From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:00 +0100 Subject: l: move download stuff to yellow.r --- krebs/3modules/lass/default.nix | 30 +++++++++ lass/1systems/prism/config.nix | 58 ++++++++++++++++- lass/1systems/yellow/config.nix | 132 ++++++++++++++++++++++++++++++++++++++ lass/1systems/yellow/physical.nix | 8 +++ lass/2configs/downloading.nix | 65 ------------------- 5 files changed, 227 insertions(+), 66 deletions(-) create mode 100644 lass/1systems/yellow/config.nix create mode 100644 lass/1systems/yellow/physical.nix delete mode 100644 lass/2configs/downloading.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 836ecb3f..35b1e1b8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -716,6 +716,36 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; }; + yellow = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.14"; + ip6.addr = "42:0:0:0:0:0:0:14"; + aliases = [ + "yellow.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP + MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY + b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU + Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd + OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP + vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 + C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp + Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU + 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg + zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p + DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ + Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; + }; blue = { cores = 1; nets = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a9fbae69..57298b1b 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -207,7 +207,6 @@ with import ; RandomizedDelaySec = "2min"; }; } - { services.taskserver = { @@ -338,6 +337,63 @@ with import ; ]; } + { + systemd.services."container@yellow".reloadIfChanged = mkForce false; + containers.yellow = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.13"; + localAddress = "10.233.2.14"; + }; + + services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:9091; + ''; + + users.groups.download = {}; + users.users = { + download = { + createHome = true; + group = "download"; + name = "download"; + home = "/var/download"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey + makefu.pubkey + wine-mors.pubkey + ]; + }; + }; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chmod 775 /var/download + ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || : + chown download: /var/download/finished + ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || : + chown download: /var/download/incoming + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix new file mode 100644 index 00000000..ee14986a --- /dev/null +++ b/lass/1systems/yellow/config.nix @@ -0,0 +1,132 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.yellow; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chown download:download /var/download + chmod 775 /var/download + ''; + + users.users.download = { uid = genid "download"; }; + users.groups.download.members = [ "transmission" ]; + users.users.transmission.group = mkForce "download"; + + systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ]; + services.transmission = { + enable = true; + settings = { + download-dir = "/var/download/finished"; + incomplete-dir = "/var/download/incoming"; + incomplete-dir-enable = true; + umask = "002"; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + ]; + }; + + services.nginx.enable = true; + services.openvpn.servers.nordvpn.config = '' + client + dev tun + proto udp + remote 82.102.16.229 1194 + resolv-retry infinite + remote-random + nobind + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + persist-key + persist-tun + ping 15 + ping-restart 0 + ping-timer-rem + reneg-sec 0 + comp-lzo no + + explicit-exit-notify 3 + + remote-cert-tls server + + #mute 10000 + auth-user-pass ${toString } + + verb 3 + pull + fast-io + cipher AES-256-CBC + auth SHA512 + + + -----BEGIN CERTIFICATE----- + MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD + VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH + Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw + bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y + ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG + A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT + B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 + cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v + cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG + UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny + mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X + +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT + ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI + 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA + VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT + Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh + MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ + MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy + Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW + EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG + SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ + e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW + //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB + wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB + KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p + lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + -----END CERTIFICATE----- + + key-direction 1 + + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 49b2f54c6ee58d2d97331681bb577d55 + 054f56d92b743c31e80b684de0388702 + ad3bf51088cd88f3fac7eb0729f2263c + 51d82a6eb7e2ed4ae6dfa65b1ac764d0 + b9dedf1379c1b29b36396d64cb6fd6b2 + e61f869f9a13001dadc02db171f04c4d + c46d1132c1f31709e7b54a6eabae3ea8 + fbd2681363c185f4cb1be5aa42a27c31 + 21db7b2187fd11c1acf224a0d5a44466 + b4b5a3cc34ec0227fe40007e8b379654 + f1e8e2b63c6b46ee7ab6f1bd82f57837 + 92c209e8f25bc9ed493cb5c1d891ae72 + 7f54f4693c5b20f136ca23e639fd8ea0 + 865b4e22dd2af43e13e6b075f12427b2 + 08af9ffd09c56baa694165f57fe2697a + 3377fa34aebcba587c79941d83deaf45 + -----END OpenVPN Static key V1----- + + ''; +} diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix new file mode 100644 index 00000000..7499ff72 --- /dev/null +++ b/lass/1systems/yellow/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d0..00000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import ; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} -- cgit v1.2.3 From 02350fd5ece71ea018583feadba51f5936803d80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:39 +0100 Subject: l prism.r: add /var/download mount --- lass/1systems/prism/physical.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 4388c13f..116bdb92 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -25,6 +25,11 @@ fsType = "zfs"; }; + fileSystems."/var/download" = { + device = "tank/download"; + fsType = "zfs"; + }; + fileSystems."/var/lib/containers" = { device = "tank/containers"; fsType = "zfs"; -- cgit v1.2.3 From 293a82ad3b927d1f21430e9c01b0ce32bf669e36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:36:37 +0100 Subject: maintain realwallpaper in stockholm --- krebs/3modules/realwallpaper.nix | 185 ++++++++++++++++++++++++++- krebs/5pkgs/simple/realwallpaper/default.nix | 24 ---- 2 files changed, 184 insertions(+), 25 deletions(-) delete mode 100644 krebs/5pkgs/simple/realwallpaper/default.nix diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 044811c7..cb940efe 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -77,7 +77,190 @@ let serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; + ExecStart = pkgs.writeDash "generate-wallpaper" '' + set -xeuf + + # usage: getimg FILENAME URL + fetch() { + echo "fetch $1" + curl -LsS -z "$1" -o "$1" "$2" + } + + # usage: check_type FILENAME TYPE + check_type() { + if ! file -ib "$1" | grep -q "^$2/"; then + echo "$1 is not of type $2" >&2 + rm "$1" + return 1 + fi + } + + # usage: image_size FILENAME + image_size() { + identify "$1" | awk '{print$3}' + } + + # usage: make_mask DST SRC MASK + make_layer() { + if needs_rebuild "$@"; then + echo "make $1 (apply mask)" >&2 + convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" + fi + } + + # usage: flatten DST HILAYER LOLAYER + flatten() { + if needs_rebuild "$@"; then + echo "make $1 (flatten)" >&2 + composite "$2" "$3" "$1" + fi + } + + # usage: needs_rebuild DST SRC... + needs_rebuild() { + a="$1" + shift + if ! test -e "$a"; then + #echo " $a does not exist" >&2 + result=0 + else + result=1 + for b; do + if test "$b" -nt "$a"; then + #echo " $b is newer than $a" >&2 + result=0 + fi + done + fi + #case $result in + # 0) echo "$a needs rebuild" >&2;; + #esac + return $result + } + + main() { + cd ${cfg.workingDir} + + # fetch source images in parallel + fetch nightmap-raw.jpg \ + ${cfg.nightmap} & + fetch daymap-raw.png \ + ${cfg.daymap} & + fetch clouds-raw.jpg \ + ${cfg.cloudmap} & + fetch marker.json \ + ${cfg.marker} & + wait + + check_type nightmap-raw.jpg image + check_type daymap-raw.png image + check_type clouds-raw.jpg image + + in_size=2048x1024 + xplanet_out_size=1466x1200 + out_geometry=1366x768+100+160 + + nightsnow_color='#0c1a49' # nightmap + + for raw in \ + nightmap-raw.jpg \ + daymap-raw.png \ + clouds-raw.jpg \ + ; + do + normal=''${raw%-raw.