summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2019-01-03 23:15:19 +0100
committerlassulus <lassulus@lassul.us>2019-01-03 23:15:19 +0100
commit58886abed9f24c2447e41d37c27e7add023fa621 (patch)
tree4e29ee6fad1fc0450a040ce57d9841e78c666454
parent7176d12ff89a2637f8ca0f828c4f05a6543885d1 (diff)
parent6044ffe3a53ab7745f413847ffe87fbf7a4d11f8 (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--makefu/1systems/cake/config.nix3
-rw-r--r--makefu/1systems/gum/config.nix1
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix30
-rw-r--r--makefu/2configs/deployment/owncloud.nix1
-rw-r--r--makefu/2configs/home-manager/cli.nix30
-rw-r--r--makefu/2configs/home-manager/desktop.nix7
-rw-r--r--makefu/2configs/home-manager/zsh.nix126
-rw-r--r--makefu/2configs/zsh-user.nix82
9 files changed, 197 insertions, 84 deletions
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 914b38051..ec8830711 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -161,6 +161,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 1a617e52d..2491352eb 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -38,6 +38,9 @@
})
];
networking.wireless.enable = true;
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.Mic92.pubkey
+ ];
# File systems configuration for using the installer's partition layout
fileSystems = {
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 97b4555a5..6024260dc 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -124,7 +124,6 @@ in {
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
- <stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6d64848f5..f223081e9 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -3,6 +3,8 @@
with import <stockholm/lib>;
let
ident = (builtins.readFile ./auphonic.pub);
+ bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
+ bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
in {
services.openssh = {
allowSFTP = true;
@@ -21,6 +23,19 @@ in {
useDefaultShell = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
+ services.logrotate = {
+ enable = true;
+ config = ''
+ ${bgtaccess} ${bgterror} {
+ rotate 5
+ weekly
+ create 600 nginx nginx
+ postrotate
+ ${pkgs.systemd}/bin/systemctl reload nginx
+ endscript
+ }
+ '';
+ };
services.nginx = {
enable = lib.mkDefault true;
recommendedGzipSettings = true;
@@ -29,10 +44,21 @@ in {
serverAliases = [ "dl2.binaergewitter.de" ];
root = "/var/www/binaergewitter";
extraConfig = ''
- access_log /var/spool/nginx/logs/binaergewitter.access.log combined;
- error_log /var/spool/nginx/logs/binaergewitter.error.log error;
+ access_log ${bgtaccess} combined;
+ error_log ${bgterror} error;
autoindex on;
'';
};
};
+ environment.etc."netdata/python.d/web_log.conf".text = ''
+ nginx_log3:
+ name: 'nginx'
+ path: '/var/spool/nginx/logs/access.log'
+ nginx_log4:
+ name: 'bgt'
+ path: '${bgtaccess}'
+ '';
+
+ users.users.netdata.extraGroups = [ "nginx" ];
+
}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index cfde0aba8..d7c082662 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -169,6 +169,7 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] )
];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true;
services.mysql = {
enable = false;
diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix
index 64aa03bd7..6b5d26111 100644
--- a/makefu/2configs/home-manager/cli.nix
+++ b/makefu/2configs/home-manager/cli.nix
@@ -1,4 +1,5 @@
{pkgs, ... }: {
+ imports = [ ./zsh.nix ];
home-manager.users.makefu = {
services.gpg-agent = {
enable = true;
@@ -9,7 +10,34 @@
enableSshSupport = true;
enableScDaemon = true;
