summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-05-15 16:10:14 +0200
committertv <tv@krebsco.de>2019-05-15 16:10:14 +0200
commit1ceae8b0e3f37b5d3a4b8ef52621f2959abaab8e (patch)
tree67d182fa8e62f01ed346714c615a64577fae1b66
parentdf6007c2eb3c6fab9106c3fc591fded7221b1708 (diff)
parentf541eae020a229b99afe531139be246f8aecb695 (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--krebs/1systems/puyak/config.nix7
-rw-r--r--krebs/3modules/external/default.nix14
-rw-r--r--krebs/3modules/external/tinc/horisa.pub8
-rw-r--r--makefu/1systems/x/config.nix2
-rw-r--r--makefu/2configs/backup/ssh/wbob.pub1
-rw-r--r--makefu/2configs/bureautomation/hass.nix1
-rw-r--r--makefu/2configs/editor/vim.nix1
-rw-r--r--makefu/2configs/editor/vimrc11
-rw-r--r--makefu/2configs/fs/sda-crypto-root-home.nix26
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix3
-rw-r--r--makefu/2configs/home-manager/zsh.nix4
-rw-r--r--makefu/2configs/hw/network-manager.nix3
-rw-r--r--makefu/2configs/mail/mail.euer.nix8
-rw-r--r--makefu/2configs/mqtt.nix3
-rw-r--r--makefu/2configs/nur.nix6
-rw-r--r--makefu/2configs/printer.nix1
-rw-r--r--makefu/2configs/stats/arafetch.nix6
-rw-r--r--makefu/2configs/task-client.nix7
-rw-r--r--makefu/2configs/taskd.nix1
-rw-r--r--makefu/5pkgs/default.nix1
-rw-r--r--makefu/5pkgs/pico2wave/default.nix44
-rw-r--r--makefu/5pkgs/prison-break/default.nix6
22 files changed, 129 insertions, 35 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 67257eacd..af11c6944 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -73,6 +73,13 @@
system.activationScripts."disengage fancontrol" = ''
echo level disengaged > /proc/acpi/ibm/fan
'';
+
+ # to access vorstand vm
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
+ ];
+
users.users.joerg = {
openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
isNormalUser = true;
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 9bfc920a3..080c259aa 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -167,6 +167,20 @@ in {
};
};
};
+ horisa = {
+ cores = 2;
+ owner = config.krebs.users.ulrich; # main laptop
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.226.213";
+ ip6.addr = "42:0:e644:9099:4f8:b9aa:3856:4e85";
+ aliases = [
+ "horisa.r"
+ ];
+ tinc.pubkey = tinc-for "horisa";
+ };
+ };
+ };
idontcare = {
owner = config.krebs.users.Mic92;
nets = rec {
diff --git a/krebs/3modules/external/tinc/horisa.pub b/krebs/3modules/external/tinc/horisa.pub
new file mode 100644
index 000000000..06d686ce3
--- /dev/null
+++ b/krebs/3modules/external/tinc/horisa.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
+Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
+XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
++EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
+sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
+M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 3c5e50c4b..32a548954 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -196,4 +196,6 @@
services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
+ # latest kernel (5.0) has issues with wifi card
+ boot.kernelPackages = pkgs.linuxPackages;
}
diff --git a/makefu/2configs/backup/ssh/wbob.pub b/makefu/2configs/backup/ssh/wbob.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/wbob.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 02465520c..ace1d10ce 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -146,6 +146,7 @@ in {
"device_tracker.ecki_tablet"
"device_tracker.daniel_phone"
"device_tracker.carsten_phone"
+ "device_tracker.thierry_phone"
# "person.thorsten"
# "person.felix"
# "person.ecki"
diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix
index 8a58e44de..d14a611b4 100644
--- a/makefu/2configs/editor/vim.nix
+++ b/makefu/2configs/editor/vim.nix
@@ -23,7 +23,6 @@ in {
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree"
# "YouCompleteMe"
- "LanguageClient-neovim"
"vim-better-whitespace" ]; }
# vim-nix handles indentation better but does not perform sanity
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc
index 96c505ba8..8cdab55db 100644
--- a/makefu/2configs/editor/vimrc
+++ b/makefu/2configs/editor/vimrc
@@ -96,14 +96,3 @@ augroup Binary
au BufWritePost *.bin if &bin | %!xxd
au BufWritePost *.bin set nomod | endif
augroup END
-
-let g:LanguageClient_serverCommands = {
-\ 'python': ['pyls']
-\ }
-nnoremap <F6> :call LanguageClient_contextMenu()<CR>
