summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-01-30 23:43:04 +0100
committermakefu <github@syntax-fehler.de>2023-01-30 23:43:04 +0100
commit369fa6b7eb3f0fa3e1034bcad438eeda017949f8 (patch)
tree22f7891595fba32a7e66b755617e0d49b91993f3 /lass/2configs
parentdbc3870841223051e4f617b4c06065c168c69c10 (diff)
parentc7417c8bc1b50d466dae493ac3619d9f324f34f8 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/gg23.nix30
-rw-r--r--lass/2configs/green-host.nix6
-rw-r--r--lass/2configs/mail.nix66
-rw-r--r--lass/2configs/orange-host.nix15
-rw-r--r--lass/2configs/radio/container-host.nix2
-rw-r--r--lass/2configs/red-host.nix2
-rw-r--r--lass/2configs/riot.nix14
-rw-r--r--lass/2configs/ubik-host.nix26
-rw-r--r--lass/2configs/xmonad.nix11
-rw-r--r--lass/2configs/yellow-host.nix2
-rw-r--r--lass/2configs/yubikey.nix10
11 files changed, 138 insertions, 46 deletions
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
index 51db9a40a..b35b0cb85 100644
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@@ -2,17 +2,19 @@
with import <stockholm/lib>;
{
+ # ipv6 from vodafone is really really flaky
+ boot.kernel.sysctl."net.ipv6.conf.et0.disable_ipv6" = 1;
systemd.network.networks."50-et0" = {
matchConfig.Name = "et0";
- DHCP = "yes";
+ DHCP = "ipv4";
# dhcpV4Config.UseDNS = false;
# dhcpV6Config.UseDNS = false;
linkConfig = {
RequiredForOnline = "routable";
};
- # networkConfig = {
- # LinkLocalAddressing = "no";
- # };
+ networkConfig = {
+ LinkLocalAddressing = "no";
+ };
# dhcpV6Config = {
# PrefixDelegationHint = "::/60";
# };
@@ -23,14 +25,15 @@ with import <stockholm/lib>;
# Managed = true;
# };
};
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
systemd.network.networks."50-int0" = {
name = "int0";
address = [
"10.42.0.1/24"
];
networkConfig = {
- IPForward = "yes";
- IPMasquerade = "both";
+ # IPForward = "yes";
+ # IPMasquerade = "both";
ConfigureWithoutCarrier = true;
DHCPServer = "yes";
# IPv6SendRA = "yes";
@@ -49,9 +52,16 @@ with import <stockholm/lib>;
krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
{ v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
];
+ krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; }
+ ];
networking.domain = "gg23";
+ networking.useHostResolvConf = false;
+ services.resolved.extraConfig = ''
+ DNSStubListener=no
+ '';
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
@@ -64,4 +74,12 @@ with import <stockholm/lib>;
interface=int0
'';
};
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "restart_router" ''
+ ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m OFF
+ sleep 2
+ ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m ON
+ '')
+ ];
}
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 1e41e8e02..66088a562 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -1,10 +1,6 @@
{ config, pkgs, ... }:
{
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- ];
-
- lass.sync-containers3.containers.green = {
+ krebs.sync-containers3.containers.green = {
sshKey = "${toString <secrets>}/green.sync.key";
};
}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index b874695a8..f5b2e22b7 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -1,5 +1,4 @@
-with import <stockholm/lib>;
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
@@ -14,7 +13,6 @@ let
port 465
tls on
tls_starttls off
- tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16
auth on
user lassulus
passwordeval pass show c-base/pass
@@ -24,11 +22,12 @@ let
notmuch-config = pkgs.writeText "notmuch-config" ''
[database]
path=/home/lass/Maildir
+ mail_root=/home/lass/Maildir
[user]
name=lassulus
primary_email=lassulus@lassul.us
- other_email=lass@mors.r;${concatStringsSep ";" (flatten (attrValues mailboxes))}
+ other_email=lass@mors.r;${lib.concatStringsSep ";" (lib.flatten (lib.attrValues mailboxes))}
[new]
tags=unread;inbox;
@@ -93,11 +92,37 @@ let
tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
${pkgs.notmuch}/bin/notmuch new
- ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+ ${lib.concatMapStringsSep "\n" (i: ''
+ '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
+ ${lib.concatMapStringsSep "\n" (i: ''
+ mkdir -p "$HOME/Maildir/.${i.name}/cur"
+ for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do
+ if test -e "$mail"; then
+ mv "$mail" "$HOME/Maildir/.${i.name}/cur/"
+ else
+ echo "$mail does not exist"
+ fi
+ done
+ ${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
+ '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
+ ${pkgs.notmuch}/bin/notmuch new
+ ${pkgs.notmuch}/bin/notmuch dump > "$HOME/Maildir/notmuch.backup"
'';
tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
- ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+ set -efux
+ ${lib.concatMapStringsSep "\n" (i: ''
