From 41935c401d35328054e179455a4de9732c8bbe7c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 May 2022 10:22:11 +0200 Subject: l mpv: add sponsorblock --- lass/2configs/mpv.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 854af3eb..1061ea64 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -76,15 +76,31 @@ let mp.add_key_binding('S', "download_subs", download) ''; + mpvInput = pkgs.writeText "mpv.input" '' + : script-binding console/enable + ''; + + mpvConfig = pkgs.writeText "mpv.conf" '' + ''; + mpv = pkgs.symlinkJoin { name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv \ + # we need to disable sponsorblock local database because of + # https://github.com/po5/mpv_sponsorblock/issues/31 + exec ${pkgs.mpv.override { + scripts = [ + pkgs.mpvScripts.sponsorblock + ]; + }}/bin/mpv \ -vo=gpu \ --no-config \ + --input-conf=${mpvInput} \ + --include=${mpvConfig} \ --script=${autosub} \ --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \ + --script-opts-append=sponsorblock-local_database=no \ "$@" '') pkgs.mpv -- cgit v1.2.3 From cfee9e89e7bd214e8ea9f8e2e6349c6ebc917bf1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 May 2022 13:42:45 +0200 Subject: l mpv: set youtube video size --- lass/2configs/mpv.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 1061ea64..f88d0d91 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -81,17 +81,28 @@ let ''; mpvConfig = pkgs.writeText "mpv.conf" '' + osd-font-size=20 ''; mpv = pkgs.symlinkJoin { name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' + set -efu + if [ -n "''${DISPLAY+x}" ]; then + Y_RES=$(${pkgs.xorg.xrandr}/bin/xrandr | + ${pkgs.jc}/bin/jc --xrandr | + ${pkgs.jq}/bin/jq '.screens[0].current_width' + ) + else + Y_RES=1000 + fi # we need to disable sponsorblock local database because of # https://github.com/po5/mpv_sponsorblock/issues/31 exec ${pkgs.mpv.override { - scripts = [ - pkgs.mpvScripts.sponsorblock + scripts = with pkgs.mpvScripts; [ + sponsorblock + youtube-quality ]; }}/bin/mpv \ -vo=gpu \ @@ -99,6 +110,7 @@ let --input-conf=${mpvInput} \ --include=${mpvConfig} \ --script=${autosub} \ + --ytdl-format="best[height<$Y_RES]" \ --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \ --script-opts-append=sponsorblock-local_database=no \ "$@" -- cgit v1.2.3 From 74d2ef3f26e30a065674b1d9fa911f0f8f18e05d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 May 2022 13:43:52 +0200 Subject: nixpkgs: fd3e33d -> 06db2e2 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 970ffa20..8e371efa 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879", - "date": "2022-04-30T11:27:15+02:00", - "path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs", - "sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h", + "rev": "06db2e2197401b74fcf82d4e84be15b0b5851c7b", + "date": "2022-05-22T09:30:24-05:00", + "path": "/nix/store/6s5x7d30gcc48ryc2rym3gy17r626g25-nixpkgs", + "sha256": "0p3c9gjjdr1gz55al2s5yhh59kx8fqbgzhw4cab3mqair9h84m4j", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 9777d03ec0efb7a93d7401cbeadcbb59e430b2e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 May 2022 13:57:25 +0200 Subject: nixpkgs-unstable: 2a3aac4 -> 5ce6597 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 30be112d..49d65160 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d", - "date": "2022-05-09T07:45:23+00:00", - "path": "/nix/store/56hy8l0ky71qdx5zibjzzg0q8ivkk7vc-nixpkgs", - "sha256": "0px2fk64s56qxd8ir8xg8bsj5yz1w399ps4xfkyx29n2ywp9ar7c", + "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060", + "date": "2022-05-24T17:55:48+02:00", + "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs", + "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 08887763dcf8a3e4d2a8152f051d4fa00d5b216e Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 May 2022 19:59:06 +0200 Subject: l security-workarounds: remove pkexec fix --- krebs/2configs/security-workarounds.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index 0743f2b4..b1a492f5 100644 --- a/krebs/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: with import ; { - # https://github.com/Lassulus/CVE-2021-4034 - security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); } -- cgit v1.2.3 From a6c74f87d1075d06bc9215db128479b74297ac7e Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 May 2022 20:13:03 +0200 Subject: news: youtube-dl -> yt-dlp --- krebs/2configs/news.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 1f966bf2..9e2cec10 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -164,7 +164,7 @@ if [ ''${#youtube_url} -eq 24 ]; then youtube_id=$youtube_url else - youtube_id=$(${pkgs.youtube-dl}/bin/youtube-dl --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id') + youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id') fi echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss" ''; -- cgit v1.2.3 From 9e36a59fb16d7c4eb5dacae77069403790302aa1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 May 2022 12:11:37 +0200 Subject: container-networking: NAT to con* --- krebs/2configs/container-networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix index fa448880..bf3fe711 100644 --- a/krebs/2configs/container-networking.nix +++ b/krebs/2configs/container-networking.nix @@ -1,7 +1,7 @@ { lib, ... }: { networking.nat.enable = true; - networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.internalInterfaces = ["ve-+" "ctr+" ]; networking.nat.externalInterface = lib.mkDefault "et0"; networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; } -- cgit v1.2.3 From d9fe5d46299206730e88ba61a32f4a34c6eea44c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 May 2022 12:13:38 +0200 Subject: matterbridge: remove mumble bridge --- krebs/2configs/matterbridge.