diff options
author | jeschli <jeschli@gmail.com> | 2018-03-20 15:37:44 +0100 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2018-03-20 15:37:44 +0100 |
commit | 01358d3947b46c2d9cceb7f6c53855cb536d6efe (patch) | |
tree | 194c3c5e346327774603f8948a0fa301a082be90 /lass | |
parent | 390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 (diff) | |
parent | 6267aa42509a4f56dc95dfc2db7773c33ca12522 (diff) |
Merge branch 'staging/jeschli' of prism.r:stockholm into staging/jeschli
Diffstat (limited to 'lass')
25 files changed, 589 insertions, 89 deletions
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index f53e93f26..c4d99cb2c 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -16,6 +16,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/virtualbox.nix> <stockholm/lass/2configs/dcso-dev.nix> <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/rtl-sdr.nix> { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -136,24 +137,47 @@ with import <stockholm/lib>; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.writeText "minio.cert" '' + -----BEGIN CERTIFICATE----- + MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS + MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 + OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC + AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL + 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV + YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C + ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM + CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw + hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk + MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw + I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB + CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 + hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox + jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY + EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM + zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a + qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa + -----END CERTIFICATE----- + '') ]; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" ]; + users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; services.printing.drivers = [ pkgs.postscript-lexmark ]; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + virtualisation.docker.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 936666a73..cbb71ab24 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -31,6 +31,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/ableton.nix> + <stockholm/lass/2configs/dunst.nix> + <stockholm/lass/2configs/rtl-sdr.nix> { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -89,6 +91,10 @@ with import <stockholm/lib>; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/home/virtual" = { + device = "/dev/mapper/pool-virtual"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' @@ -176,7 +182,7 @@ with import <stockholm/lib>; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' @@ -194,5 +200,6 @@ with import <stockholm/lib>; nix.package = pkgs.nixUnstable; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" ]; + users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; + virtualisation.docker.enable = true; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 087aaab06..c0e4620cc 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -292,11 +292,22 @@ in { <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/lass/2configs/dcso-dev.nix> { + users.users.jeschli = { + uid = genid "jeschli"; + isNormalUser = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-bolide.pubkey + jeschli-brauerei.pubkey + ]; + }; krebs.git.rules = [ { user = with config.krebs.users; [ jeschli jeschli-bln + jeschli-bolide jeschli-brauerei ]; repo = [ config.krebs.git.repos.stockholm ]; @@ -313,6 +324,18 @@ in { } <stockholm/lass/2configs/downloading.nix> <stockholm/lass/2configs/minecraft.nix> + { + services.taskserver = { + enable = true; + fqdn = "lassul.us"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "lass" "android" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ef015aebc..7fb57544f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -61,4 +61,8 @@ with import <stockholm/lib>; SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" ''; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; } diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 51512955e..7d3dfd428 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -41,6 +41,7 @@ in { lass-shodan.pubkey lass-icarus.pubkey lass-android.pubkey + lass-helios.pubkey ]; }; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 5ca024574..ed179ded6 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -2,6 +2,7 @@ with import <stockholm/lib>; let user = config.krebs.build.user; + xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; }; in { imports = [ ./mpv.nix @@ -10,6 +11,7 @@ in { ./livestream.nix ./dns-stuff.nix ./urxvt.nix + ./network-manager.nix { hardware.pulseaudio = { enable = true; @@ -83,7 +85,6 @@ in { powertop push rxvt_unicode_with-plugins - screengrab slock sxiv timewarrior @@ -98,6 +99,7 @@ in { zathura cabal2nix + xephyrify ]; fonts.fonts = with pkgs; [ @@ -121,13 +123,13 @@ in { name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.coreutils}/bin/sleep infinity + ${pkgs.systemd}/bin/systemctl --user start xmonad + exec ${pkgs.coreutils}/bin/sleep infinity ''; }]; }; systemd.user.services.xmonad = { - wantedBy = [ "graphical-session.