+ ${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${lib.concatMapStringsSep " or " (f: "${f}") i.value}
+ mkdir -p "$HOME/Maildir/.${i.name}/cur"
+ for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files ${lib.concatMapStringsSep " or " (f: "${f}") i.value}); do
+ if test -e "$mail"; then
+ mv "$mail" "$HOME/Maildir/.${i.name}/cur/"
+ else
+ echo "$mail does not exist"
+ fi
+ done
+ '') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
+ ${pkgs.notmuch}/bin/notmuch new --no-hooks
'';
muttrc = pkgs.writeText "muttrc" ''
@@ -110,17 +135,6 @@ let
set crypt_verify_sig = yes
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
- macro index \Cv \
- "<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
- <enter-command> set crypt_verify_sig=yes<enter> \
- <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
- 'Verify PGP signature and open the message'
-
- macro pager \Cv \
- "<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \
- <enter-command> set crypt_verify_sig=yes<enter> \
- <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
- 'Verify PGP signature'
# read html mails
auto_view text/html
@@ -138,8 +152,8 @@ let
set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail
set from="lassulus@lassul.us"
alternates ^.*@lassul\.us$ ^.*@.*\.r$
- set use_from=yes
- set envelope_from=yes
+ unset envelope_from_address
+ set use_envelope_from
set reverse_name
set sort=threads
@@ -148,7 +162,7 @@ let
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
- ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
+ ${lib.concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (lib.mapAttrsToList lib.nameValuePair mailboxes)}
virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
virtual-mailboxes "Starred" "notmuch://?query=tag:*"
virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
@@ -166,6 +180,15 @@ let
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
+ # muchsync
+ bind index \Cr noop
+ macro index \Cr \
+ "<enter-command>unset wait_key<enter> \
+ <shell-escape>${pkgs.writeDash "muchsync" ''
+ set -efu
+ ${pkgs.muchsync}/bin/muchsync -F lass@green.r
+ ''}<enter> \
+ 'run muchsync to green.r'
#killed
bind index d noop
@@ -213,6 +236,9 @@ let
macro pager ,@3 "<enter-command> set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar<Enter>"
macro pager ] ,@1 'Toggle indexbar
+ # urlview
+ macro pager \cb <pipe-entry>'${pkgs.urlview}/bin/urlview'<enter> 'Follow links with urlview'
+
# sidebar
set sidebar_divider_char = '│'
set sidebar_delim_chars = "/"
diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix
new file mode 100644
index 000000000..e4bfcff89
--- /dev/null
+++ b/lass/2configs/orange-host.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+ krebs.sync-containers3.containers.orange = {
+ sshKey = "${toString <secrets>}/orange.sync.key";
+ };
+ services.nginx.virtualHosts."lassul.us" = {
+ # enableACME = config.security;
+ # forceSSL = true;
+ locations."/" = {
+ recommendedProxySettings = true;
+ proxyWebsockets = true;
+ proxyPass = "http://orange.r";
+ };
+ };
+}
diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/radio/container-host.nix
index e32095ffa..de0ea9afe 100644
--- a/lass/2configs/radio/container-host.nix
+++ b/lass/2configs/radio/container-host.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{
- lass.sync-containers3.containers.radio = {
+ krebs.sync-containers3.containers.radio = {
sshKey = "${toString <secrets>}/radio.sync.key";
};
containers.radio = {
diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix
index cbd9c097e..171191dac 100644
--- a/lass/2configs/red-host.nix
+++ b/lass/2configs/red-host.nix
@@ -8,7 +8,7 @@ in
];
- lass.sync-containers3.containers.red = {
+ krebs.sync-containers3.containers.red = {
sshKey = "${toString <secrets>}/containers/red/sync.key";
ephemeral = true;
};
diff --git a/lass/2configs/riot.nix b/lass/2configs/riot.nix
index 559e7b20d..6aacec5b6 100644
--- a/lass/2configs/riot.nix
+++ b/lass/2configs/riot.nix
@@ -31,27 +31,31 @@
privateNetwork = true;
hostAddress = "10.233.1.1";
localAddress = "10.233.1.2";
- forwardPorts = [
- { hostPort = 45622; containerPort = 22; }
- ];
};
systemd.network.networks."50-ve-riot" = {
matchConfig.Name = "ve-riot";
networkConfig = {
- IPForward = "yes";
# weirdly we have to use POSTROUTING MASQUERADE here
+ # and set ip_forward manually
+ # IPForward = "yes";
# IPMasquerade = "both";
LinkLocalAddressing = "no";
KeepConfiguration = "static";
};
};
- # networking.nat can be used instead of this
+ boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
+
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s ${config.containers.riot.localAddress}"; target = "MASQUERADE"; }
];
+
+ # networking.nat can be used instead of this