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index 9c0908de..a68aa292 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -19,11 +19,6 @@ inherit Nick; }; }; - mumble.lassulus = { - Server = "lassul.us:64738"; - Nick = "krebs_bridge"; - SkipTLSVerify = true; - }; gateway = [ { name = "krebs-bridge"; @@ -37,10 +32,6 @@ account = "telegram.krebs"; channel = "-330372458"; } - { - account = "mumble.lassulus"; - channel = 6; # "nixos" - } ]; } ]; -- cgit v1.2.3 From 3c2e24df1cb4a80481fa2c123fa910692c4f21a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 May 2022 12:19:51 +0200 Subject: acl: run mkdir, skip / --- krebs/3modules/acl.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix index 9cdbb6cf..d2370649 100644 --- a/krebs/3modules/acl.nix +++ b/krebs/3modules/acl.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let parents = dir: if dir == "/" then - [ dir ] + [] else [ dir ] ++ parents (builtins.dirOf dir) ; @@ -40,13 +40,16 @@ in { pkgs.coreutils ]; serviceConfig = { - ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( - lib.mapAttrsToList (_: rule: '' - setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} - ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} - ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} - '') rules - )); + ExecStart = pkgs.writers.writeDash "acl" '' + mkdir -p "${path}" + ${lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents (builtins.dirOf path)))} + '') rules + )} + ''; RemainAfterExit = true; Type = "simple"; }; -- cgit v1.2.3 From ea3c3d52f7ddd7d770f28315b444efb0fc931ec5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 May 2022 16:20:56 +0200 Subject: agenda.r: add kri.r alias --- krebs/2configs/reaktor2.nix | 1 + krebs/3modules/krebs/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 305d3140..205cc96f 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -148,6 +148,7 @@ in { services.nginx = { virtualHosts."agenda.r" = { + serverAliases = [ "kri.r" ]; locations."= /index.html".extraConfig = '' alias ${pkgs.writeText "agenda.html" '' diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index d58f0fba..854176f0 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -74,6 +74,7 @@ in { aliases = [ "hotdog.r" "agenda.r" + "kri.r" "build.r" "build.hotdog.r" "ca.r" -- cgit v1.2.3 From c79ecd830f86d2075cfbdb5cd2221b5536e07881 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 May 2022 16:34:01 +0200 Subject: realwallpaper: don't fail on fetch error --- krebs/5pkgs/simple/realwallpaper/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 2fbc7ff8..832e47f2 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -122,7 +122,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') & # regular fetches - fetch marker.json.tmp "$marker_url" + fetch marker.json.tmp "$marker_url" || : if [ -s marker.json.tmp ]; then mv marker.json.tmp marker.json fi -- cgit v1.2.3 From 88a61c26119968fee629de120fdffe3e4d6312bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 May 2022 18:37:55 +0200 Subject: l codimd: allow embedding --- lass/2configs/codimd.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 271dcfca..b3bf1b76 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -28,6 +28,10 @@ in { params.hedgedoc = {}; }; + systemd.services.hedgedoc.environment = { + CMD_COOKIE_POLICY = "none"; + CMD_CSP_ALLOW_FRAMING = "true"; + }; services.hedgedoc = { enable = true; configuration.allowOrigin = [ domain ]; @@ -47,6 +51,7 @@ in { sslCertPath = "/var/lib/acme/${domain}/cert.pem"; sslKeyPath = "/var/lib/acme/${domain}/key.pem"; dhParamPath = config.security.dhparams.params.hedgedoc.path; + }; }; } -- cgit v1.2.3 From 4d33f2ebea49e258f833cb6eab0c71485e88397a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 00:38:45 +0200 Subject: l prism.r: add binaergewitter bot --- lass/1systems/prism/config.nix | 1 + lass/2configs/bgt-bot/bgt-check.sh | 57 ++++++++++++++++++++++++++++++++++++++ lass/2configs/bgt-bot/default.nix | 44 +++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+) create mode 100644 lass/2configs/bgt-bot/bgt-check.sh create mode 100644 lass/2configs/bgt-bot/default.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d174e605..62c6f0b7 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -124,6 +124,7 @@ with import ; + { services.tor = { enable = true; diff --git a/lass/2configs/bgt-bot/bgt-check.sh b/lass/2configs/bgt-bot/bgt-check.sh new file mode 100644 index 00000000..30185ba1 --- /dev/null +++ b/lass/2configs/bgt-bot/bgt-check.sh @@ -0,0 +1,57 @@ +#!/bin/sh +# needs in path: +# curl gnugrep jq +# creates and manages $PWD/state +set -xeuf + +send_reaktor(){ + # usage: send_reaktor "text" + echo "send_reaktor: $1" + curl -fsS "http://localhost:$REAKTOR_PORT" \ + -H content-type:application/json \ + -d "$(jq -n \ + --arg text "$1" \ + --arg channel "$IRC_CHANNEL" \ + '{ + command:"PRIVMSG", + params:[$channel,$text] + }' + )" +} + +live=$(shuf -n1 < state +fi diff --git a/lass/2configs/bgt-bot/default.nix b/lass/2configs/bgt-bot/default.nix new file mode 100644 index 00000000..6f9e3370 --- /dev/null +++ b/lass/2configs/bgt-bot/default.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: +let + + bot_port = "7654"; + irc_channel = "#binaergewitter"; +in +{ + krebs.reaktor2.bgt-announce = { + hostname = "irc.libera.chat"; + port = "6697"; + nick = "bgt-announce"; + API.listen = "inet://127.0.0.1:${bot_port}"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + irc_channel + ]; + }; + } + ]; + }; + systemd.services.check_bgt_show = { + startAt = "*:0/5"; + environment = { + IRC_CHANNEL = irc_channel; + REAKTOR_PORT = bot_port; + }; + path = with pkgs; [ + curl + gnugrep + jq + ]; + script = builtins.readFile ./bgt-check.sh; + serviceConfig = { + DynamicUser = true; + StateDirectory = "bgt-announce"; + WorkingDirectory = "/var/lib/bgt-announce"; + PrivateTmp = true; + }; + }; +} + -- cgit v1.2.3 From 68acc01108191c9ce6e71e5ec0d183c44b17abb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Mar 2022 04:22:08 +0000 Subject: build(deps): bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/repo-sync.