From c8c6c2e6c73cb8d64fd6be7ae7174b11582a9c04 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Dec 2018 10:08:11 +0100 Subject: ma home-manager: init direnv,bat and more move old zsh confi to home-manager --- makefu/2configs/home-manager/cli.nix | 30 +++++++- makefu/2configs/home-manager/desktop.nix | 7 +- makefu/2configs/home-manager/zsh.nix | 126 +++++++++++++++++++++++++++++++ makefu/2configs/zsh-user.nix | 82 ++------------------ 4 files changed, 164 insertions(+), 81 deletions(-) create mode 100644 makefu/2configs/home-manager/zsh.nix diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix index 64aa03bd..6b5d2611 100644 --- a/makefu/2configs/home-manager/cli.nix +++ b/makefu/2configs/home-manager/cli.nix @@ -1,4 +1,5 @@ {pkgs, ... }: { + imports = [ ./zsh.nix ]; home-manager.users.makefu = { services.gpg-agent = { enable = true; @@ -9,7 +10,34 @@ enableSshSupport = true; enableScDaemon = true; }; - programs.fzf.enable = true; # alt-c + programs.direnv = { + stdlib = '' +use_nix() { + local cache=".direnv.$(nixos-version --hash)" + + if [[ ! -e "$cache" ]] || \ + [[ "$HOME/.direnvrc" -nt "$cache" ]] || \ + [[ ".envrc" -nt "$cache" ]] || \ + [[ "default.nix" -nt "$cache" ]] || \ + [[ "shell.nix" -nt "$cache" ]]; + then + local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")" + trap "rm -rf '$tmp' >/dev/null" EXIT + nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \ + mv "$tmp" "$cache" + fi + + direnv_load cat "$cache" + + if [[ $# = 0 ]]; then + watch_file default.nix + watch_file shell.nix + rm direnv.* 2>/dev/null + fi +} +''; + enableZshIntegration = true; + }; }; services.udev.packages = [ pkgs.libu2f-host diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index ce98e651..40a1c649 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -1,11 +1,13 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, ... }: { + users.users.makefu.packages = with pkgs;[ bat direnv ]; home-manager.users.makefu = { programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; programs.firefox.enable = true; + programs.obs-studio.enable = true; + xdg.enable = true; services.network-manager-applet.enable = true; - systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; services.blueman-applet.enable = true; services.pasystray.enable = true; systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); @@ -34,7 +36,6 @@ }; Service = { - Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; ExecStart = "${pkgs.clipit}/bin/clipit"; Restart = "on-abort"; }; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix new file mode 100644 index 00000000..dff6d933 --- /dev/null +++ b/makefu/2configs/home-manager/zsh.nix @@ -0,0 +1,126 @@ +{ pkgs, ... }: +{ + imports = [ + { #direnv + home-manager.users.makefu.home.packages = [ pkgs.direnv ]; + home-manager.users.makefu.home.file.".direnvrc".text = '' + use_nix() { + local path="$(nix-instantiate --find-file nixpkgs)" + + if [ -f "$${path}/.version-suffix" ]; then + local version="$(< $path/.version-suffix)" + elif [ -f "$path/.version" ]; then + local version="$(< $path/.version)" + else + local version="$(< $(< $path/.git/HEAD))" + fi + + local cache=".direnv/cache-''${version:-unknown}" + + if [[ ! -e "$cache" ]] || \ + [[ "$HOME/.direnvrc" -nt "$cache" ]] || \ + [[ .envrc -nt "$cache" ]] || \ + [[ default.nix -nt "$cache" ]] || \ + [[ shell.nix -nt "$cache" ]]; + then + [ -d .direnv ] || mkdir .direnv + local tmp=$(nix-shell --show-trace "$@" \ + --run "\"$direnv\" dump bash") + echo "$tmp" > "$cache" + fi + + local path_backup=$PATH term_backup=$TERM + direnv_load cat "$cache" + + export PATH=$PATH:$path_backup TERM=$term_backup + + if [[ $# = 0 ]]; then + watch_file default.nix + watch_file shell.nix + fi + } + ''; + home-manager.users.makefu.programs.zsh.initExtra = '' + nixify() { + if [ ! -e ./.envrc ]; then + echo "use nix" > .envrc + direnv allow + fi + if [ ! -e default.nix ]; then + cat > default.nix <<'EOF' + with import {}; + stdenv.mkDerivation { + name = "env"; + buildInputs = [ + bashInteractive + ]; + } + EOF + ${EDITOR:-vim} default.nix + fi + } + eval "$(direnv hook zsh)" + ''; + } + { # bat + home-manager.users.makefu.home.packages = [ pkgs.bat ]; + home-manager.users.makefu.programs.zsh.shellAliases = { + cat = "bat"; + catn = "${pkgs.coreutils}/bin/cat"; + }; + } + ]; + environment.pathsToLink = [ "/share/zsh" ]; + home-manager.users.makefu = { + programs.fzf.enable = false; # alt-c + programs.zsh = { + enable = true; + enableAutosuggestions = false; + enableCompletion = true; + oh-my-zsh.enable = false; + history = { + size = 900001; + save = 900001; + ignoreDups = true; + extended = true; + share = true; + }; + sessionVariables = { + TERM = "rxvt-unicode-256color"; + LANG = "en_US.UTF8"; + LS_COLORS = ":di=1;31:"; + EDITOR = "vim"; + }; + shellAliases = { + lsl = "ls -lAtr"; + t = "task"; + xo = "mimeopen"; + nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; + }; + initExtra = '' + bindkey -e + # shift-tab + bindkey '^[[Z' reverse-menu-complete + bindkey "\e[3~" delete-char + zstyle ':completion:*' menu select + + setopt HIST_IGNORE_ALL_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_FIND_NO_DUPS + + unset SSH_AGENT_PID + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + compdef _pass brain + zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; + }; + }; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 23ae572d..e0ea046c 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -1,83 +1,11 @@ { config, lib, pkgs, ... }: -## -with import ; let mainUser = config.krebs.build.user.name; in { - users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = true ; #manually at the end - interactiveShellInit = '' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - HISTFILE=$HOME/.zsh_history - - setopt HIST_IGNORE_ALL_DUPS - setopt HIST_IGNORE_SPACE - setopt HIST_FIND_NO_DUPS - bindkey -e - # shift-tab - bindkey '^[[Z' reverse-menu-complete - bindkey "\e[3~" delete-char - zstyle ':completion:*' menu select - - ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null - GPG_TTY=$(tty) - export GPG_TTY - LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS - - unset SSH_AGENT_PID - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - - # fzf - __fsel_fzf() { - local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \ - -o -type f -print \ - -o -type d -print \ - -o -type l -print 2> /dev/null | cut -b3-"}" - setopt localoptions pipefail 2> /dev/null - eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do - echo -n "''${(q)item} " - done - local ret=$? - echo - return $ret - } - - __fzf_use_tmux__() { - [ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ] - } - - __fzfcmd() { - __fzf_use_tmux__ && - echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf" - } - - fzf-file-widget() { - LBUFFER="''${LBUFFER}$(__fsel_fzf)" - local ret=$? - zle redisplay - typeset -f zle-line-init >/dev/null && zle zle-line-init - return $ret - } - zle -N fzf-file-widget - bindkey '^T' fzf-file-widget - - compdef _pass brain - zstyle ':completion::complete:brain::' prefix "$HOME/brain" - compdef _pass secrets - zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - - # ctrl-x ctrl-e - autoload -U edit-command-line - zle -N edit-command-line - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line - - ''; + enableCompletion = false; #manually at the end promptInit = '' RPROMPT="" @@ -93,8 +21,8 @@ in ''; }; - users.users.${mainUser}.packages = [ - pkgs.nix-zsh-completions - pkgs.fzf - ]; + users.users.${mainUser} = { + shell = "/run/current-system/sw/bin/zsh"; + packages = [ pkgs.nix-zsh-completions ]; + }; } -- cgit v1.2.3 From e71561caafa36ad62fee67575bcd8f95af1032b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Dec 2018 10:15:22 +0100 Subject: ma cake.r: add Mic92 ssh key to authorized keys --- krebs/1systems/wolf/config.nix | 1 + makefu/1systems/cake/config.nix | 3 +++ 2 files changed, 4 insertions(+) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 914b3805..ec883071 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -161,6 +161,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 1a617e52..2491352e 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -38,6 +38,9 @@ }) ]; networking.wireless.enable = true; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; # File systems configuration for using the installer's partition layout fileSystems = { -- cgit v1.2.3 From 1e7e39576cf9dec46b067160f5d201d1b8888f57 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Dec 2018 10:15:48 +0100 Subject: ma gum.r: disable cache.nsupdate.info --- makefu/1systems/gum/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 97b4555a..6024260d 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -124,7 +124,6 @@ in { # - -- cgit v1.2.3 From 05916b9a2273554ffe74b8d02d737de987841bd1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Dec 2018 10:17:15 +0100 Subject: ma download.binaergewitter.de: logrotate nginx logs like a babarian --- makefu/2configs/bgt/download.binaergewitter.de.nix | 30 ++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6d64848f..f223081e 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -3,6 +3,8 @@ with import ; let ident = (builtins.readFile ./auphonic.pub); + bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; + bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; in { services.openssh = { allowSFTP = true; @@ -21,6 +23,19 @@ in { useDefaultShell = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; + services.logrotate = { + enable = true; + config = '' + ${bgtaccess} ${bgterror} { + rotate 5 + weekly + create 600 nginx nginx + postrotate + ${pkgs.systemd}/bin/systemctl reload nginx + endscript + } + ''; + }; services.nginx = { enable = lib.mkDefault true; recommendedGzipSettings = true; @@ -29,10 +44,21 @@ in { serverAliases = [ "dl2.binaergewitter.de" ]; root = "/var/www/binaergewitter"; extraConfig = '' - access_log /var/spool/nginx/logs/binaergewitter.access.log combined; - error_log /var/spool/nginx/logs/binaergewitter.error.log error; + access_log ${bgtaccess} combined; + error_log ${bgterror} error; autoindex on; ''; }; }; + environment.etc."netdata/python.d/web_log.conf".text = '' + nginx_log3: + name: 'nginx' + path: '/var/spool/nginx/logs/access.log' + nginx_log4: + name: 'bgt' + path: '${bgtaccess}' + ''; + + users.users.netdata.extraGroups = [ "nginx" ]; + } -- cgit v1.2.3 From fa117593ada626b12f81b98c478fdb21ab36bc89 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Dec 2018 10:17:53 +0100 Subject: ma deployment/owncloud: open firewall ports --- makefu/2configs/deployment/owncloud.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index cfde0aba..d7c08266 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -169,6 +169,7 @@ in { ( serveCloud [ "o.euer.krebsco.de" ] ) ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.redis.enable = true; services.mysql = { enable = false; -- cgit v1.2.3 From 6044ffe3a53ab7745f413847ffe87fbf7a4d11f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Jan 2019 23:01:16 +0100 Subject: external: use unused ip for matchbox --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1363df1a..a7ec0e15 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -348,7 +348,7 @@ in { owner = config.krebs.users.Mic92; nets = { retiolum = { - ip4.addr = "10.243.29.172"; + ip4.addr = "10.243.29.176"; aliases = [ "matchbox.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3