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { predicate = "-p tcp --dport 45622"; target = "DNAT --to-destination ${config.containers.riot.localAddress}:22"; v6 = false; }
+ ];
krebs.iptables.tables.filter.FORWARD.rules = [
{ predicate = "-i ve-riot"; target = "ACCEPT"; }
{ predicate = "-o ve-riot"; target = "ACCEPT"; }
diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix
new file mode 100644
index 000000000..a4ad5e55e
--- /dev/null
+++ b/lass/2configs/ubik-host.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+ krebs.sync-containers3.containers.ubik = {
+ sshKey = "${toString <secrets>}/ubik.sync.key";
+ };
+ containers.ubik.bindMounts."/var/lib" = {
+ hostPath = "/var/lib/sync-containers3/ubik/state";
+ isReadOnly = false;
+ };
+ containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
+ hostPath = "/var/ubik";
+ isReadOnly = false;
+ };
+ services.nginx.virtualHosts."c.apanowicz.de" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ recommendedProxySettings = true;
+ proxyWebsockets = true;
+ proxyPass = "http://ubik.r";
+ extraConfig = ''
+ client_max_body_size 9001M;
+ '';
+ };
+ };
+}
diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix
index 8784da379..b506e026d 100644
--- a/lass/2configs/xmonad.nix
+++ b/lass/2configs/xmonad.nix
@@ -53,6 +53,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.NamedWindows (getName)
import XMonad.Util.Run (safeSpawn)
import XMonad.Util.Ungrab (unGrab)
+import XMonad.Util.Paste (pasteSelection)
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
@@ -105,11 +106,9 @@ floatHooks = composeAll
myKeyMap :: [([Char], X ())]
myKeyMap =
- [ ("M4-C-p", forkFile "${pkgs.scrot}/bin/scrot" [ "~/public_html/scrot.png" ] Nothing )
- , ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing)
+ [ ("M4-p", forkFile "${pkgs.pass}/bin/passmenu" [ "--type" ] Nothing)
, ("M4-S-p", forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
- , ("M4-o", forkFile "${pkgs.brain}/bin/brainmenu --type" [] Nothing)
- , ("M4-z", forkFile "${pkgs.emot-menu}/bin/emoticons" [] Nothing)
+ , ("M4-z", forkFile "${pkgs.unimenu}/bin/unimenu" [] Nothing)
, ("M4-S-q", restart "xmonad" True)
@@ -177,13 +176,13 @@ myKeyMap =
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
, ("M4-<F11>", spawn "${config.lass.screenlock.command}")
- , ("M4-<F12>", spawn "${pkgs.systemd}/bin/systemctl suspend -i")
, ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
, ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle")
- , ("M4-s", spawn "${pkgs.knav}/bin/knav")
+ ${lib.optionalString (builtins.hasAttr "warpd" pkgs) '', ("M4-s", spawn "${pkgs.warpd}/bin/warpd --hint")''}
, ("M4-i", spawn "/run/current-system/sw/bin/screenshot")
+ , ("S-<F12>", pasteSelection)
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
diff --git a/lass/2configs/yellow-host.nix b/lass/2configs/yellow-host.nix
index d07c222c6..36027cb5d 100644
--- a/lass/2configs/yellow-host.nix
+++ b/lass/2configs/yellow-host.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{
- lass.sync-containers3.containers.yellow = {
+ krebs.sync-containers3.containers.yellow = {
sshKey = "${toString <secrets>}/yellow.sync.key";
};
containers.yellow.bindMounts."/var/lib" = {
diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix
index a37752d5e..bf6a587af 100644
--- a/lass/2configs/yubikey.nix
+++ b/lass/2configs/yubikey.nix
@@ -3,6 +3,7 @@
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
+ pinentry-curses pinentry-qt
];
services.udev.packages = with pkgs; [ yubikey-personalization ];
@@ -11,6 +12,7 @@
services.pcscd.enable = true;
systemd.user.services.gpg-agent.serviceConfig.ExecStartPre = pkgs.writers.writeDash "init_gpg" ''
set -x
+ mkdir -p $HOME/.gnupg
${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "scdaemon.conf" ''
disable-ccid
pcsc-driver ${pkgs.pcsclite.out}/lib/libpcsclite.so.1
@@ -25,6 +27,10 @@
reader-port Yubico YubiKey
''} $HOME/.gnupg/scdaemon.conf
'';
+ systemd.user.services.gpg-agent.serviceConfig.ExecStartPost = pkgs.writers.writeDash "init_gpg" ''
+ ${pkgs.gnupg}/bin/gpg --import ${../../kartei/lass/pgp/yubikey.pgp} >/dev/null
+ echo -e '5\ny\n' | gpg --command-fd 0 --expert --edit-key DBCD757846069B392EA9401D6657BE8A8D1EE807 trust >/dev/null || :
+ '';
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
@@ -38,13 +44,14 @@
}
});
polkit.addRule(function(action, subject) {
- polkit.log("subject: " + subject + " action: " + action);
+ polkit.log("subject: " + subject + " action: " + action);
});
'';
environment.shellInit = ''
if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
export GPG_TTY="$(tty)"
+ mkdir -p $HOME/.gnupg
gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
if [ -z "$SSH_AUTH_SOCK" ]; then
@@ -61,6 +68,7 @@
ssh.startAgent = false;
gnupg.agent = {
enable = true;
+ pinentryFlavor = "qt";
# enableSSHSupport = true;
};
};