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index b4c91299..5112f7e0 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -8,7 +8,7 @@ jobs: if: github.repository_owner == 'Mic92' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: persist-credentials: false - name: repo-sync -- cgit v1.2.3 From db7da0a5d57d64681ab999f2accd115139abe1db Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 13:28:57 +0200 Subject: l mail: use faster index_format --- lass/2configs/mail.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 4682865c..b874695a 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -144,15 +144,7 @@ let set sort=threads - set index_format="${pkgs.writeDash "mutt-index" '' - # http://www.mutt.org/doc/manual/#formatstrings - recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" - # output to mutt - # V - echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" - # args to mutt-index dash script - # V - ''} %r |" + set index_format="%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> %r %g" virtual-mailboxes "Unread" "notmuch://?query=tag:unread" virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" -- cgit v1.2.3 From a6ec22808c3cf893fdf07f08d0529aace9480664 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 13:49:18 +0200 Subject: l: add tor-ssh.nix --- lass/2configs/default.nix | 1 + lass/2configs/tor-ssh.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 lass/2configs/tor-ssh.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f03d8b56..01a40952 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,6 +10,7 @@ with import ; ./htop.nix ./wiregrill.nix + ./tor-ssh.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/tor-ssh.nix b/lass/2configs/tor-ssh.nix new file mode 100644 index 00000000..8b36733e --- /dev/null +++ b/lass/2configs/tor-ssh.nix @@ -0,0 +1,14 @@ +{ + services.tor = { + enable = true; + relay.onionServices.ssh = { + version = 3; + map = [{ + port = 22; + target.port = 22; + }]; + secretKey = ; + }; + }; +} + -- cgit v1.2.3 From e47f1e635ce255eaef8674f13aeb94f071bbb050 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:42:22 +0200 Subject: l IM: use system tmux --- lass/2configs/IM.nix | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 5b8cebf5..8567def0 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -1,38 +1,23 @@ with (import ); { config, lib, pkgs, ... }: let weechat = pkgs.weechat.override { - configure = { availablePlugins, ... }: with pkgs.weechatScripts; { - plugins = lib.attrValues (availablePlugins // { - python = availablePlugins.python.withPackages (_: [ weechat-matrix ]); - }); - scripts = [ weechat-matrix ]; + configure = { availablePlugins, ... }: { + scripts = with pkgs.weechatScripts; [ + weechat-matrix + ]; }; }; - tmux = pkgs.writeDashBin "tmux" '' - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g prefix ` - unbind-key C-b - bind ` send-prefix - - set-option -g status off - set-option -g default-terminal screen-256color - - #use session instead of windows - bind-key c new-session - bind-key p switch-client -p - bind-key n switch-client -n - bind-key C-s switch-client -l - ''} "$@" - ''; + tmux = "/run/current-system/sw/bin/tmux"; in { imports = [ ./bitlbee.nix ]; - environment.systemPackages = [ tmux weechat ]; + environment.systemPackages = [ weechat ]; systemd.services.chat = { description = "chat environment setup"; + environment.WEECHAT_HOME = "\$HOME/.weechat"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -46,8 +31,8 @@ in { User = "lass"; RemainAfterExit = true; Type = "oneshot"; - ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${weechat}/bin/weechat"; - ExecStop = "${tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat + ExecStart = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; # TODO run save in weechat }; }; } -- cgit v1.2.3 From adf9339f39a6b7700d24f51fca1c65fef37761bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:42:44 +0200 Subject: l tmux: init --- lass/2configs/default.nix | 1 + lass/2configs/tmux.nix | 29 +++++++++++++++-------------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 01a40952..0fa34013 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,6 +10,7 @@ with import ; ./htop.nix ./wiregrill.nix + ./tmux.nix ./tor-ssh.nix { users.extraUsers = diff --git a/lass/2configs/tmux.nix b/lass/2configs/tmux.nix index c977a110..10931365 100644 --- a/lass/2configs/tmux.nix +++ b/lass/2configs/tmux.nix @@ -2,25 +2,26 @@ with import ; { config, pkgs, ... }: { + environment.etc."tmux.conf".text = '' + #prefix key to ` + set-option -g prefix2 ` + + bind-key r source-file /etc/tmux.conf \; display-message "/etc/tmux.conf reloaded" + + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''; nixpkgs.config.packageOverrides = super: { tmux = pkgs.symlinkJoin { name = "tmux"; paths = [ (pkgs.writeDashBin "tmux" '' - exec ${super.