de6638356572a3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 23:32:28 +0200 Subject: treewide: makefu.airdcpp -> krebs.airdcpp --- krebs/3modules/airdcpp.nix | 271 +++++++++++++++++++++++ krebs/3modules/default.nix | 1 + krebs/5pkgs/simple/airdcpp-webclient/default.nix | 27 +++ makefu/2configs/dcpp/airdcpp.nix | 14 +- makefu/3modules/airdcpp.nix | 271 ----------------------- makefu/3modules/default.nix | 1 - makefu/5pkgs/airdcpp-webclient/default.nix | 27 --- 7 files changed, 306 insertions(+), 306 deletions(-) create mode 100644 krebs/3modules/airdcpp.nix create mode 100644 krebs/5pkgs/simple/airdcpp-webclient/default.nix delete mode 100644 makefu/3modules/airdcpp.nix delete mode 100644 makefu/5pkgs/airdcpp-webclient/default.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix new file mode 100644 index 000000000..8c72680f3 --- /dev/null +++ b/krebs/3modules/airdcpp.nix @@ -0,0 +1,271 @@ +{ config, lib, pkgs, ... }: +with import ; #genid +let + cfg = config.krebs.airdcpp; + + out = { + options.krebs.airdcpp = api; + config = lib.mkIf cfg.enable imp; + }; + + api = with types;{ + enable = mkEnableOption "airdcpp"; + + package = mkOption { + type = package; + default = pkgs.airdcpp-webclient; + }; + + user = mkOption { + description = '' + user which will run airdcpp. if kept default a new user will be created + ''; + type = str; + default = "airdcpp"; + }; + extraGroups = mkOption { + description = ''extra groups for the user (only for default user)''; + type = listOf str; + default = []; + example = [ "nginx" ]; + }; + + stateDir = mkOption { + description = '' + directory for storing state (pid,config) + ''; + type = str; + default = "/var/lib/airdcpp"; + }; + hubs = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + Nick = mkOption { + description = '' + Nick Name for hub + ''; + type = str; + default = cfg.Nick; + }; + Password = mkOption { + description = '' + Password to be used + + WARNING: will be stored in plain text in /nix/store + ''; + type = str; + default = ""; + apply = lib.removeSuffix "\n"; + }; + Server = mkOption { + description = '' + URL to the hub (must be provided) + ''; + type = str; + }; + AutoConnect = mkOption { + description = '' + automatically connect to the hub + ''; + type = bool; + default = false; + }; + }; + })); + description = "hubs which should be configured via Favorites.xml, + Options are only used if no initial Favorites.xml file is provided and none exists"; + default = {}; + }; + initialFavoritesConfigFile = mkOption { + description = '' + path inital Favorites.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; + dcpp = { + Nick = mkOption { + description = '' + Nick Name for connection + ''; + type = str; + default = "kevin"; + }; + InPort = mkOption { + description = "Input Port"; + type = int; + default = 16849; + }; + UDPPort = mkOption { + description = "UDP open Port"; + type = int; + default = 16849; + }; + TLSPort = mkOption { + description = "TLS open Port"; + type = int; + default = 16869; + }; + DownloadSpeed = mkOption { + description = "Total Download Speed in Mbps/s"; + type = str; + default = "100"; + }; + UploadSpeed = mkOption { + description = "Total Upload Speed in Mbp/s"; + type = str; + default = "100"; + }; + shares = mkOption { + default = {}; + type = attrsOf (submodule ( { config, ... }: { + options = { + path = mkOption { + description = "path to the share"; + type = str; + }; + incoming = mkOption { + description = "incoming"; + type = bool; + default = false; + }; + }; + })); + }; + initialConfigFile = mkOption { + description = '' + path inital DCPlusPlus.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; + }; + web = { + port = mkOption { + description = ''web-ui port + + NOTE: once the initial config had been written to the state directory it will not be replaced + ''; + type = int; + default = 5600; + }; + initialConfigFile = mkOption { + description = '' + path inital WebServer.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; + # TODO: tlsPort + users = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + password = mkOption { + description = "password of user"; + type = str; + apply = lib.removeSuffix "\n"; + }; + permissions = mkOption { + description = "user permissions"; + type = str; + default = "admin"; + }; + }; + })); + }; + }; + }; + + imp = let + genUsers = users: concatMapStringsSep "\n" (user: + '''' ) + (mapAttrsToList (name: val: val // { inherit name; }) users); + webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' + + + + + + + ${genUsers cfg.web.users} + + + '' else cfg.web.initialConfigFile; + genHubs = hubs: concatMapStringsSep "\n" (hub: + '''' ) + (mapAttrsToList (name: val: val // { inherit name; }) hubs); + favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then + builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" '' + + + + ${genHubs cfg.hubs} + + + '' else cfg.initialFavoritesConfigFile; + genShares = shares: concatMapStringsSep "\n" (share: + ''${share.path}'' ) + (mapAttrsToList (name: val: val // { inherit name; }) shares); + dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' + + + + ${cfg.dcpp.Nick} + ${toString cfg.dcpp.InPort} + ${toString cfg.dcpp.UDPPort} + ${toString cfg.dcpp.TLSPort} + 0 + 1 + 0 + 0 + 1 + ${cfg.dcpp.DownloadSpeed} + ${cfg.dcpp.UploadSpeed} + + + ${genShares cfg.dcpp.shares} + + + + + '' else cfg.dcpp.initialConfigFile; + in { + systemd.services.airdcpp = { + description = "airdcpp webui"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + serviceConfig = { + Type = "simple"; + ExecStartPre = pkgs.writeDash "prepare-env" '' + d=${cfg.stateDir}/WebServer.xml + test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d + d=${cfg.stateDir}/DCPlusPlus.xml + test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d + d=${cfg.stateDir}/Favorites.xml + test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d + ''; + PermissionsStartOnly = true; + ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; + PrivateTmp = true; + WorkingDirectory = cfg.stateDir; + User = "${cfg.user}"; + }; + }; + users = lib.mkIf (cfg.user == "airdcpp") { + users.airdcpp = { + uid = genid "airdcpp"; + home = cfg.stateDir; + createHome = true; + inherit (cfg) extraGroups; + }; + groups.airdcpp.gid = genid "airdcpp"; + }; + }; +in +out + diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 82ae3b02e..43375ed53 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./airdcpp.nix ./announce-activation.nix ./apt-cacher-ng.nix ./backup.nix diff --git a/krebs/5pkgs/simple/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix new file mode 100644 index 000000000..361a7da65 --- /dev/null +++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl +}: +stdenv.mkDerivation rec { + name = "airdcpp-webclient-${version}"; + version = "2.3.0"; + + src = fetchurl { + url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz; + sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + mkdir -p $out/{share,bin} + cp -r * $out/share + ln -s $out/share/airdcppd $out/bin/ + ''; + + meta = with stdenv.lib; { + # to start it: airdcpp -p= -c= --configure + description = "dcpp client (statically precompiled)"; + homepage = http://fixme; + license = licenses.gpl3; + maintainers = with maintainers; [ makefu ]; + platforms = with platforms; linux; + }; +} diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index 44940812d..fe05effd9 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -1,6 +1,6 @@ { config, ... }: { - makefu.airdcpp = { + krebs.airdcpp = { enable = true; extraGroups = [ "download" ]; web.port = 5600; @@ -14,8 +14,8 @@ dcpp = { shares = { # Incoming must be writeable! - incoming = { path = config.makefu.dl-dir + "/dcpp"; incoming = true; }; - audiobooks.path = config.makefu.dl-dir + "/audiobooks"; + incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; + audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; }; Nick = "makefu"; DownloadSpeed = "1000"; @@ -23,13 +23,13 @@ }; }; networking.firewall.allowedTCPPorts = - [ config.makefu.airdcpp.dcpp.InPort - config.makefu.airdcpp.dcpp.TLSPort + [ config.krebs.airdcpp.dcpp.InPort + config.krebs.airdcpp.dcpp.TLSPort ]; - networking.firewall.allowedUDPPorts = [ config.makefu.airdcpp.dcpp.UDPPort ]; + networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = - { proxyPass = "http://localhost:${toString config.makefu.airdcpp.web.port}/"; + { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; extraConfig = '' proxy_set_header Host $host; diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix deleted file mode 100644 index 342052e70..000000000 --- a/makefu/3modules/airdcpp.nix +++ /dev/null @@ -1,271 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; #genid -let - cfg = config.makefu.airdcpp; - - out = { - options.makefu.airdcpp = api; - config = lib.mkIf cfg.enable imp; - }; - - api = with types;{ - enable = mkEnableOption "airdcpp"; - - package = mkOption { - type = package; - default = pkgs.airdcpp-webclient; - }; - - user = mkOption { - description = '' - user which will run udpt. if kept default a new user will be created - ''; - type = str; - default = "airdcpp"; - }; - extraGroups = mkOption { - description = ''extra groups for the user (only for default user)''; - type = listOf str; - default = []; - example = [ "nginx" ]; - }; - - stateDir = mkOption { - description = '' - directory for storing state (pid,config) - ''; - type = str; - default = "/var/lib/airdcpp"; - }; - hubs = mkOption { - type = attrsOf (submodule ( { config, ... }: { - options = { - Nick = mkOption { - description = '' - Nick Name for hub - ''; - type = str; - default = cfg.Nick; - }; - Password = mkOption { - description = '' - Password to be used - - WARNING: will be stored in plain text in /nix/store - ''; - type = str; - default = ""; - apply = lib.removeSuffix "\n"; - }; - Server = mkOption { - description = '' - URL to the hub (must be provided) - ''; - type = str; - }; - AutoConnect = mkOption { - description = '' - automatically connect to the hub - ''; - type = bool; - default = false; - }; - }; - })); - description = "hubs which should be configured via Favorites.xml, - Options are only used if no initial Favorites.xml file is provided and none exists"; - default = {}; - }; - initialFavoritesConfigFile = mkOption { - description = '' - path inital Favorites.xml configuration if none exists - ''; - type = nullOr path; - default = null; - }; - dcpp = { - Nick = mkOption { - description = '' - Nick Name for connection - ''; - type = str; - default = "kevin"; - }; - InPort = mkOption { - description = "Input Port"; - type = int; - default = 16849; - }; - UDPPort = mkOption { - description = "UDP open Port"; - type = int; - default = 16849; - }; - TLSPort = mkOption { - description = "TLS open Port"; - type = int; - default = 16869; - }; - DownloadSpeed = mkOption { - description = "Total Download Speed in Mbps/s"; - type = str; - default = "100"; - }; - UploadSpeed = mkOption { - description = "Total Upload Speed in Mbp/s"; - type = str; - default = "100"; - }; - shares = mkOption { - default = {}; - type = attrsOf (submodule ( { config, ... }: { - options = { - path = mkOption { - description = "path to the share"; - type = str; - }; - incoming = mkOption { - description = "incoming"; - type = bool; - default = false; - }; - }; - })); - }; - initialConfigFile = mkOption { - description = '' - path inital DCPlusPlus.xml configuration if none exists - ''; - type = nullOr path; - default = null; - }; - }; - web = { - port = mkOption { - description = ''web-ui port - - NOTE: once the initial config had been written to the state directory it will not be replaced - ''; - type = int; - default = 5600; - }; - initialConfigFile = mkOption { - description = '' - path inital WebServer.xml configuration if none exists - ''; - type = nullOr path; - default = null; - }; - # TODO: tlsPort - users = mkOption { - type = attrsOf (submodule ( { config, ... }: { - options = { - password = mkOption { - description = "password of user"; - type = str; - apply = lib.removeSuffix "\n"; - }; - permissions = mkOption { - description = "user permissions"; - type = str; - default = "admin"; - }; - }; - })); - }; - }; - }; - - imp = let - genUsers = users: concatMapStringsSep "\n" (user: - '''' ) - (mapAttrsToList (name: val: val // { inherit name; }) users); - webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' - - - - - - - ${genUsers cfg.web.users} - - - '' else cfg.web.initialConfigFile; - genHubs = hubs: concatMapStringsSep "\n" (hub: - '''' ) - (mapAttrsToList (name: val: val // { inherit name; }) cfg.hubs); - favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then - builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" '' - - - - ${genHubs cfg.hubs} - - - '' else cfg.initialFavoritesConfigFile; - genShares = shares: concatMapStringsSep "\n" (share: - ''${share.path}'' ) - (mapAttrsToList (name: val: val // { inherit name; }) shares); - dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' - - - - ${cfg.dcpp.Nick} - ${toString cfg.dcpp.InPort} - ${toString cfg.dcpp.UDPPort} - ${toString cfg.dcpp.TLSPort} - 0 - 1 - 0 - 0 - 1 - ${cfg.dcpp.DownloadSpeed} - ${cfg.dcpp.UploadSpeed} - - - ${genShares cfg.dcpp.shares} - - - - - '' else cfg.dcpp.initialConfigFile; - in { - systemd.services.airdcpp = { - description = "airdcpp webui"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - serviceConfig = { - Type = "simple"; - ExecStartPre = pkgs.writeDash "prepare-env" '' - d=${cfg.stateDir}/WebServer.xml - test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d - d=${cfg.stateDir}/DCPlusPlus.xml - test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d - d=${cfg.stateDir}/Favorites.xml - test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d - ''; - PermissionsStartOnly = true; - ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; - PrivateTmp = true; - WorkingDirectory = cfg.stateDir; - User = "${cfg.user}"; - }; - }; - users = lib.mkIf (cfg.user == "airdcpp") { - users.airdcpp = { - uid = genid "airdcpp"; - home = cfg.stateDir; - createHome = true; - inherit (cfg) extraGroups; - }; - groups.airdcpp.gid = genid "airdcpp"; - }; - }; -in -out - diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 963649c63..7146174fb 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,7 +2,6 @@ _: { imports = [ - ./airdcpp.nix ./awesome-extra.nix ./deluge.nix ./forward-journal.nix diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/makefu/5pkgs/airdcpp-webclient/default.nix deleted file mode 100644 index 361a7da65..000000000 --- a/makefu/5pkgs/airdcpp-webclient/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ stdenv, fetchurl -}: -stdenv.mkDerivation rec { - name = "airdcpp-webclient-${version}"; - version = "2.3.0"; - - src = fetchurl { - url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz; - sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1"; - }; - - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - mkdir -p $out/{share,bin} - cp -r * $out/share - ln -s $out/share/airdcppd $out/bin/ - ''; - - meta = with stdenv.lib; { - # to start it: airdcpp -p= -c= --configure - description = "dcpp client (statically precompiled)"; - homepage = http://fixme; - license = licenses.gpl3; - maintainers = with maintainers; [ makefu ]; - platforms = with platforms; linux; - }; -} -- cgit v1.3.1 From 7c4412574ac95d1c463e6c4c8c6b4da2dbea45ed Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Sep 2018 23:33:42 +0200 Subject: ma: move ssh pubkeys to files --- krebs/3modules/makefu/default.nix | 26 +++++++++++++--------- krebs/3modules/makefu/ssh/exco.pub | 1 + krebs/3modules/makefu/ssh/makefu.android.pub | 1 + krebs/3modules/makefu/ssh/makefu.bob.pub | 1 + krebs/3modules/makefu/ssh/makefu.omo.pub | 1 + .../3modules/makefu/ssh/makefu.remote-builder.pub | 1 + krebs/3modules/makefu/ssh/makefu.tempx.pub | 1 + krebs/3modules/makefu/ssh/makefu.tsp.pub | 1 + krebs/3modules/makefu/ssh/makefu.vbob.pub | 1 + krebs/3modules/makefu/ssh/makefu.x.pub | 1 + krebs/3modules/makefu/ssh/ulrich.pub | 1 + 11 files changed, 25 insertions(+), 11 deletions(-) create mode 100644 krebs/3modules/makefu/ssh/exco.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.android.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.bob.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.omo.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.remote-builder.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.tempx.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.tsp.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.vbob.pub create mode 100644 krebs/3modules/makefu/ssh/makefu.x.pub create mode 100644 krebs/3modules/makefu/ssh/ulrich.pub (limited to 'krebs/3modules') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 454f9bc65..e2e017cf5 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,7 +4,9 @@ with import ; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -{ +let + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { cores = 4; @@ -590,6 +592,7 @@ with import ; "cache.gum.r" "logs.makefu.r" "stats.makefu.r" + "dcpp.nextgum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -654,6 +657,7 @@ with import ; "wiki.gum.r" "blog.makefu.r" "blog.gum.r" + "dcpp.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -1099,48 +1103,48 @@ with import ; users = rec { makefu = { mail = "makefu@x.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; + pubkey = pub-for "makefu.x"; pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; }; makefu-omo = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; + pubkey = pub-for "makefu.omo"; }; makefu-tsp = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; + pubkey = pub-for "makefu.tsp"; }; makefu-vbob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; + pubkey = pub-for "makefu.vbob"; }; makefu-tempx = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; + pubkey = pub-for "makefu.tempx"; }; makefu-android = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; + pubkey = pub-for "makefu.android"; }; makefu-remote-builder = { inherit (makefu) mail pgp; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; + pubkey = pub-for "makefu.remote-builder"; }; makefu-bob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; + pubkey = pub-for "makefu.bob"; }; ciko = { mail = "wieczorek.stefan@googlemail.com"; }; ulrich = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de"; + pubkey = pub-for "ulrich"; mail = "shackspace.de@myvdr.de"; }; exco = { mail = "dickbutt@excogitation.de"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; + pubkey = pub-for "exco"; }; }; } diff --git a/krebs/3modules/makefu/ssh/exco.pub b/krebs/3modules/makefu/ssh/exco.pub new file mode 100644 index 000000000..cab884c0c --- /dev/null +++ b/krebs/3modules/makefu/ssh/exco.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de diff --git a/krebs/3modules/makefu/ssh/makefu.android.pub b/krebs/3modules/makefu/ssh/makefu.android.pub new file mode 100644 index 000000000..2bef2442a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.android.