};
- programs.fzf.enable = true; # alt-c
+ programs.direnv = {
+ stdlib = ''
+use_nix() {
+ local cache=".direnv.$(nixos-version --hash)"
+
+ if [[ ! -e "$cache" ]] || \
+ [[ "$HOME/.direnvrc" -nt "$cache" ]] || \
+ [[ ".envrc" -nt "$cache" ]] || \
+ [[ "default.nix" -nt "$cache" ]] || \
+ [[ "shell.nix" -nt "$cache" ]];
+ then
+ local tmp="$(mktemp "$${cache}.tmp-XXXXXXXX")"
+ trap "rm -rf '$tmp' >/dev/null" EXIT
+ nix-shell --show-trace "$@" --run 'direnv dump' > "$tmp" && \
+ mv "$tmp" "$cache"
+ fi
+
+ direnv_load cat "$cache"
+
+ if [[ $# = 0 ]]; then
+ watch_file default.nix
+ watch_file shell.nix
+ rm direnv.* 2>/dev/null
+ fi
+}
+'';
+ enableZshIntegration = true;
+ };
};
services.udev.packages = [
pkgs.libu2f-host
diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix
index ce98e651a..40a1c6497 100644
--- a/makefu/2configs/home-manager/desktop.nix
+++ b/makefu/2configs/home-manager/desktop.nix
@@ -1,11 +1,13 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, ... }:
{
+ users.users.makefu.packages = with pkgs;[ bat direnv ];
home-manager.users.makefu = {
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
programs.firefox.enable = true;
+ programs.obs-studio.enable = true;
+ xdg.enable = true;
services.network-manager-applet.enable = true;
- systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
services.blueman-applet.enable = true;
services.pasystray.enable = true;
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
@@ -34,7 +36,6 @@
};
Service = {
- Environment = ''XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'';
ExecStart = "${pkgs.clipit}/bin/clipit";
Restart = "on-abort";
};
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
new file mode 100644
index 000000000..dff6d9337
--- /dev/null
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -0,0 +1,126 @@
+{ pkgs, ... }:
+{
+ imports = [
+ { #direnv
+ home-manager.users.makefu.home.packages = [ pkgs.direnv ];
+ home-manager.users.makefu.home.file.".direnvrc".text = ''
+ use_nix() {
+ local path="$(nix-instantiate --find-file nixpkgs)"
+
+ if [ -f "$${path}/.version-suffix" ]; then
+ local version="$(< $path/.version-suffix)"
+ elif [ -f "$path/.version" ]; then
+ local version="$(< $path/.version)"
+ else
+ local version="$(< $(< $path/.git/HEAD))"
+ fi
+
+ local cache=".direnv/cache-''${version:-unknown}"
+
+ if [[ ! -e "$cache" ]] || \
+ [[ "$HOME/.direnvrc" -nt "$cache" ]] || \
+ [[ .envrc -nt "$cache" ]] || \
+ [[ default.nix -nt "$cache" ]] || \
+ [[ shell.nix -nt "$cache" ]];
+ then
+ [ -d .direnv ] || mkdir .direnv
+ local tmp=$(nix-shell --show-trace "$@" \
+ --run "\"$direnv\" dump bash")
+ echo "$tmp" > "$cache"
+ fi
+
+ local path_backup=$PATH term_backup=$TERM
+ direnv_load cat "$cache"
+
+ export PATH=$PATH:$path_backup TERM=$term_backup
+
+ if [[ $# = 0 ]]; then
+ watch_file default.nix
+ watch_file shell.nix
+ fi
+ }
+ '';
+ home-manager.users.makefu.programs.zsh.initExtra = ''
+ nixify() {
+ if [ ! -e ./.envrc ]; then
+ echo "use nix" > .envrc
+ direnv allow
+ fi
+ if [ ! -e default.nix ]; then
+ cat > default.nix <<'EOF'
+ with import <nixpkgs> {};
+ stdenv.mkDerivation {
+ name = "env";
+ buildInputs = [
+ bashInteractive
+ ];
+ }
+ EOF
+ ${EDITOR:-vim} default.nix
+ fi
+ }
+ eval "$(direnv hook zsh)"
+ '';
+ }
+ { # bat
+ home-manager.users.makefu.home.packages = [ pkgs.bat ];
+ home-manager.users.makefu.programs.zsh.shellAliases = {
+ cat = "bat";
+ catn = "${pkgs.coreutils}/bin/cat";
+ };
+ }
+ ];
+ environment.pathsToLink = [ "/share/zsh" ];
+ home-manager.users.makefu = {