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - #change prefix key to ` - set-option -g prefix ` - unbind-key C-b - bind ` send-prefix - - set-option -g default-terminal screen-256color - - #use session instead of windows - bind-key c new-session - bind-key p switch-client -p - bind-key n switch-client -n - bind-key C-s switch-client -l - ''} "$@" + exec ${super.tmux}/bin/tmux -f /etc/tmux.conf "$@" '') super.tmux ]; -- cgit v1.2.3 From 36be6e718deb889f1b48f54d38af306cb8fd6f4e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:43:40 +0200 Subject: l: add urgent command --- lass/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 0fa34013..e8ac5598 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -124,6 +124,9 @@ with import ; q rs untilport + (pkgs.writeDashBin "urgent" '' + printf '\a' + '') usbutils logify goify -- cgit v1.2.3 From 4a5f1969e3a036fbea380af7a91d1dafd4a0f246 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:44:30 +0200 Subject: l alacritty: use nicer dark theme --- lass/2configs/alacritty.nix | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix index a57dc7c2..903ddf6c 100644 --- a/lass/2configs/alacritty.nix +++ b/lass/2configs/alacritty.nix @@ -89,9 +89,40 @@ in { }; }; "themes/dark/alacritty.yaml".text = alacritty-cfg { - colors.primary = { - background = "#000000"; - foreground = "#ffffff"; + colors = { + # Default colors + primary = { + background = "0x000000"; + foreground = "0xffffff"; + }; + cursor = { + text = "0xF81CE5"; + cursor = "0xffffff"; + }; + + # Normal colors + normal = { + black = "0x000000"; + red = "0xfe0100"; + green = "0x33ff00"; + yellow = "0xfeff00"; + blue = "0x0066ff"; + magenta = "0xcc00ff"; + cyan = "0x00ffff"; + white = "0xd0d0d0"; + }; + + # Bright colors + bright = { + black = "0x808080"; + red = "0xfe0100"; + green = "0x33ff00"; + yellow = "0xfeff00"; + blue = "0x0066ff"; + magenta = "0xcc00ff"; + cyan = "0x00ffff"; + white = "0xFFFFFF"; + }; }; }; }; -- cgit v1.2.3 From e4a06794be8f8f0d02df8b07fafc2c50f220722f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:47:05 +0200 Subject: l br: add to scanner & lp group --- lass/2configs/baseX.nix | 2 +- lass/2configs/br.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 22a3037d..d33b470b 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -16,7 +16,7 @@ in { ./xmonad.nix ./themes.nix { - krebs.per-user.lass.packages = [ + users.users.mainUser.packages = [ pkgs.sshuttle ]; security.sudo.extraConfig = '' diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 6e0a2385..273a9c96 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -46,4 +46,6 @@ with import ; ]; }; + users.users.mainUser.extraGroups = [ "scanner" "lp" ]; + } -- cgit v1.2.3 From 1aa9bdfd2c969dfdb4cac3b8f41e63f060f5ae78 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:52:54 +0200 Subject: l: add mainUser to pipewire group --- lass/2configs/baseX.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index d33b470b..5ffa71b2 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -46,7 +46,7 @@ in { } ]; - users.users.mainUser.extraGroups = [ "audio" "video" ]; + users.users.mainUser.extraGroups = [ "audio" "pipewire" "video" ]; time.timeZone = "Europe/Berlin"; -- cgit v1.2.3 From 6e0aea50e9c470352773912d4c54f46fee106856 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:53:03 +0200 Subject: l: hub -> gh --- lass/2configs/baseX.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 5ffa71b2..9169248f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -64,7 +64,7 @@ in { font-size fzfmenu gimp - gitAndTools.hub + gitAndTools.gh git-crypt git-preview dconf -- cgit v1.2.3 From 5aca4dde6c47afa2c3f66e72833d3dbe5dac7d56 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:53:28 +0200 Subject: l: add vnc tools --- lass/2configs/baseX.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9169248f..e94cbbd2 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,11 +79,13 @@ in { ponymix powertop rxvt_unicode-with-plugins + sshvnc sxiv taskwarrior termite transgui wirelesstools + x11vnc xclip xephyrify xorg.xhost -- cgit v1.2.3 From 58c0c20beb5bc395dcd304a403885d3a57249702 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:53:43 +0200 Subject: l bitcoin: remove stale user --- lass/2configs/bitcoin.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index de6562cb..e9dd055f 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -28,7 +28,6 @@ in { }; }; security.sudo.extraConfig = '' - ${mainUser.name} ALL=(bch) ALL ${mainUser.name} ALL=(bitcoin) ALL ${mainUser.name} ALL=(monero) ALL ''; -- cgit v1.2.3 From baa2732061e05945687486b64e7b2f50ecd84260 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:53:56 +0200 Subject: l bitlbee: disable telegram --- lass/2configs/bitlbee.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index b8422115..84f06e58 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -11,7 +11,7 @@ with (import ); pkgs.bitlbee-discord ]; libpurple_plugins = [ - pkgs.telegram-purple + # pkgs.telegram-purple # pkgs.tdlib-purple # pkgs.purple-gowhatsapp ]; -- cgit v1.2.3 From ba16960e0601a4ad3e09cb118b7411abeab2853d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:54:55 +0200 Subject: l games: add user to pipewire group --- lass/2configs/games.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 829773b8..26707f1f 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -61,7 +61,7 @@ in { name = "games"; description = "user playing games"; home = "/home/games"; - extraGroups = [ "audio" "video" "input" "loot" ]; + extraGroups = [ "audio" "video" "input" "loot" "pipewire" ]; createHome = true; useDefaultShell = true; packages = with pkgs; [ -- cgit v1.2.3 From ceafd8831f306aa0e80050a681c77b9f83d44ff1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:55:37 +0200 Subject: l git: allow kmein to fetch brain --- lass/2configs/git-brain.