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x diff --git a/krebs/3modules/makefu/ssh/makefu.bob.pub b/krebs/3modules/makefu/ssh/makefu.bob.pub new file mode 100644 index 000000000..bc8718978 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.bob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD diff --git a/krebs/3modules/makefu/ssh/makefu.omo.pub b/krebs/3modules/makefu/ssh/makefu.omo.pub new file mode 100644 index 000000000..5567040fb --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.omo.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub new file mode 100644 index 000000000..ad49f380a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild diff --git a/krebs/3modules/makefu/ssh/makefu.tempx.pub b/krebs/3modules/makefu/ssh/makefu.tempx.pub new file mode 100644 index 000000000..48d90040f --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tempx.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum diff --git a/krebs/3modules/makefu/ssh/makefu.tsp.pub b/krebs/3modules/makefu/ssh/makefu.tsp.pub new file mode 100644 index 000000000..9a9c9b6f8 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tsp.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp diff --git a/krebs/3modules/makefu/ssh/makefu.vbob.pub b/krebs/3modules/makefu/ssh/makefu.vbob.pub new file mode 100644 index 000000000..c49714e24 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.vbob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob diff --git a/krebs/3modules/makefu/ssh/makefu.x.pub b/krebs/3modules/makefu/ssh/makefu.x.pub new file mode 100644 index 000000000..74b130f56 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.x.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub new file mode 100644 index 000000000..88313ee7c --- /dev/null +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -0,0 +1 @@ +AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de -- cgit v1.3.1 From 230630729c15d81f3f7f722bc9e83015dd30738b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 Sep 2018 10:35:31 +0200 Subject: airdcpp.mod: add DownloadDirectory --- krebs/3modules/airdcpp.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 8c72680f3..1633840f7 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -84,6 +84,7 @@ let default = null; }; dcpp = { + # entries in DCPlusPlus.xml Nick = mkOption { description = '' Nick Name for connection @@ -116,6 +117,11 @@ let type = str; default = "100"; }; + DownloadDirectory = mkOption { + description = "Directory, where new files will be saved into"; + type = str; + default = "${cfg.stateDir}/Download"; + }; shares = mkOption { default = {}; type = attrsOf (submodule ( { config, ... }: { @@ -218,6 +224,7 @@ let ${toString cfg.dcpp.InPort} ${toString cfg.dcpp.UDPPort} ${toString cfg.dcpp.TLSPort} + ${cfg.dcpp.DownloadDirectory} 0 1 0 -- cgit v1.3.1 From 89cb8c98e9a2b472f4f4c873dae8ed2e2433b0d1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 Sep 2018 12:11:22 +0200 Subject: ma default.nix: nextgum -> backup.makefu.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e2e017cf5..e2152ea1a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -592,6 +592,7 @@ in { "cache.gum.r" "logs.makefu.r" "stats.makefu.r" + "backup.makefu.r" "dcpp.nextgum.r" ]; tinc.pubkey = '' -- cgit v1.3.1 From 6cf8b42c0bf5b256db0bcd3c051c528052cfe5b2 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 25 Sep 2018 21:00:47 +0200 Subject: krebs: remove bln --- krebs/3modules/jeschli/default.nix | 37 ------------------------------------- 1 file changed, 37 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index ab8fe097d..c0cb601bc 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -7,43 +7,6 @@ with import ; owner = config.krebs.users.jeschli; ci = true; }) { - bln = { - nets = { - retiolum = { - ip4.addr = "10.243.27.28"; - ip6.addr = "42::28"; - aliases = [ - "bln.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02 - BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8 - tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky - FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt - PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL - acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc - BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn - lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa - NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg - 2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg - H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM - 2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o - cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt - bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU - gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv - UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2 - 0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5 - fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl - B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58 - SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp - U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ - eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; brauerei = { nets = { retiolum = { -- cgit v1.3.1 From 62314e64c259bc6bae39e2bd29ecec2c5e5ea262 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 20:57:53 +0200 Subject: remove nin --- krebs/3modules/default.nix | 1 - krebs/3modules/nin/default.nix | 111 --------- lass/1systems/prism/config.nix | 8 - nin/0tests/dummysecrets/hashedPasswords.nix | 1 - nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 ----------- nin/1systems/hiawatha/config.nix | 126 ---------- nin/1systems/onondaga/config.nix | 23 -- nin/2configs/ableton.nix | 20 -- nin/2configs/copyq.nix | 38 --- nin/2configs/default.nix | 173 -------------- nin/2configs/games.nix | 70 ------ nin/2configs/git.nix | 60 ----- nin/2configs/im.nix | 19 -- nin/2configs/retiolum.nix | 28 --- nin/2configs/skype.nix | 27 --- nin/2configs/termite.nix | 22 -- nin/2configs/vim.nix | 355 ---------------------------- nin/2configs/weechat.nix | 21 -- nin/default.nix | 7 - nin/krops.nix | 35 --- 21 files changed, 1277 deletions(-) delete mode 100644 krebs/3modules/nin/default.nix delete mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix delete mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 delete mode 100644 nin/1systems/axon/config.nix delete mode 100644 nin/1systems/hiawatha/config.nix delete mode 100644 nin/1systems/onondaga/config.nix delete mode 100644 nin/2configs/ableton.nix delete mode 100644 nin/2configs/copyq.nix delete mode 100644 nin/2configs/default.nix delete mode 100644 nin/2configs/games.nix delete mode 100644 nin/2configs/git.nix delete mode 100644 nin/2configs/im.nix delete mode 100644 nin/2configs/retiolum.nix delete mode 100644 nin/2configs/skype.nix delete mode 100644 nin/2configs/termite.nix delete mode 100644 nin/2configs/vim.nix delete mode 100644 nin/2configs/weechat.nix delete mode 100644 nin/default.nix delete mode 100644 nin/krops.