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; RXVT_SOCKET = "%t/urxvtd-socket"; @@ -135,8 +137,8 @@ in { }; serviceConfig = { SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; + ExecStart = "${xmonad-lass}/bin/xmonad"; + ExecStop = "${xmonad-lass}/bin/xmonad --shutdown"; }; restartIfChanged = false; }; diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index cbf853d64..ae1c7bc8d 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -17,6 +17,7 @@ in { config.krebs.users.lass.pubkey config.krebs.users.lass-android.pubkey config.krebs.users.jeschli-bln.pubkey + config.krebs.users.jeschli-brauerei.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB" ]; @@ -44,6 +45,11 @@ in { }; }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9000"; target = "ACCEPT";} + ]; + krebs.per-user.dev.packages = [ pkgs.go ]; @@ -51,4 +57,6 @@ in { security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; + + services.minio.enable = true; } diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 9582413ed..8d0fb0d02 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -16,6 +16,8 @@ with import <stockholm/lib>; lass.pubkey lass-shodan.pubkey lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey makefu.pubkey wine-mors.pubkey ]; diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix new file mode 100644 index 000000000..6d3d839bc --- /dev/null +++ b/lass/2configs/dunst.nix @@ -0,0 +1,277 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + dunstConfig = pkgs.writeText "dunst-config" '' + [global] + font = Iosevka Term 11 + + # Allow a small subset of html markup: + # <b>bold</b> + # <i>italic</i> + # <s>strikethrough</s> + # <u>underline</u> + # + # For a complete reference see + # <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>. + # If markup is not allowed, those tags will be stripped out of the + # message. + markup = yes + plain_text = no + + # The format of the message. Possible variables are: + # %a appname + # %s summary + # %b body + # %i iconname (including its path) + # %I iconname (without its path) + # %p progress value if set ([ 0%] to [100%]) or nothing + # Markup is allowed + format = "%a\n<b>%s</b>\n%b" + + # Sort messages by urgency. + sort = yes + + # Show how many messages are currently hidden (because of geometry). + indicate_hidden = yes + + # Alignment of message text. + # Possible values are "left", "center" and "right". + alignment = center + + # The frequency with wich text that is longer than the notification + # window allows bounces back and forth. + # This option conflicts with "word_wrap". + # Set to 0 to disable. + bounce_freq = 0 + + # Show age of message if message is older than show_age_threshold + # seconds. + # Set to -1 to disable. + show_age_threshold = 1 + + # Split notifications into multiple lines if they don't fit into + # geometry. + word_wrap = yes + + # Ignore newlines '\n' in notifications. + ignore_newline = no + + # Hide duplicate's count and stack them + stack_duplicates = yes + hide_duplicates_count = no + + + # The geometry of the window: + # [{width}]x{height}[+/-{x}+/-{y}] + # The geometry of the message window. + # The height is measured in number of notifications everything else + # in pixels. If the width is omitted but the height is given + # ("-geometry x2"), the message window expands over the whole screen + # (dmenu-like). If width is 0, the window expands to the longest + # message displayed. A positive x is measured from the left, a + # negative from the right side of the screen. Y is measured from + # the top and down respectevly. + # The width can be negative. In this case the actual width is the + # screen width minus the width defined in within the geometry option. + geometry = "500x10-0+0" + + # Shrink window if it's smaller than the width. Will be ignored if + # width is 0. + shrink = no + + # The transparency of the window. Range: [0; 100]. + # This option will only work if a compositing windowmanager is + # present (e.g. xcompmgr, compiz, etc.). + # transparency = 5 + + # Don't remove messages, if the user is idle (no mouse or keyboard input) + # for longer than idle_threshold seconds. + # Set to 0 to disable. + idle_threshold = 0 + + # Which monitor should the notifications be displayed on. + monitor = keyboard + + # Display notification on focused monitor. Possible modes are: + # mouse: follow mouse pointer + # keyboard: follow window with keyboard focus + # none: don't follow anything + # + # "keyboard" needs a windowmanager that exports the + # _NET_ACTIVE_WINDOW property. + # This should be the case for almost all modern windowmanagers. + # + # If this option is set to mouse or keyboard, the monitor option + # will be ignored. + follow = none + + # Should a notification popped up from history be sticky or timeout + # as if it would normally do. + sticky_history = yes + + # Maximum amount of notifications kept in history + history_length = 15 + + # Display indicators for URLs (U) and actions (A). + show_indicators = no + + # The height of a single line. If the height is smaller than the + # font height, it will get raised to the font height. + # This adds empty space above and under the text. + line_height = 3 + + # Draw a line of "separatpr_height" pixel height between two + # notifications. + # Set to 0 to disable. + separator_height = 1 + + # Padding between text and separator. + padding = 1 + + # Horizontal padding. + horizontal_padding = 1 + + # Define a color for the separator. + # possible values are: + # * auto: dunst tries to find a color fitting to the background; + # * foreground: use the same color as the foreground; + # * frame: use the same color as the frame; + # * anything else will be interpreted as a X color. + separator_color = frame + + # Print a notification on startup. + # This is mainly for error detection, since dbus (re-)starts dunst + # automatically