+ programs.fzf.enable = false; # alt-c
+ programs.zsh = {
+ enable = true;
+ enableAutosuggestions = false;
+ enableCompletion = true;
+ oh-my-zsh.enable = false;
+ history = {
+ size = 900001;
+ save = 900001;
+ ignoreDups = true;
+ extended = true;
+ share = true;
+ };
+ sessionVariables = {
+ TERM = "rxvt-unicode-256color";
+ LANG = "en_US.UTF8";
+ LS_COLORS = ":di=1;31:";
+ EDITOR = "vim";
+ };
+ shellAliases = {
+ lsl = "ls -lAtr";
+ t = "task";
+ xo = "mimeopen";
+ nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
+ };
+ initExtra = ''
+ bindkey -e
+ # shift-tab
+ bindkey '^[[Z' reverse-menu-complete
+ bindkey "\e[3~" delete-char
+ zstyle ':completion:*' menu select
+
+ setopt HIST_IGNORE_ALL_DUPS
+ setopt HIST_IGNORE_SPACE
+ setopt HIST_FIND_NO_DUPS
+
+ unset SSH_AGENT_PID
+ export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+ compdef _pass brain
+ zstyle ':completion::complete:brain::' prefix "$HOME/brain"
+ compdef _pass secrets
+ zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
+
+ # ctrl-x ctrl-e
+ autoload -U edit-command-line
+ zle -N edit-command-line
+ bindkey '^xe' edit-command-line
+ bindkey '^x^e' edit-command-line
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 23ae572da..e0ea046cf 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -1,83 +1,11 @@
{ config, lib, pkgs, ... }:
-##
-with import <stockholm/lib>;
let
mainUser = config.krebs.build.user.name;
in
{
- users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= {
enable = true;
- enableCompletion = true ; #manually at the end
- interactiveShellInit = ''
- HISTSIZE=900001
- HISTFILESIZE=$HISTSIZE
- SAVEHIST=$HISTSIZE
- HISTFILE=$HOME/.zsh_history
-
- setopt HIST_IGNORE_ALL_DUPS
- setopt HIST_IGNORE_SPACE
- setopt HIST_FIND_NO_DUPS
- bindkey -e
- # shift-tab
- bindkey '^[[Z' reverse-menu-complete
- bindkey "\e[3~" delete-char
- zstyle ':completion:*' menu select
-
- ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null
- GPG_TTY=$(tty)
- export GPG_TTY
- LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS
-
- unset SSH_AGENT_PID
- export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
-
- # fzf
- __fsel_fzf() {
- local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \
- -o -type f -print \
- -o -type d -print \
- -o -type l -print 2> /dev/null | cut -b3-"}"
- setopt localoptions pipefail 2> /dev/null
- eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do
- echo -n "''${(q)item} "
- done
- local ret=$?
- echo
- return $ret
- }
-
- __fzf_use_tmux__() {
- [ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ]
- }
-
- __fzfcmd() {
- __fzf_use_tmux__ &&
- echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf"
- }
-
- fzf-file-widget() {
- LBUFFER="''${LBUFFER}$(__fsel_fzf)"
- local ret=$?
- zle redisplay
- typeset -f zle-line-init >/dev/null && zle zle-line-init
- return $ret
- }
- zle -N fzf-file-widget
- bindkey '^T' fzf-file-widget
-
- compdef _pass brain
- zstyle ':completion::complete:brain::' prefix "$HOME/brain"
- compdef _pass secrets
- zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
-
- # ctrl-x ctrl-e
- autoload -U edit-command-line
- zle -N edit-command-line
- bindkey '^xe' edit-command-line
- bindkey '^x^e' edit-command-line
-
- '';
+ enableCompletion = false; #manually at the end
promptInit = ''
RPROMPT=""
@@ -93,8 +21,8 @@ in
'';
};
- users.users.${mainUser}.packages = [
- pkgs.nix-zsh-completions
- pkgs.fzf
- ];
+ users.users.${mainUser} = {
+ shell = "/run/current-system/sw/bin/zsh";
+ packages = [ pkgs.nix-zsh-completions ];
+ };
}