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..e8c5e0457 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -111,7 +111,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import ; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..808f35b24 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -119,7 +112,6 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/nin/0tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..000000000 diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix deleted file mode 100644 index 5e81afdbd..000000000 --- a/nin/1systems/axon/config.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - - ]; - - krebs.build.host = config.krebs.hosts.axon; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/pool/root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices.crypted.device = "/dev/sda2"; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver = { - enable = true; - - displayManager.lightdm.enable = true; - }; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - atom - chromium - firefox - git - htop - keepassx - lmms - networkmanagerapplet - openvpn - python - ruby - steam - taskwarrior - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xhost}/bin/xhost + local: - ''; - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix deleted file mode 100644 index a09eed958..000000000 --- a/nin/1systems/hiawatha/config.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -with lib; - -{ - imports = [ - - - #../2configs/copyq.nix - - - - - ]; - - krebs.build.host = config.krebs.hosts.hiawatha; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = - { device = "tmpfs"; - fsType = "tmpfs"; - }; - - fileSystems."/home" = - { device = "/dev/fam/home"; - }; - - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; - fsType = "ext2"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - - # nin config - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - - networking.networkmanager.enable = true; - #networking.wireless.enable = true; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - hardware.bluetooth.enable = true; - - hardware.opengl.driSupport32Bit = true; - - #nixpkgs.config.steam.java = true; - - environment.systemPackages = with pkgs; [ - firefox - git - lmms - networkmanagerapplet - python - steam - thunderbird - vim - virtmanager - ]; - - nixpkgs.config = { - - allowUnfree = true; - - }; - - #services.logind.extraConfig = "HandleLidSwitch=ignore"; - - services.xserver.synaptics = { - enable = true; - }; - - - services.xserver.desktopManager.xfce = let - xbindConfig = pkgs.writeText "xbindkeysrc" '' - "${pkgs.pass}/bin/passmenu --type" - Control + p - ''; - in { - enable = true; - extraSessionCommands = '' - ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} - ''; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "17.03"; - -} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix deleted file mode 100644 index 3cd0773ae..000000000 --- a/nin/1systems/onondaga/config.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - - ]; - - krebs.build.host = config.krebs.hosts.onondaga; - - boot.isContainer = true; - networking.useDHCP = false; - - time.timeZone = "Europe/Amsterdam"; - - services.openssh.enable = true; -} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix deleted file mode 100644 index 343a9089d..000000000 --- a/nin/2configs/ableton.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: let - mainUser = config.users.extraUsers.nin; -in { - users.users= { - ableton = { - isNormalUser = true; - extraGroups = [ - "audio" - "video" - ]; - packages = [ - pkgs.wine - pkgs.winetricks - ]; - }; - }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(ableton) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix deleted file mode 100644 index 0616c4025..000000000 --- a/nin/2configs/copyq.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; - environment = { - DISPLAY = ":0"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - }; - }; -} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix deleted file mode 100644 index 62f499a2d..000000000 --- a/nin/2configs/default.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - imports = [ - ../2configs/vim.nix - - - { - users.extraUsers = - mapAttrs (_: h: { hashedPassword = h; }) - (import ); - } - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - nin = { - name = "nin"; - uid = 1337; - home = "/home/nin"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "audio" - "fuse" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - config.krebs.users.nin_h.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; - - krebs = { - enable = true; - search-domain = "r"; - build = { - user = config.krebs.users.nin; - }; - }; - - nix.useSandbox = true; - - users.mutableUsers = false; - - services.timesyncd.enable = true; - - #why is this on in the first place? - services.nscd.enable = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - gs = "git status"; - }; - - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - proot - pavucontrol - populate - p7zip - termite - unzip - unrar - hashPassword - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' - else - PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; - - networking.dhcpcd.extraConfig = '' - noipv4ll - ''; -} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix deleted file mode 100644 index 15e17238d..000000000 --- a/nin/2configs/games.