*}.png + if needs_rebuild $normal $raw; then + echo "make $normal; normalize $raw" >&2 + convert $raw -scale $in_size $normal + fi + done + + # create nightmap-fullsnow + if needs_rebuild nightmap-fullsnow.png; then + convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png + fi + + # extract daymap-snowmask from daymap-final + if needs_rebuild daymap-snowmask.png daymap.png; then + convert daymap.png -threshold 95% daymap-snowmask.png + fi + + # extract nightmap-lightmask from nightmap + if needs_rebuild nightmap-lightmask.png nightmap.png; then + convert nightmap.png -threshold 25% nightmap-lightmask.png + fi + + # create layers + make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png + make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png + + # apply layers + flatten nightmap-lightsnowlayer.png \ + nightmap-lightlayer.png \ + nightmap-snowlayer.png + + flatten nightmap-final.png \ + nightmap-lightsnowlayer.png \ + nightmap.png + + # create marker file from json + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file + fi + + # make all unmodified files as final + for normal in \ + daymap.png \ + clouds.png \ + ; + do + final=''${normal%.png}-final.png + needs_rebuild $final && + ln $normal $final + done + + # rebuild every time to update shadow + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-output.png --projection merc \ + -config ${pkgs.writeText "xplanet.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + shade=15 + ''} + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + marker_file=marker_file + shade=15 + ''} + + # trim xplanet output + if needs_rebuild realwallpaper.png xplanet-output.png; then + convert xplanet-output.png -crop $out_geometry \ + realwallpaper-tmp.png + mv realwallpaper-tmp.png realwallpaper.png + fi + + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then + convert xplanet-krebs-output.png -crop $out_geometry \ + realwallpaper-krebs-tmp.png + mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png + fi + } + + main "$@" + ''; User = "realwallpaper"; }; }; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix deleted file mode 100644 index 7c981211..00000000 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchgit, xplanet, imagemagick, curl, file }: - -stdenv.mkDerivation { - name = "realwallpaper"; - - src = fetchgit { - url = https://github.com/Lassulus/realwallpaper; - rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; - sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - ]; - - installPhase = '' - mkdir -p $out - cp realwallpaper.sh $out/realwallpaper.sh - ''; -} -- cgit v1.2.3 From 2a904d988555629deb043e6641434253d544d480 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:02 +0100 Subject: l: add nordvpn@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 9bb70d1c..1ee45bb4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -93,6 +93,7 @@ with import ; { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 55efde5159ddb4c44fbac06fabd9138b197ed4c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:22 +0100 Subject: l skynet: import power-action.nix --- lass/1systems/skynet/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 14aca598..13a8b3e4 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -7,6 +7,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; -- cgit v1.2.3 From 3f5d31bb2ef3ec4b9cc53d742e9303e1577fb260 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:42 +0100 Subject: l websites: remove deprecated stuff --- lass/2configs/websites/lassulus.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b2092..6470d86f 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; -- cgit v1.2.3 From cd3b73955ef8a792ece37d33ad7de7efbac0625f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:40:59 +0100 Subject: l: RIP cabal.r --- krebs/3modules/lass/default.nix | 41 ---------------------------------------- lass/1systems/cabal/config.nix | 16 ---------------- lass/1systems/cabal/physical.nix | 12 ------------ 3 files changed, 69 deletions(-) delete mode 100644 lass/1systems/cabal/config.nix delete mode 100644 lass/1systems/cabal/physical.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 35b1e1b8..09c8ba67 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -644,47 +644,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; - cabal = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.4"; - ip6.addr = "42::1:4"; - aliases = [ - "cabal.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A - SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj - rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK - qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e - LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq - rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 - 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE - fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v - yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A - kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR - KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi - TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U - oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs - TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw - 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD - rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ - 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf - luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py - w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG - 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 - K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g - ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; - }; red = { monitoring = false; cores = 1; diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix deleted file mode 100644 index 6a8040c9..00000000 --- a/lass/1systems/cabal/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.cabal; -} diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix deleted file mode 100644 index 3cc4af03..00000000 --- a/lass/1systems/cabal/physical.