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix index 1c6f92fc..f4d1a27c 100644 --- a/lass/2configs/git-brain.nix +++ b/lass/2configs/git-brain.nix @@ -28,7 +28,7 @@ let # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ makefu tv ]; + krebsminister = with config.krebs.users; [ makefu tv kmein ]; krebs-rules = repo: set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister; -- cgit v1.2.3 From 2ce0a41c8d573bd5c2b06702fe90f82d6b5e8c17 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:58:17 +0200 Subject: l programs: add some tools --- lass/2configs/git.nix | 6 ------ lass/2configs/programs.nix | 35 ++++++++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index e6c77f64..891aefcf 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -122,12 +122,6 @@ let cgit.section = "configuration"; }; } // mapAttrs make-public-repo-silent { - nixos-aws = { - collaborators = [ { - name = "fabio"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; - } ]; - }; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index 0a4b4fd9..0997b41a 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -4,9 +4,11 @@ { environment.systemPackages = with pkgs; [ aria2 + generate-secrets gnupg1compat htop i3lock + l-gen-secrets mosh pass pavucontrol @@ -18,18 +20,41 @@ transmission wget xsel - youtube-dl + yt-dlp + (pkgs.writeDashBin "youtube-dl" '' + exec ${pkgs.yt-dlp}/bin/yt-dlp "$@" + '') (pkgs.writeDashBin "tether-on" '' adb shell svc usb setFunctions rndis '') (pkgs.writeDashBin "tether-off" '' adb shell svc usb setFunctions '') - (pkgs.writeDashBin "dl-movie" '' - ${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@" + (pkgs.writeDashBin "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + '') + (pkgs.writeDashBin "krebsco.de" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "lassul.us" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "btc-coinbase" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' + '') + (pkgs.writeDashBin "btc-wex" '' + ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' '') - (pkgs.writeDashBin "dl-series" '' - ${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/series -a "$@" + (pkgs.writeDashBin "btc-kraken" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' '') ]; } -- cgit v1.2.3 From 15bb16e2c8ffaede35108be0112cc0ecc1fed50b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:59:13 +0200 Subject: l home-media: use pipewire & fix autologin --- lass/2configs/home-media.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/home-media.nix b/lass/2configs/home-media.nix index 7e10aed3..f250ca8d 100644 --- a/lass/2configs/home-media.nix +++ b/lass/2configs/home-media.nix @@ -4,10 +4,10 @@ with import ; users.users.media = { isNormalUser = true; uid = genid_uint31 "media"; - extraGroups = [ "video" "audio" ]; + extraGroups = [ "video" "audio" "pipewire" ]; }; - services.xserver.displayManager.lightdm.autoLogin = { + services.xserver.displayManager.autoLogin = { enable = true; user = "media"; }; -- cgit v1.2.3 From 6bf2ab873519532de7a744748777361dc65f8b7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 19:59:56 +0200 Subject: l jitsi: more privacy --- lass/2configs/jitsi.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix index 1435ccb5..fa41f663 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/jitsi.nix @@ -7,10 +7,13 @@ config = { enableWelcomePage = true; requireDisplayName = true; + analytics.disabled = true; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; + DISABLE_PRESENCE_STATUS = true; + GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; }; }; -- cgit v1.2.3 From 0c30d6f1206eee5459cbb788ffe6f997dc951596 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:00:50 +0200 Subject: l p.krebsco.de: allow upload from internet --- lass/2configs/paste.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 68a55c71..affc3530 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -57,10 +57,8 @@ with import ; addSSL = true; serverAliases = [ "p.krebsco.de" ]; locations."/".extraConfig = '' - if ($request_method != GET) { - return 403; - } proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; ''; locations."/image".extraConfig = '' -- cgit v1.2.3 From ab95169840f36bd6014de0d1ac6a3cd2f13fd6f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:01:39 +0200 Subject: l realwallpaper: allow access to archive --- lass/2configs/realwallpaper.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 0bae91d8..a82e1d01 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -22,6 +22,10 @@ in { hostname "${hostname}.r" ]; + locations."/realwallpaper/".extraConfig = '' + index on; + root /var/realwallpaper"; + ''; locations."/realwallpaper.png".extraConfig = '' root /var/realwallpaper/; ''; -- cgit v1.2.3 From b30e2377d13c05a080f244bf39e6f247eb07eec6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:05:19 +0200 Subject: l retiolum: disable autoconnect --- lass/2configs/retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index d4d97a88..b8c9d4f8 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -21,6 +21,7 @@ "eve" ]; extraConfig = '' + AutoConnect = no StrictSubnets = yes ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) '' LocalDiscovery = no -- cgit v1.2.3 From 0be35f266f8b7929be4e4250bbe90a3a1f1bd24d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:05:42 +0200 Subject: l ssh-cryptsetup: add correct key --- lass/2configs/ssh-cryptsetup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix index f08f85b4..0126c33b 100644 --- a/lass/2configs/ssh-cryptsetup.nix +++ b/lass/2configs/ssh-cryptsetup.nix @@ -6,7 +6,7 @@ ssh = { enable = true; authorizedKeys = with config.krebs.users; [ - config.krebs.users.lass-mors.pubkey + config.krebs.users.lass.pubkey config.krebs.users.lass-blue.pubkey ]; }; -- cgit v1.2.3 From d183d5e795fdf5e703978127f6a9148f678d6b47 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:06:11 +0200 Subject: l sync: permown -> acl --- lass/2configs/sync/decsync.nix | 9 ++++----- lass/2configs/sync/sync.nix | 11 +++-------- lass/2configs/sync/weechat.nix | 8 +++----- 3 files changed, 10 insertions(+), 18 deletions(-) diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix index a38cff8d..5fded10a 100644 --- a/lass/2configs/sync/decsync.nix +++ b/lass/2configs/sync/decsync.nix @@ -3,9 +3,8 @@ path = "/home/lass/decsync"; devices = [ "mors" "blue" "green" "phone" ]; }; - krebs.permown."