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.users.extraUsers.mainUser; - vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum}/bin/zandronum \ - -fov 120 \ - "$@" - ''; - doom = pkgs.writeDash "doom" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ - "$@" - ''; - doom1 = pkgs.writeDashBin "doom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - doom2 = pkgs.writeDashBin "doom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - vdoom1 = pkgs.writeDashBin "vdoom1" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" - ''; - vdoom2 = pkgs.writeDashBin "vdoom2" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" - ''; - - doomservercfg = pkgs.writeText "doomserver.cfg" '' - skill 7 - #survival true - #sv_maxlives 4 - #sv_norespawn true - #sv_weapondrop true - no_jump true - #sv_noweaponspawn true - sv_sharekeys true - sv_survivalcountdowntime 1 - sv_noteamselect true - sv_updatemaster false - #sv_coop_loseinventory true - #cl_startasspectator false - #lms_spectatorview false - ''; - - vdoomserver = pkgs.writeDashBin "vdoomserver" '' - DOOM_DIR=''${DOOM_DIR:-~/doom/} - - ${pkgs.zandronum}/bin/zandronum-server \ - +exec ${doomservercfg} \ - "$@" - ''; - -in { - environment.systemPackages = with pkgs; [ - dwarf_fortress - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - - hardware.pulseaudio.support32Bit = true; - -} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix deleted file mode 100644 index aed4a9f48..000000000 --- a/nin/2configs/git.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = public-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - }; - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ nin nin_h ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix deleted file mode 100644 index b078dbd53..000000000 --- a/nin/2configs/im.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - ssh chat@onondaga - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; -} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix deleted file mode 100644 index 821e3cc00..000000000 --- a/nin/2configs/retiolum.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enable = true; - connectTo = [ - "prism" - "pigstarter" - "gum" - "flap" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; -} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix deleted file mode 100644 index 621dfae82..000000000 --- a/nin/2configs/skype.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.users.extraUsers.nin; - inherit (import ) genid; - -in { - users.extraUsers = { - skype = { - name = "skype"; - uid = genid "skype"; - description = "user for running skype"; - home = "/home/skype"; - useDefaultShell = true; - extraGroups = [ "audio" "video" ]; - createHome = true; - }; - }; - - krebs.per-user.skype.packages = [ - pkgs.skype - ]; - - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(skype) NOPASSWD: ALL - ''; -} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix deleted file mode 100644 index 942446b01..000000000 --- a/nin/2configs/termite.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.termite - ]; - - krebs.per-user.nin.packages = let - termitecfg = pkgs.writeTextFile { - name = "termite-config"; - destination = "/etc/xdg/termite/config"; - text = '' - [colors] - foreground = #d0d7d0 - background = #000000 - ''; - }; - in [ - termitecfg - ]; - -} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix deleted file mode 100644 index 7b5d37611..000000000 --- a/nin/2configs/vim.nix +++ /dev/null @@ -1,355 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - out = { - environment.systemPackages = [ - vim - pkgs.pythonPackages.flake8 - ]; - - environment.etc.vimrc.source = vimrc; - - environment.variables.EDITOR = mkForce "vim"; - environment.variables.VIMINIT = ":so /etc/vimrc"; - }; - - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set laststatus=2 - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - - extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.Syntastic - pkgs.vimPlugins.undotree - pkgs.vimPlugins.airline - (pkgs.vimUtils.buildVimPlugin { - name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; - sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; - }; - }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=041 - hi Delimiter ctermfg=251 - hi Special ctermfg=062 - - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=148 - hi NixData ctermfg=149 - hi NixQuote ctermfg=150 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "vim"; - in { - name = "vim-syntax-${name}-1.0.0"; - destination = "/syntax/${name}.vim"; - text = /* vim */ '' - ${concatMapStringsSep "\n" (s: /* vim */ '' - syn keyword vimColor${s} ${s} - \ containedin=ALLBUT,vimComment,vimLineComment - hi vimColor${s} ctermfg=${s} - '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} - ''; - }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "showsyntax"; - in { - name = "vim-plugin-${name}-1.0.0"; - destination = "/plugin/${name}.vim"; - text = /* vim */ '' - if exists('g:loaded_showsyntax') - finish - endif - let g:loaded_showsyntax = 0 - - fu! ShowSyntax() - let id = synID(line("."), col("."), 1) - let name = synIDattr(id, "name") - let transName = synIDattr(synIDtrans(id),"name") - if name != transName - let name .= " (" . transName . ")" - endif - echo "Syntax: " . name - endfu - - command! -n=0 -bar ShowSyntax :call ShowSyntax() - ''; - }))) - ]; - - dirs = { - backupdir = "$HOME/.cache/vim/backup"; - swapdir = "$HOME/.cache/vim/swap"; - undodir = "$HOME/.cache/vim/undo"; - }; - files = { - viminfo = "$HOME/.cache/vim/info"; - }; - - mkdirs = let - dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); - in assert out != ""; out; - alldirs = attrValues dirs ++ map dirOf (attrValues files); - in unique (sort lessThan alldirs); - - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - exec ${pkgs.vim}/bin/vim "$@" - ''; - - - hs.vim = pkgs.writeText "hs.vim" '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - - nix.vim = pkgs.writeText "nix.vim" '' - setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[():/;=.,?\[\]]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let - startAlts = filter isString [ - ''/\* ${lang} \*/'' - extraStart - ]; - sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; - in /* vim */ '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - unlet b:current_syntax - - syn match nix_${lang}_sigil - \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = {}; - cabal = {}; - haskell = {}; - sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - vim.extraStart = - ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - set bg=dark - ''; -in -out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix deleted file mode 100644 index 6c0fb313e..000000000 --- a/nin/2configs/weechat.