-nnoremap <silent> gh :call LanguageClient_textDocument_hover()<CR>
-nnoremap <silent> gd :call LanguageClient_textDocument_definition()<CR>
-nnoremap <silent> gr :call LanguageClient_textDocument_references()<CR>
-nnoremap <silent> gs :call LanguageClient_textDocument_documentSymbol()<CR>
-nnoremap <silent> <F2> :call LanguageClient_textDocument_rename()<CR>
-nnoremap <silent> gf :call LanguageClient_textDocument_formatting()<CR>
diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix
index e790ed6a8..4f0cf8c6b 100644
--- a/makefu/2configs/fs/sda-crypto-root-home.nix
+++ b/makefu/2configs/fs/sda-crypto-root-home.nix
@@ -8,7 +8,31 @@
# / (main-root)
# /home (main-home)
-with import <stockholm/lib>;
+# clean the boot sector:
+# dd if=/dev/zero of=/dev/sda count=2048
+# Installation Instruction on ISO:
+# fdisk /dev/sda
+ # boot 500M
+ # rest rest
+# cryptsetup luksFormat /dev/sda2
+# mkfs.ext4 -L nixboot /dev/sda1
+# cryptsetup luksOpen /dev/sda2 cryptoluks
+# pvcreate /dev/mapper/cryptoluks
+# vgcreate main /dev/mapper/cryptoluks
+# lvcreate -L 200Gib main -n root
+# lvcreate -L 800Gib main -n home
+# mkfs.ext4 /dev/main/root
+# mkfs.ext4 /dev/main/home
+# mount /dev/mapper/main-root /mnt
+# mkdir -p /mnt/{boot,home,var/src} /var/src
+# mount /dev/sda1 /mnt/boot
+# mount /dev/mapper/main-home /mnt/home
+# touch /mnt/var/src/.populate
+# mount -o bind /mnt/var/src /var/src
+# nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs && # nix-channel --update
+# nix-env -iA nixpkgs.gitMinimal
+# (on deploy-host) $(nix-build ~/stockholm/makefu/krops.nix --no-out-link --argstr name x --argstr target 10.42.22.91 -A deploy --show-trace)
+# NIXOS_CONFIG=/var/src/nixos-config nixos-install -I /var/src --no-root-passwd --no-channel-copy
{
imports = [
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index 55cfd74f5..e49843cfe 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -9,8 +9,7 @@
# boot 500M
# rest rest
# cryptsetup luksFormat /dev/sda2
-#
-with import <stockholm/lib>;
+# mkfs.ext4 -L nixboot /dev/sda1
{
boot = {
loader.grub.enable = true;
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
index 267a2e878..d24969ef0 100644
--- a/makefu/2configs/home-manager/zsh.nix
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -25,12 +25,12 @@
then
[ -d .direnv ] || mkdir .direnv
local tmp=$(nix-shell --show-trace "$@" \
- --run "\"$direnv\" dump bash")
+ --run "\"$direnv\" dump zsh")
echo "$tmp" > "$cache"
fi
local path_backup=$PATH term_backup=$TERM
- direnv_load cat "$cache"
+ . "$cache"
export PATH=$PATH:$path_backup TERM=$term_backup
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index 3b9d04549..d7b262b91 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -30,4 +30,7 @@
state = [
"/etc/NetworkManager/system-connections" #NM stateful config files
];
+ networking.networkmanager.dispatcherScripts = [
+ { source = "${pkgs.prison-break}/bin/prison-break"; }
+ ];
}
diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix
index f8f82e76b..d27b888a7 100644
--- a/makefu/2configs/mail/mail.euer.nix
+++ b/makefu/2configs/mail/mail.euer.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [
- (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz")
+ (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz")
];
mailserver = {
@@ -32,8 +32,12 @@
};
services.dovecot2.extraConfig = ''
- ssl_dh = </var/lib/dhparams/dovecot.pem
+ ssl_dh = </var/lib/dhparams/dovecot2.pem
'';
+ state = [ # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/wikis/A-Complete-Backup-Guide
+ config.mailserver.mailDirectory
+ config.mailserver.dkimKeyDirectory
+ ];
# workaround for DH creation
# security.dhparams = {
# enable = true;
diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix
index c56521812..8b77df962 100644
--- a/makefu/2configs/mqtt.nix
+++ b/makefu/2configs/mqtt.nix
@@ -5,6 +5,9 @@
host = "0.0.0.0";
users = {};
# TODO: secure that shit
+ aclExtraConf = ''
+ pattern readwrite /#
+ '';
allowAnonymous = true;
};
}
diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix
index dda00063a..3cb4981e0 100644
--- a/makefu/2configs/nur.nix
+++ b/makefu/2configs/nur.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:{
nixpkgs.config.packageOverrides = pkgs: {
- nur = pkgs.callPackage (import (builtins.fetchGit {
- url = "https://github.com/nix-community/NUR";
- })) {};
+ nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
+ inherit pkgs;