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" - ''; -} -- cgit v1.2.3 From 2e81c4edeed70b9e5a94eb06be4692d757e2bce8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:43:01 +0100 Subject: l: add dummy-secret nordvpn.txt --- lass/2configs/tests/dummy-secrets/nordvpn.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/nordvpn.txt diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt new file mode 100644 index 00000000..e69de29b -- cgit v1.2.3 From 698b61efe54fac6ccba91cad9d8c2136a7569ad6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 05:23:53 +0100 Subject: l xmonad: better float --- lass/5pkgs/custom/xmonad-lass/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 3a497076..85c00875 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -38,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) @@ -84,7 +84,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks + , manageHook = floatHooks <+> floatNextHook , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -99,13 +99,12 @@ myLayoutHook = defLayout defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) floatHooks :: Query (Endo WindowSet) -floatHooks = composeAll . concat $ - [ [ title =? t --> doFloat | t <- myTitleFloats] - , [ className =? c --> doFloat | c <- myClassFloats ] ] - where - myTitleFloats = [] - myClassFloats = ["Pinentry"] -- for gpg passphrase entry - +floatHooks = composeOne + [ className =? "Pinentry" -?> doCenterFloat + , title =? "fzfmenu" -?> doCenterFloat + , title =? "glxgears" -?> doCenterFloat + , resource =? "Dialog" -?> doFloat + ] myKeyMap :: [([Char], X ())] myKeyMap = -- cgit v1.2.3 From 4122e3efd5af7fc7f827aa69b5fabb577bb4d2ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 05:24:22 +0100 Subject: l xmonad: add redshift bindings --- lass/5pkgs/custom/xmonad-lass/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 85c00875..c020f975 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -162,6 +162,9 @@ myKeyMap = , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8") + , ("M4-", spawn "${pkgs.redshift}/bin/redshift -x") + , ("", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") -- cgit v1.2.3 From cef8060bedcc33cf4b6e2781bdcbb97c2c0edba4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 07:48:49 +0100 Subject: l: override dmenu with fzfmenu --- lass/2configs/baseX.nix | 6 ++++++ lass/5pkgs/fzfmenu/default.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 lass/5pkgs/fzfmenu/default.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0..d781f8c7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix new file mode 100644 index 00000000..6b589935 --- /dev/null +++ b/lass/5pkgs/fzfmenu/default.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: + +pkgs.writeDashBin "fzfmenu" '' + set -efu + PROMPT=">" + for i in "$@" + do + case $i in + -p) + PROMPT="$2" + shift + shift + break + ;; + *) + echo "Unknown option $1" + shift + ;; + esac + done + INPUT=$(${pkgs.coreutils}/bin/cat) + OUTPUT="$(${pkgs.coreutils}/bin/mktemp)" + ${pkgs.rxvt_unicode}/bin/urxvt \ + -name fzfmenu -title fzfmenu \ + -e ${pkgs.dash}/bin/dash -c \ + "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \ + --history=/dev/null \ + --no-sort \ + --prompt=\"$PROMPT\" \ + > \"$OUTPUT\"" 2>/dev/null + ${pkgs.coreutils}/bin/cat "$OUTPUT" + ${pkgs.coreutils}/bin/rm "$OUTPUT" +'' -- cgit v1.2.3 From 7f5431a4999fea9626df300f707aa8c62de894e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 08:30:08 +0100 Subject: l prism.r: use symlinks correctly, remove incoming link --- lass/1systems/prism/config.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 57298b1b..24fa3fd7 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,10 +388,8 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download chmod 775 /var/download - ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || : + ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished - ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || : - chown download: /var/download/incoming ''; } ]; -- cgit v1.2.3 From 0db666620399b996ff2755750f45113f039a8046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 23:12:06 +0100 Subject: l binary-cache: fix nginx SSL config --- lass/2configs/binary-cache/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 86158c46..d3775b5d 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -26,6 +26,7 @@ ''; }; virtualHosts."cache.krebsco.de" = { + forceSSL = true; serverAliases = [ "cache.lassul.us" ]; enableACME = true; locations."