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ) genid; -in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - tmux - ]; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; -} diff --git a/nin/default.nix b/nin/default.nix deleted file mode 100644 index c31d6d949..000000000 --- a/nin/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ]; -} diff --git a/nin/krops.nix b/nin/krops.nix deleted file mode 100644 index d0074840a..000000000 --- a/nin/krops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets = if test then { - file = toString ./0tests/dummysecrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - inherit target; - source = source { test = true; }; - }; -} -- cgit v1.3.1 From 67dc10646904d8286ad0a4ac8fecda99893827fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Oct 2018 21:12:36 +0200 Subject: Revert "remove nin" This reverts commit 62314e64c259bc6bae39e2bd29ecec2c5e5ea262. --- krebs/3modules/default.nix | 1 + krebs/3modules/nin/default.nix | 111 +++++++++ lass/1systems/prism/config.nix | 8 + nin/0tests/dummysecrets/hashedPasswords.nix | 1 + nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/1systems/axon/config.nix | 132 +++++++++++ nin/1systems/hiawatha/config.nix | 126 ++++++++++ nin/1systems/onondaga/config.nix | 23 ++ nin/2configs/ableton.nix | 20 ++ nin/2configs/copyq.nix | 38 +++ nin/2configs/default.nix | 173 ++++++++++++++ nin/2configs/games.nix | 70 ++++++ nin/2configs/git.nix | 60 +++++ nin/2configs/im.nix | 19 ++ nin/2configs/retiolum.nix | 28 +++ nin/2configs/skype.nix | 27 +++ nin/2configs/termite.nix | 22 ++ nin/2configs/vim.nix | 355 ++++++++++++++++++++++++++++ nin/2configs/weechat.nix | 21 ++ nin/default.nix | 7 + nin/krops.nix | 35 +++ 21 files changed, 1277 insertions(+) create mode 100644 krebs/3modules/nin/default.nix create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 create mode 100644 nin/1systems/axon/config.nix create mode 100644 nin/1systems/hiawatha/config.nix create mode 100644 nin/1systems/onondaga/config.nix create mode 100644 nin/2configs/ableton.nix create mode 100644 nin/2configs/copyq.nix create mode 100644 nin/2configs/default.nix create mode 100644 nin/2configs/games.nix create mode 100644 nin/2configs/git.nix create mode 100644 nin/2configs/im.nix create mode 100644 nin/2configs/retiolum.nix create mode 100644 nin/2configs/skype.nix create mode 100644 nin/2configs/termite.nix create mode 100644 nin/2configs/vim.nix create mode 100644 nin/2configs/weechat.nix create mode 100644 nin/default.nix create mode 100644 nin/krops.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8c5e0457..6307649e3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -111,6 +111,7 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..1531a2c89 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,111 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.nin; + ci = true; + }) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + axon= { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.134.66"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; + aliases = [ + "axon.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo + glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj + KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH + L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j + VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY + PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN + X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh + m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp + OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT + LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H + /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK + MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w + 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm + ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 + 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF + 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt + 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj + FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl + buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p + hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG + yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi + ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; + }; + onondaga = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.132.55"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; + aliases = [ + "onondaga.r" + "cgit.onondaga.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR + OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu + htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH + xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO + kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn + hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; + }; + + }; + users = { + nin = { + mail = "nin@axon.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; + }; + nin_h = { + mail = "nin@hiawatha.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 808f35b24..bf7de6fc5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,6 +57,13 @@ with import ; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -112,6 +119,7 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey ]; }; autoStart = true; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/nin/0tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 000000000..5e81afdbd --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver = { + enable = true; + + displayManager.lightdm.enable = true; + }; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + atom + chromium + firefox + git + htop + keepassx + lmms + networkmanagerapplet + openvpn + python + ruby + steam + taskwarrior + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xhost}/bin/xhost + local: + ''; + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix new file mode 100644 index 000000000..a09eed958 --- /dev/null +++ b/nin/1systems/hiawatha/config.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + ]; + + krebs.build.host = config.krebs.hosts.hiawatha; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/home" = + { device = "/dev/fam/home"; + }; + + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + firefox + git + lmms + networkmanagerapplet + python + steam + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix new file mode 100644 index 000000000..3cd0773ae --- /dev/null +++ b/nin/1systems/onondaga/config.nix @@ -0,0 +1,23 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + ]; + + krebs.build.host = config.krebs.hosts.onondaga; + + boot.isContainer = true; + networking.useDHCP = false; + + time.timeZone = "Europe/Amsterdam"; + + services.openssh.enable = true; +} diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix new file mode 100644 index 000000000..343a9089d --- /dev/null +++ b/nin/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.nin; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/nin/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import ; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix new file mode 100644 index 000000000..62f499a2d --- /dev/null +++ b/nin/2configs/default.