/home/lass/decsync" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; - }; + + krebs.acl."/home/lass/decsync"."u:syncthing:X".parents = true; + krebs.acl."/home/lass/decsync"."u:syncthing:rwX" = {}; + krebs.acl."/home/lass/decsync"."u:lass:rwX" = {}; } diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix index a0927c19..2714fa83 100644 --- a/lass/2configs/sync/sync.nix +++ b/lass/2configs/sync/sync.nix @@ -2,12 +2,7 @@ services.syncthing.folders."/home/lass/sync" = { devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ]; }; - krebs.permown."/home/lass/sync" = { - file-mode = "u+rw,g+rw"; - owner = "lass"; - group = "syncthing"; - umask = "0002"; - keepGoing = true; - }; + krebs.acl."/home/lass/sync"."u:syncthing:X".parents = true; + krebs.acl."/home/lass/sync"."u:syncthing:rwX" = {}; + krebs.acl."/home/lass/sync"."u:lass:rwX" = {}; } - diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix index eb6b0aa1..b32015b8 100644 --- a/lass/2configs/sync/weechat.nix +++ b/lass/2configs/sync/weechat.nix @@ -1,8 +1,6 @@ { services.syncthing.folders."/home/lass/.weechat".devices = [ "green" "mors" ]; - krebs.permown."/home/lass/.weechat" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; - }; + krebs.acl."/home/lass/.weechat"."u:syncthing:X".parents = true; + krebs.acl."/home/lass/.weechat"."u:syncthing:rwX" = {}; + krebs.acl."/home/lass/.weechat"."u:lass:rwX" = {}; } -- cgit v1.2.3 From 221c4b88d0d0044b946c840b6c1f7ca5f108fabd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:06:33 +0200 Subject: l themes: make sure /var/theme/config exist --- lass/2configs/themes.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix index e020c62c..eb1a5398 100644 --- a/lass/2configs/themes.nix +++ b/lass/2configs/themes.nix @@ -9,6 +9,7 @@ ${placeholder "out"}/bin/switch-theme dark fi elif test -e "/etc/themes/$1"; then + ${pkgs.coreutils}/bin/mkdir -p /var/theme/config ${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/ echo "$1" > /var/theme/current_theme ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme -- cgit v1.2.3 From a39775651d02bf06d6cf9b8ecc8b1c636f3318e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:07:03 +0200 Subject: l minecraft: remove erronous port --- lass/2configs/minecraft.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix index d2a3672c..34da3047 100644 --- a/lass/2configs/minecraft.nix +++ b/lass/2configs/minecraft.nix @@ -11,6 +11,5 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } ]; } -- cgit v1.2.3 From b5d1514ca0e00275f0feeb2a7f69abc043fc4de9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:08:10 +0200 Subject: l vim: use vim-dim colorscheme --- lass/2configs/vim.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 36ce3d74..4a748b1e 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -51,7 +51,7 @@ let filetype plugin indent on set t_Co=256 - colorscheme hack + colorscheme dim syntax on au Syntax * syn match Garbage containedin=ALL /\s\+$/ @@ -170,6 +170,15 @@ let hi diffRemoved ctermfg=009 ''; }))) + (pkgs.vimUtils.buildVimPlugin { + name = "vim-dim-1.1.0"; + src = pkgs.fetchFromGitHub { + owner = "jeffkreeftmeijer"; + repo = "vim-dim"; + rev = "1.1.0"; + sha256 = "sha256-lyTZUgqUEEJRrzGo1FD8/t8KBioPrtB3MmGvPeEVI/g="; + }; + }) ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "vim"; in { -- cgit v1.2.3 From 2a5c6c2e53d4dc945ec1c7b23510803da0669c22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:08:21 +0200 Subject: l vim: use fancy listchars --- lass/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 4a748b1e..49acabbe 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -21,6 +21,7 @@ let set backup set backupdir=${dirs.backupdir}/ set directory=${dirs.swapdir}// + set list listchars=tab:⇥\ ,extends:❯,precedes:❮,nbsp:␣,trail:· showbreak=¬ set hlsearch set incsearch set ttymouse=sgr -- cgit v1.2.3 From c2e75dfff1541fedfde2c6174b09333cd502a218 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:08:35 +0200 Subject: l vim: use fzf tools --- lass/2configs/vim.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 49acabbe..a5860caa 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -115,10 +115,17 @@ let " copy/paste from/to xclipboard set clipboard=unnamedplus + + " use fzf to switch files + nnoremap :FZF + nnoremap :Rg + let g:fzf_layout = { 'down': '~15%' } ''; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.undotree + pkgs.vimPlugins.fzf-vim + pkgs.vimPlugins.fzfWrapper (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { -- cgit v1.2.3 From f8892771c4740802ae1b9cc88e7836e5ac82b3e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:08:50 +0200 Subject: l vim: remove legacy hack colorscheme --- lass/2configs/vim.nix | 43 ------------------------------------------- 1 file changed, 43 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index a5860caa..210133f4 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -135,49 +135,6 @@ let sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; }; }) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let - name = "hack"; - in { - name = "vim-color-${name}-1.0.2"; - destination = "/colors/${name}.vim"; - text = /* vim */ '' - set background=dark - hi clear - if exists("syntax_on") - syntax clear - endif - - let colors_name = ${toJSON name} - - hi Normal ctermbg=016 - hi Comment ctermfg=255 - hi Constant ctermfg=229 - hi Identifier ctermfg=123 - hi Function ctermfg=041 - hi Statement ctermfg=167 - hi PreProc ctermfg=167 - hi Type ctermfg=046 - hi Delimiter ctermfg=251 - hi