/".extraConfig = '' -- cgit v1.2.3 From ee1080cb6e0161bfd9d3264cb100282f47e1dfa6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:17 +0100 Subject: l: disable redshift (now managed by xmonad) --- lass/1systems/icarus/config.nix | 4 ---- lass/1systems/mors/config.nix | 4 ---- 2 files changed, 8 deletions(-) diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 1957c8ba..d2d4bd3e 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -25,9 +25,5 @@ macchanger dpass ]; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; programs.adb.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cac13be2..b9aaaab2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -148,10 +148,6 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; lass.restic = genAttrs [ "daedalus" -- cgit v1.2.3 From 745906c5b3a2d9f63eb56e77eac73849479116bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:37 +0100 Subject: l mors.r: install transmission-remote --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b9aaaab2..207c7c64 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -102,6 +102,7 @@ with import ; urban mk_sql_pair remmina + transmission iodine -- cgit v1.2.3 From 7a0756c78a0d568001fa74e47c0f00aad94bd5fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:57 +0100 Subject: l prism: fix download links (again) --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 24fa3fd7..0ca39447 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,7 +388,7 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download chmod 775 /var/download - ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || : + ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; } -- cgit v1.2.3 From 1ac25c33a90e9029953f234644da4ebd31b45353 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:45:33 +0100 Subject: l yellow.r: add retiolum html listing --- lass/1systems/yellow/config.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index ee14986a..48d40511 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -32,16 +32,24 @@ with import ; }; }; + services.nginx = { + enable = true; + virtualHosts."yellow.r".locations."/dl".extraConfig = '' + autoindex on; + alias /var/download/finished; + ''; + }; + krebs.iptables = { enable = true; tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; - services.nginx.enable = true; services.openvpn.servers.nordvpn.config = '' client dev tun -- cgit v1.2.3 From 93e951f2b93fc3d3012f15fd27f9866254f90fa3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:46:17 +0100 Subject: l mail: add read/unread bindings --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9ea91ae1..36e797a9 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -174,6 +174,16 @@ let macro pager a "-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "+unread\n" + macro index u "-unread\n" + macro pager U "+unread\n" + macro pager u "-unread\n" + + bind index t noop bind pager t noop macro index t "" # tag as Archived -- cgit v1.2.3 From 99381f7c9d90fb0be074d469daca4bc433cc0126 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:47:20 +0100 Subject: l fzfmenu: make more dmenu compatible --- lass/5pkgs/custom/xmonad-lass/default.nix | 1 + lass/5pkgs/fzfmenu/default.nix | 14 +++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index c020f975..f86a4a69 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -113,6 +113,7 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix index 6b589935..905a5ce6 100644 --- a/lass/5pkgs/fzfmenu/default.nix +++ b/lass/5pkgs/fzfmenu/default.nix @@ -12,8 +12,20 @@ pkgs.writeDashBin "fzfmenu" '' shift break ;; + -l) + # no reason to filter number of lines + LINES="$2" + shift + shift + break + ;; + -i) + # we do this anyway + shift + break + ;; *) - echo "Unknown option $1" + echo "Unknown option $1" >&2 shift ;; esac -- cgit v1.2.3 From 0947c93af49acae04404589f60094cacb391554c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:59:47 +0100 Subject: l: add emot-menu --- lass/5pkgs/emot-menu/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 lass/5pkgs/emot-menu/default.nix diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix new file mode 100644 index 00000000..d5d84e45 --- /dev/null +++ b/lass/5pkgs/emot-menu/default.nix @@ -0,0 +1,31 @@ +{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let + + emoticons = writeText "emoticons" '' +¯\(°_o)/¯ | dunno lol shrug dlol +¯\_(ツ)_/¯ | dunno lol shrug dlol +( ͡° ͜ʖ ͡°) | lenny +¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol +( ゚д゚) | aaah sad noo +ヽ(^o^)丿 | hi yay hello +(^o^; | ups hehe +(^∇^) | yay +┗(`皿´)┛ | angry argh +ヾ(^_^) byebye!! | bye +<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance +(-.