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + imports = [ + ../2configs/vim.nix + + + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import ); + } + { + users.users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + nin = { + name = "nin"; + uid = 1337; + home = "/home/nin"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "fuse" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey + ]; + }; + }; + } + { + environment.variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) + ]; + + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores; + + krebs = { + enable = true; + search-domain = "r"; + build = { + user = config.krebs.users.nin; + }; + }; + + nix.useSandbox = true; + + users.mutableUsers = false; + + services.timesyncd.enable = true; + + #why is this on in the first place? + services.nscd.enable = false; + + boot.tmpOnTmpfs = true; + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + # multiple-definition-problem when defining environment.variables.EDITOR + environment.extraInit = '' + EDITOR=vim + ''; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + gs = "git status"; + }; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + proot + pavucontrol + populate + p7zip + termite + unzip + unrar + hashPassword + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]$PWD\[\033[0m\] ' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]$PWD\[\033[0m\] ' + else + PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] ' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + krebs.iptables = { + enable = true; + tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } + ]; + }; + }; + + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; +} diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix new file mode 100644 index 000000000..15e17238d --- /dev/null +++ b/nin/2configs/games.nix @@ -0,0 +1,70 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + vdoom = pkgs.writeDash "vdoom" '' + ${pkgs.zandronum}/bin/zandronum \ + -fov 120 \ + "$@" + ''; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + vdoom1 = pkgs.writeDashBin "vdoom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + vdoom2 = pkgs.writeDashBin "vdoom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; + + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + +in { + environment.systemPackages = with pkgs; [ + dwarf_fortress + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + ]; + + hardware.pulseaudio.support32Bit = true; + +} diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 000000000..aed4a9f48 --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin nin_h ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix new file mode 100644 index 000000000..b078dbd53 --- /dev/null +++ b/nin/2configs/im.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +with import ; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + ssh chat@onondaga + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; +} diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix new file mode 100644 index 000000000..821e3cc00 --- /dev/null +++ b/nin/2configs/retiolum.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + krebs.tinc.retiolum = { + enable = true; + connectTo = [ + "prism" + "pigstarter" + "gum" + "flap" + ]; + }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; +} diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 000000000..621dfae82 --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import ) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix new file mode 100644 index 000000000..942446b01 --- /dev/null +++ b/nin/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.nin.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; + +} diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix new file mode 100644 index 000000000..7b5d37611 --- /dev/null +++ b/nin/2configs/vim.nix @@ -0,0 +1,355 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + out = { + environment.systemPackages = [ + vim + pkgs.pythonPackages.flake8 + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set laststatus=2 + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree + pkgs.vimPlugins.airline + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; + }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 + hi Delimiter ctermfg=251 + hi Special ctermfg=062 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) + ]; + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.vim}/bin/vim "$@" + ''; + + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + set bg=dark + ''; +in +out diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix new file mode 100644 index 000000000..6c0fb313e --- /dev/null +++ b/nin/2configs/weechat.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + weechat + tmux + ]; + + users.extraUsers.chat = { + home = "/home/chat"; + uid = genid "chat"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; +} diff --git a/nin/default.nix b/nin/default.nix new file mode 100644 index 000000000..c31d6d949 --- /dev/null +++ b/nin/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./2configs + ]; +} diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 000000000..d0074840a --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) + test = { target }: pkgs.krops.writeTest "${name}-test" { + inherit target; + source = source { test = true; }; + }; +} -- cgit v1.3.1 From 031a832b5c378cc86385fcd37a1252e75d876fbc Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Oct 2018 22:02:12 +0200 Subject: l: add eve.r --- krebs/3modules/lass/default.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7d9ef5075..6b4dc3f17 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -494,6 +494,44 @@ with import ; }; }; }; + eve = { + monitoring = false; + ci = false; + external = true; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.174"; + ip6.addr = "42:4992:6a6d:a00::1"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; xerxes = { cores = 2; nets = rec { -- cgit v1.3.1