Special ctermfg=146 - - hi Garbage ctermbg=124 - hi TabStop ctermbg=020 - hi NBSP ctermbg=056 - hi NarrowNBSP ctermbg=097 - hi Todo ctermfg=174 ctermbg=NONE - - hi NixCode ctermfg=190 - hi NixData ctermfg=149 - hi NixQuote ctermfg=119 - - hi diffNewFile ctermfg=207 - hi diffFile ctermfg=207 - hi diffLine ctermfg=207 - hi diffSubname ctermfg=207 - hi diffAdded ctermfg=010 - hi diffRemoved ctermfg=009 - ''; - }))) (pkgs.vimUtils.buildVimPlugin { name = "vim-dim-1.1.0"; src = pkgs.fetchFromGitHub { -- cgit v1.2.3 From aae34277aff7d15fc5d74df8a80f4c3ad42d1535 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:09:57 +0200 Subject: l domsen: add more webistes/accounts --- lass/2configs/websites/domsen.nix | 54 +++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3f055e37..93d3c91e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -29,6 +29,8 @@ in { (servePage [ "apanowicz.de" "www.apanowicz.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "illustra.de" "www.illustra.de" ]) + (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ]) + (servePage [ "familienrat-hamburg.de" "www.familienrat-hamburg.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -36,20 +38,20 @@ in { (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" - "nirwanabluete.de" "ubikmedia.eu" "youthtube.xyz" "joemisch.com" "weirdwednesday.de" "jarugadesign.de" + "beesmooth.ch" - "www.nirwanabluete.de" "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" "www.joemisch.com" "www.weirdwednesday.de" "www.jarugadesign.de" + "www.beesmooth.ch" "aldona2.ubikmedia.de" "cinevita.ubikmedia.de" @@ -64,9 +66,13 @@ in { "jarugadesign.ubikmedia.de" "crypto4art.ubikmedia.de" "jarugadesign.ubikmedia.de" + "beesmooth.ubikmedia.de" ]) ]; + # https://github.com/nextcloud/server/issues/25436 + services.mysql.settings.mysqld.innodb_read_only_compressed = 0; + services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ]; services.mysql.ensureUsers = [ { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; } @@ -159,6 +165,7 @@ in { { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "hallo@jarugadesign.de"; to ="kasia"; } + { from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -170,10 +177,12 @@ in { "apanowicz.de" "alewis.de" "jarugadesign.de" + "beesmooth.ch" ]; dkim = [ { domain = "ubikmedia.eu"; } { domain = "apanowicz.de"; } + { domain = "beesmooth.ch"; } ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -332,6 +341,27 @@ in { isNormalUser = true; }; + users.users.avada = { + uid = genid_uint31 "avada"; + home = "/home/avada"; + useDefaultShell = true; + createHome = true; + isNormalUser = true; + }; + + users.users.familienrat = { + uid = genid_uint31 "familienrat"; + home = "/home/familienrat"; + useDefaultShell = true; + createHome = true; + isNormalUser = true; + }; + krebs.acl."/srv/http/familienrat-hamburg.de"."u:familienrat:rwX" = {}; + krebs.acl."/srv/http"."u:familienrat:X" = { + default = false; + recursive = false; + }; + users.groups.xanf = {}; krebs.on-failure.plans.restic-backups-domsen = { @@ -372,18 +402,14 @@ in { ${pkgs.coreutils}/bin/chmod 750 /backups ''; - krebs.permown = { - "/srv/http" = { - group = "syncthing"; - owner = "nginx"; - umask = "0007"; - }; - "/home/xanf/XANF_TEAM" = { - owner = "XANF_TEAM"; - group = "xanf"; - umask = "0007"; - }; + # takes too long!! + # krebs.acl."/srv/http"."u:syncthing:rwX" = {}; + # krebs.acl."/srv/http"."u:nginx:rwX" = {}; + # krebs.acl."/srv/http/ubikmedia.de"."u:avada:rwX" = {}; + krebs.acl."/home/xanf/XANF_TEAM"."g:xanf:rwX" = {}; + krebs.acl."/home/xanf"."g:xanf:X" = { + default = false; + recursive = false; }; - } -- cgit v1.2.3 From 88fac070e231ad9b5c57cd96dc8322c30b9c3318 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:11:20 +0200 Subject: l lassul.us: remove legacy tinc-graphs --- lass/2configs/websites/lassulus.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 5bf8de01..7de99351 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -20,8 +20,6 @@ in { }; }; - krebs.tinc_graphs.enable = true; - users.groups.lasscert.members = [ "dovecot2" "ejabberd" @@ -48,10 +46,6 @@ in { locations."= /wireguard-key".extraConfig = '' alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; - locations."/tinc/".extraConfig = '' - index index.html; - alias ${config.krebs.tinc_graphs.workingDir}/external/; - ''; locations."= /krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; -- cgit v1.2.3 From fd58fdb28ca6c577b6a5dda86dc6318f360169e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:11:35 +0200 Subject: l lassul.us: remove deprecated users --- lass/2configs/websites/lassulus.nix | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 7de99351..86a55c22 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -22,7 +22,6 @@ in { users.groups.lasscert.members = [ "dovecot2" - "ejabberd" "exim" "nginx" ]; @@ -84,19 +83,5 @@ in { root /var/lib/acme/acme-challenge; ''; }; - - users.users.blog = { - uid = genid_uint31 "blog"; - group = "nginx"; - description = "lassul.us blog deployment"; - home = "/srv/http/lassul.us"; - useDefaultShell = true; - createHome = true; - isSystemUser = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-mors.pubkey - ]; - }; } -- cgit v1.2.3 From 45073efe87fc0561819db645c509e60c3d3fd213 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:12:12 +0200 Subject: l lassul.us: simplify pubkey locations --- lass/2configs/websites/lassulus.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 86a55c22..2ff98f38 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -57,14 +57,14 @@ in { alias ${initscript}/bin/init; ''; locations."= /blue.pub".extraConfig = '' - alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; + alias ${pkgs.writeText "pub" config.krebs.users.lass-blue.pubkey}; ''; - locations."