-)Zzz... | sleep +(∩╹□╹∩) | oh noes woot +™ | tm +ζ | zeta +(╯°□°)╯ ┻━┻ | table flip +(」゜ロ゜)」 | why woot + ''; + +in +writeDashBin "emoticons" '' + set -efu + + data=$(${coreutils}/bin/cat ${emoticons}) + emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') + ${xdotool}/bin/xdotool type -- "$emoticon" + exit 0 +'' -- cgit v1.2.3 From 2dc617874e001c25c1caceccd14ef7c1f74f73bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 21:27:29 +0100 Subject: l: RIP fritz (uses helsinki) --- lass/2configs/websites/fritz.nix | 70 ---------------------------------------- 1 file changed, 70 deletions(-) delete mode 100644 lass/2configs/websites/fritz.nix diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9e..00000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import ) - genid - head - ; - inherit (import {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} -- cgit v1.2.3 From 0d7433f8eaafc50ee5ec93aed371d9c5a196235e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:01:22 +0100 Subject: l: remove more fritz --- krebs/3modules/lass/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 09c8ba67..12345a20 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -778,9 +778,6 @@ with import ; mail = "lass@daedalus.r"; pubkey = builtins.readFile ./ssh/daedalus.rsa; }; - fritz = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; -- cgit v1.2.3 From e99f63f99801dcc1f44fff02e9c327fcd8486778 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:01:40 +0100 Subject: l shodan.r: also blue host --- lass/1systems/shodan/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 8405b0f1..87a733d6 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From c84b3c35f9f248fcf3081fa7eb0cee706fd8ebeb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:02:12 +0100 Subject: l blue-host: sync all permissions --- lass/2configs/blue-host.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index fba99674..9cf294af 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -81,6 +81,7 @@ in { host = "${host}.r", targetdir = "/var/lib/containers/.blue", rsync = { + archive = true, owner = true, group = true, }; -- cgit v1.2.3 From 82988de84c177c247ebbe80940c4d50b9f073b4e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 07:45:20 +0100 Subject: lib: genid is genid_unit32 --- lib/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 4cb0332c..348d47e8 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -13,8 +13,9 @@ let ne = x: y: x != y; mod = x: y: x - y * (x / y); - genid = import ./genid.nix { inherit lib; }; - genid_uint31 = x: ((lib.genid x) + 16777216) / 2; + genid = lib.genid_uint32; # TODO remove + genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2; + genid_uint32 = import ./genid.nix { inherit lib; }; lpad = n: c: s: if lib.stringLength s < n -- cgit v1.2.3 From 176883b37dd48c52c500c2159c00914c39b36250 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:45:56 +0100 Subject: bepasty-server: use genid_uint31 --- krebs/3modules/bepasty-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index dd29a4e1..e12367b7 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -143,12 +143,12 @@ let ) cfg.servers; users.extraUsers.bepasty = { - uid = genid "bepasty"; + uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; }; users.extraGroups.bepasty = { - gid = genid "bepasty"; + gid = genid_uint31 "bepasty"; }; }; -- cgit v1.2.3 From dec7956b534673d76848f617657b62d46f4de769 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:46:09 +0100 Subject: fetchWallpaper: use genid_uint31 --- krebs/3modules/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 5a506556..e89b86e3 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -53,7 +53,7 @@ let imp = { users.users.fetchWallpaper = { name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; + uid = genid_uint31 "fetchWallpaper"; description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; -- cgit v1.2.3 From 692271b2b9bf5de258d3d8424f273a517abaea2a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:46:19 +0100 Subject: tinc_graphs: use genid_uint31 --- krebs/3modules/tinc_graphs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 8390eccb..486a0c9c 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -124,7 +124,7 @@ let }; users.extraUsers.tinc_graphs = { - uid = genid "tinc_graphs"; + uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; services.nginx = mkIf cfg.nginx.enable { -- cgit v1.2.3 From 79e5320e6b1da4d9d3569fe2b4f42c5d9db7c641 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:47:35 +0100 Subject: l: use genid_uint31 where needed --- lass/1systems/prism/config.nix | 12 ++++++------ lass/2configs/radio.nix | 3 +-- lass/2configs/websites/lassulus.nix | 6 +++--- lass/3modules/xjail.nix | 2 +- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 0ca39447..e2097e93 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -25,7 +25,7 @@ with import ; { # TODO make new hfos.nix out of this vv boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { - uid = genid "riot"; + uid = genid_uint31 "riot"; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ @@ -44,21 +44,21 @@ with import ; } { users.users.tv = { - uid = genid "tv"; + uid = genid_uint31 "tv"; isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; }; users.users.makefu = { - uid = genid "makefu"; + uid = genid_uint31 "makefu"; isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; users.extraUsers.dritter = { - uid = genid "dritter"; + uid = genid_uint31 "dritter"; isNormalUser = true; extraGroups = [ "download" @@ -75,7 +75,7 @@ with import ; ]; }; users.users.hellrazor = { - uid = genid "hellrazor"; + uid = genid_uint31 "hellrazor"; isNormalUser = true; extraGroups = [ "download" @@ -168,7 +168,7 @@ with import ; } { users.users.jeschli = { - uid = genid "jeschli"; + uid = genid_uint31 "jeschli"; isNormalUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ jeschli.pubkey diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 85faded1..987632cd 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -5,7 +5,6 @@ with import ; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (import ) genid; admin-password = import ; source-password = import ; @@ -31,7 +30,7 @@ in { "${name}" = rec { inherit name; group = name; - uid = genid name; + uid = genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6470d86f..17af0d00 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -3,7 +3,7 @@ with lib; let inherit (import ) - genid + genid_uint31 ; in { @@ -22,7 +22,7 @@ in { krebs.tinc_graphs.enable = true; users.users.lass-stuff = { - uid = genid "lass-stuff"; + uid = genid_uint31 "lass-stuff"; description = "lassul.us blog cgi stuff"; home = "/var/empty"; }; @@ -124,7 +124,7 @@ in { }; users.users.blog = { - uid = genid "blog"; + uid = genid_uint31 "blog"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 974e11c6..f6ce7ccc 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -142,7 +142,7 @@ with import ; users.users = mapAttrs' (_: cfg: nameValuePair cfg.name { - uid = genid cfg.name; + uid = genid_uint31 cfg.name; home = "/home/${cfg.name}"; useDefaultShell = true; createHome = true; -- cgit v1.2.3 From 4d36900c6f0eedb62652d90bc362dca14d6c7b9a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 17:39:34 +0100 Subject: Reaktor: add user only if active --- krebs/3modules/Reaktor.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 677b6f7b..669483f3 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -8,7 +8,7 @@ let out = { options.krebs.Reaktor = api; - config = imp; + config = mkIf (cfg != {}) imp; }; api = mkOption { -- cgit v1.2.3 From 1f05294906e7735ead83cdf4ce9b0d6d195fa1c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 17:39:53 +0100 Subject: l archprism.r: cleanup --- lass/1systems/archprism/config.nix | 276 +------------------------------------ 1 file changed, 1 insertion(+), 275 deletions(-) diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index bed8961b..0a2ab161 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -6,26 +6,10 @@ with import ; - { - services.nginx.enable = true; - imports = [ - - - ]; - # needed by domsen.nix ^^ - lass.usershadow = { - enable = true; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } { # TODO make new hfos.nix out of this vv boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { - uid = genid "riot"; + uid = genid_uint31 "riot"; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ @@ -42,153 +26,7 @@ with import ; { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } - { - users.users.tv = { - uid = genid "tv"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.extraUsers.dritter = { - uid = genid "dritter"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - users.extraUsers.juhulian = { - uid = 1339; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - users.users.hellrazor = { - uid = genid "hellrazor"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; - }; - } - { - #hotdog - systemd.services."container@hotdog".reloadIfChanged = mkForce false; - containers.hotdog = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } - - - - - - - - - - - { # quasi bepasty.nix - imports = [ - - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - users.users.jeschli = { - uid = genid "jeschli"; - isNormalUser = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - jeschli.pubkey - jeschli-bln.pubkey - jeschli-bolide.pubkey - jeschli-brauerei.pubkey - ]; - }; - krebs.git.rules = [ - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.xmonad-stockholm ]; - perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - ]; - } - { - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - - { services.taskserver = { enable = true; @@ -201,123 +39,11 @@ with import ; { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } - # - { - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services."container@red".reloadIfChanged = mkForce false; - containers.red = { - config = { ... }: { - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - #{ - # imports = [ ]; - # lass.restic = genAttrs [ - # "daedalus" - # "icarus" - # "littleT" - # "mors" - # "shodan" - # "skynet" - # ] (dest: { - # dirs = [ - # "/home/chat/.weechat" - # "/bku/sql_dumps" - # ]; - # passwordFile = (toString ) + "/restic/${dest}"; - # repo = "sftp:backup@${dest}.r:/backups/prism"; - # extraArguments = [ - # "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - # ]; - # timerConfig = { - # OnCalendar = "00:05"; - # RandomizedDelaySec = "5h"; - # }; - # }); - #} - { - users.users.download.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+T