+ };
};
}
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index 0889ebbc1..d297483b2 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -32,4 +32,5 @@ in {
tcp 192.168.1.5
''; #home printer SCX-3205W
};
+ state = [ "/var/lib/cups" ];
}
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
index c16629cc5..6ab9d3774 100644
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@@ -2,7 +2,7 @@
with import <stockholm/lib>;
let
pkg = with pkgs.python3Packages;buildPythonPackage rec {
- rev = "762d747";
+ rev = "775d0c2";
name = "arafetch-${rev}";
propagatedBuildInputs = [
requests
@@ -13,7 +13,7 @@ let
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/arafetch";
inherit rev;
- sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws";
+ sha256 = "0z35avn7vmbd1661ca1zkc9i4lwcm03kpwgiqxddpkp1yxhl548p";
};
};
home = "/var/lib/arafetch";
@@ -34,7 +34,7 @@ in {
path = [ pkg pkgs.git pkgs.wget ];
serviceConfig = {
User = "arafetch";
- Restart = "always";
+ # Restart = "always";
WorkingDirectory = home;
PrivateTmp = true;
ExecStart = pkgs.writeDash "start-weekrun" ''
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
index 470193d6c..1fdddb9b1 100644
--- a/makefu/2configs/task-client.nix
+++ b/makefu/2configs/task-client.nix
@@ -4,11 +4,4 @@
pkgs.taskwarrior
];
- environment.shellAliases = {
- tshack = "task project:shack";
- twork = "task project:soc";
- tpki = "task project:pki";
- tkrebs = "task project:krebs";
- t = "task project: ";
- };
}
diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix
index 5ca3b9904..122ad66a7 100644
--- a/makefu/2configs/taskd.nix
+++ b/makefu/2configs/taskd.nix
@@ -1,5 +1,6 @@
{config, ... }:
{
+ state = [ config.services.taskserver.dataDir ];
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
services.taskserver.listenHost = "::";
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 1ae10459f..a3c489ccc 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -40,6 +40,7 @@ in {
qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
+ prison-break = abort "`prison-break` moved from this namespace to `nur.repos.krebs.prison-break`";
}
// (mapAttrs (_: flip callPackage {})
diff --git a/makefu/5pkgs/pico2wave/default.nix b/makefu/5pkgs/pico2wave/default.nix
new file mode 100644
index 000000000..5302e8bf3
--- /dev/null
+++ b/makefu/5pkgs/pico2wave/default.nix
@@ -0,0 +1,44 @@
+{ stdenv, lib, fetchurl
+, popt
+, libredirect
+, dpkg
+, makeWrapper
+, autoPatchelfHook
+, ...
+}:
+# https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=svox-pico-bin
+let
+ pkgrel="8";
+ _arch = "amd64";
+in
+stdenv.mkDerivation rec {
+ name = "pico2wave"; # svox-pico-bin
+ version = "1.0+git20130326";
+ srcs = [
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico0_${version}-${pkgrel}_${_arch}.deb"; sha256 = "0b8r7r8by5kamnm960bsicimnj1a40ghy3475nzy1jvwj5xgqhrj"; })
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-dev_${version}-${pkgrel}_${_arch}.deb"; sha256 = "1knjiwi117h02nbf7k6ll080vl65gxwx3rpj0fq5xkvxbqpjjbvz"; })
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-data_${version}-${pkgrel}_all.deb"; sha256 = "0k0x5jh5qzzasrg766pfmls3ksj18wwdbssysvpxkq98aqg4fgmx"; })
+ (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-utils_${version}-${pkgrel}_${_arch}.deb"; sha256 = "11yk25fh4n7qz4xjg0dri68ygc3aapj1bk9cvhcwkfvm46j5lrjv"; })
+ ] ;
+
+ nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook ];
+
+ dontBuild = true;
+
+ buildInputs = [ popt ];
+
+ unpackPhase = lib.concatMapStringsSep ";" (src: "dpkg-deb -x ${src} .") srcs;
+
+ installPhase = ''
+ mkdir -p $out
+ cp -r usr/. $out/
+
+ mv $out/lib/*-linux-gnu/* $out/lib/
+ rmdir $out/lib/*-linux-gnu
+
+ wrapProgram "$out/bin/pico2wave" \
+ --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
+ --set NIX_REDIRECTS /usr/share/pico/lang=$out/share/pico/lang
+ '';
+
+}
diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix
index 051a46184..672e0b3a0 100644
--- a/makefu/5pkgs/prison-break/default.nix
+++ b/makefu/5pkgs/prison-break/default.nix
@@ -3,12 +3,12 @@ with pkgs.python3.pkgs;
buildPythonPackage rec {
pname = "prison-break";
- version = "1.0.0";
+ version = "1.2.0";
src = fetchFromGitHub {
owner = "makefu";
repo = pname;
- rev = "1.0.0";
- sha256 = "0ab42z6qr42vz4fc077irn9ykrrylagx1dzlw8dqcanf49dxd961";
+ rev = version;
+ sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9";
};
propagatedBuildInputs = [
docopt