= /mors.pub".extraConfig = '' - alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; - ''; - locations."= /yubi.pub".extraConfig = '' + locations."= /ssh.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey}; ''; + locations."= /gpg.pub".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pgp.pubkeys.default}; + ''; }; security.acme.certs."cgit.lassul.us" = { -- cgit v1.2.3 From b663d3c5977d2482f97babb74ade8edf15f11b53 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:12:38 +0200 Subject: l: add ref.ptkk.de --- lass/2configs/websites/lassulus.nix | 1 + lass/2configs/websites/ref.ptkk.de/default.nix | 89 ++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 lass/2configs/websites/ref.ptkk.de/default.nix diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 2ff98f38..411234b8 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -10,6 +10,7 @@ in { imports = [ ./default.nix ../git.nix + ./ref.ptkk.de ]; security.acme = { diff --git a/lass/2configs/websites/ref.ptkk.de/default.nix b/lass/2configs/websites/ref.ptkk.de/default.nix new file mode 100644 index 00000000..14ce58b8 --- /dev/null +++ b/lass/2configs/websites/ref.ptkk.de/default.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx.virtualHosts."ref.ptkk.de" = { + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:4626"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_cache_bypass $http_upgrade; + ''; + }; + locations."/static/" = { + alias = "/var/lib/ref.ptkk.de/static/"; + }; + forceSSL = true; + }; + systemd.services."ref.ptkk.de" = { + wantedBy = [ "multi-user.target" ]; + environment = { + PRODUCTION = "yip"; + DATA_DIR = "/var/lib/ref.ptkk.de/data"; + PORT = "4626"; + STATIC_ROOT = "/var/lib/ref.ptkk.de/static"; + }; + path = with pkgs; [ + git + gnutar + gzip + nix + ]; + serviceConfig = { + ExecStartPre = [ + "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/data" + "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/code" + "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/static" + ]; + ExecStart = pkgs.writers.writeDash "nixify" '' + cd code + if test -e shell.nix; then + ${pkgs.nix}/bin/nix-shell -I /var/src --run serve + else + echo 'no shell.nix, bailing out' + exit 0 + fi + ''; + LoadCredential = [ + "django-secret.key:${toString }/ref.ptkk.de-django.key" + ]; + User = "ref.ptkk.de"; + WorkingDirectory = "/var/lib/ref.ptkk.de"; + StateDirectory = "ref.ptkk.de"; + Restart = "always"; + RestartSec = "100s"; + }; + }; + systemd.services."ref.ptkk.de-restarter" = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ref.ptkk.de.service"; + }; + }; + systemd.paths."ref.ptkk.de-restarter" = { + wantedBy = [ "multi-user.target" ]; + pathConfig.PathChanged = [ + "/var/lib/ref.ptkk.de/code" + "/var/src/nixpkgs" + ]; + }; + + users.users."ref.ptkk.de" = { + isSystemUser = true; + uid = pkgs.stockholm.lib.genid_uint31 "ref.ptkk.de"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD CI@github.com" + config.krebs.users.lass.pubkey + ]; + group = "nginx"; + home = "/var/lib/ref.ptkk.de"; + useDefaultShell = true; + }; +} -- cgit v1.2.3 From 1bf8ca72402124875b44d9745be03408dacf5b15 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:13:15 +0200 Subject: l owncloud: use php74 --- lass/2configs/websites/util.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index b6765037..22b1669b 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -174,6 +174,7 @@ rec { services.phpfpm.pools."${domain}" = { user = "nginx"; group = "nginx"; + phpPackage = pkgs.php74; extraConfig = '' listen = /srv/http/${domain}/phpfpm.pool pm = dynamic -- cgit v1.2.3 From 85db8852793af6a2d20d281aec768597b027a619 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:13:53 +0200 Subject: l wiregrill: allow retiolum <-> wiregrill --- lass/2configs/wiregrill.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix index 0183bd4e..54257d2c 100644 --- a/lass/2configs/wiregrill.nix +++ b/lass/2configs/wiregrill.nix @@ -18,6 +18,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { ]; krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } ]; networking.wireguard.interfaces.wiregrill = { -- cgit v1.2.3 From 5f4a5b5cebdab25afd17344b77d4db765eb94b87 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:14:48 +0200 Subject: l yubikey: simplify debug logging --- lass/2configs/yubikey.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index d92b18f8..a37752d5 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -38,7 +38,7 @@ } }); polkit.addRule(function(action, subject) { - polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid); + polkit.log("subject: " + subject + " action: " + action); }); ''; -- cgit v1.2.3 From bb87f90e4654dd537c55b34bb861b7f6f5a3e53d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:20:24 +0200 Subject: l dummy-secrets: add ssh-tor.priv --- lass/2configs/tests/dummy-secrets/ssh-tor.priv | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/ssh-tor.priv diff --git a/lass/2configs/tests/dummy-secrets/ssh-tor.priv b/lass/2configs/tests/dummy-secrets/ssh-tor.priv new file mode 100644 index 00000000..e69de29b -- cgit v1.2.3 From ae682ccd343d9992245b489404031d4472fd3f24 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2022 20:30:44 +0200 Subject: l sshvnc: init --- lass/5pkgs/sshvnc/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/5pkgs/sshvnc/default.nix diff --git a/lass/5pkgs/sshvnc/default.nix b/lass/5pkgs/sshvnc/default.nix new file mode 100644 index 00000000..f66ed1b0 --- /dev/null +++ b/lass/5pkgs/sshvnc/default.nix @@ -0,0 +1,11 @@ +{ pkgs }: +pkgs.writers.writeBashBin "sshvnc" '' + set -xm + + RANDOM_HIGH_PORT=$(shuf -i 20000-65000 -n 1) + ssh "$@" -f -L $RANDOM_HIGH_PORT:localhost:$RANDOM_HIGH_PORT -