after a crash. + startup_notification = true + + # dmenu path. + dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst: + + # Browser for opening urls in context menu. + browser = /usr/bin/firefox -new-tab + + # Align icons left/right/off + icon_position = off + max_icon_size = 80 + + # Paths to default icons. + icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/ + + frame_width = 2 + frame_color = "#8EC07C" + + [shortcuts] + + # Shortcuts are specified as [modifier+][modifier+]...key + # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2", + # "mod3" and "mod4" (windows-key). + # Xev might be helpful to find names for keys. + + # Close notification. + close = ctrl+space + + # Close all notifications. + close_all = ctrl+shift+space + + # Redisplay last message(s). + # On the US keyboard layout "grave" is normally above TAB and left + # of "1". + history = ctrl+grave + + # Context menu. + context = mod4+u + + [urgency_low] + # IMPORTANT: colors have to be defined in quotation marks. + # Otherwise the "#" and following would be interpreted as a comment. + frame_color = "#3B7C87" + foreground = "#3B7C87" + background = "#191311" + #background = "#2B313C" + timeout = 0 + + [urgency_normal] + frame_color = "#5B8234" + foreground = "#5B8234" + background = "#191311" + #background = "#2B313C" + timeout = 0 + + [urgency_critical] + frame_color = "#B7472A" + foreground = "#B7472A" + background = "#191311" + #background = "#2B313C" + timeout = 0 + + + # Every section that isn't one of the above is interpreted as a rules to + # override settings for certain messages. + # Messages can be matched by "appname", "summary", "body", "icon", "category", + # "msg_urgency" and you can override the "timeout", "urgency", "foreground", + # "background", "new_icon" and "format". + # Shell-like globbing will get expanded. + # + # SCRIPTING + # You can specify a script that gets run when the rule matches by + # setting the "script" option. + # The script will be called as follows: + # script appname summary body icon urgency + # where urgency can be "LOW", "NORMAL" or "CRITICAL". + # + # NOTE: if you don't want a notification to be displayed, set the format + # to "". + # NOTE: It might be helpful to run dunst -print in a terminal in order + # to find fitting options for rules. + + #[espeak] + # summary = "*" + # script = dunst_espeak.sh + + #[script-test] + # summary = "*script*" + # script = dunst_test.sh + + #[ignore] + # # This notification will not be displayed + # summary = "foobar" + # format = "" + + #[signed_on] + # appname = Pidgin + # summary = "*signed on*" + # urgency = low + # + #[signed_off] + # appname = Pidgin + # summary = *signed off* + # urgency = low + # + #[says] + # appname = Pidgin + # summary = *says* + # urgency = critical + # + #[twitter] + # appname = Pidgin + # summary = *twitter.com* + # urgency = normal + # + # vim: ft=cfg + ''; +in { + systemd.user.services.dunst = { + wantedBy = [ "graphical-session.target" ]; + requires = [ "xmonad.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + }; + serviceConfig = { + SyslogIdentifier = "dunst"; + ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}"; + Restart = "always"; + RestartSec = "15s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 0219f5216..ae652722a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -11,7 +11,6 @@ with import <stockholm/lib>; primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" - "aidsballs.de" ]; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors @@ -59,6 +58,26 @@ with import <stockholm/lib>; { from = "coinexchange@lassul.us"; to = lass.mail; } { from = "verwaltung@lassul.us"; to = lass.mail; } { from = "gearbest@lassul.us"; to = lass.mail; } + { from = "binance@lassul.us"; to = lass.mail; } + { from = "bitfinex@lassul.us"; to = lass.mail; } + { from = "alternate@lassul.us"; to = lass.mail; } + { from = "redacted@lassul.us"; to = lass.mail; } + { from = "mytaxi@lassul.us"; to = lass.mail; } + { from = "pizza@lassul.us"; to = lass.mail; } + { from = "robinhood@lassul.us"; to = lass.mail; } + { from = "drivenow@lassul.us"; to = lass.mail; } + { from = "aws@lassul.us"; to = lass.mail; } + { from = "reddit@lassul.us"; to = lass.mail; } + { from = "banggood@lassul.us"; to = lass.mail; } + { from = "immoscout@lassul.us"; to = lass.mail; } + { from = "gmail@lassul.us"; to = lass.mail; } + { from = "amazon@lassul.us"; to = lass.mail; } + { from = "humblebundle@lassul.us"; to = lass.mail; } + { from = "meetup@lassul.us"; to = lass.mail; } + { from = "gebfrei@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "ovh@lassul.us"; to = lass.mail; } + { from = "hetzner@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 03414a745..24b806efa 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -10,9 +10,13 @@ let echelon = "197"; cloudkrebs = "119"; }; + urgent = [ + "\\blass@mors\\b" + ]; in { environment.systemPackages = [ (pkgs.writeDashBin "logf" '' + export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent} export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors} ${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)} '') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 7c58e8c5f..03d39ef75 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -21,13 +21,46 @@ let ''; mailboxes = { - wireguard = [ "wireguard@lists.zx2c4" ]; - c-base = [ "c-base.org" ]; - security = [ "seclists.org" "security" "bugtraq" ]; - nix-devel = [ "nix-devel@googlegroups.com" ]; - shack = [ "shackspace.de" ]; + c-base = [ "to:c-base.org" ]; + coins = [ + "to:btce@lassul.us" + "to:coinbase@lassul.us" + "to:polo@lassul.us" + "to:bitwala@lassul.us" + "to:payeer@lassul.us" + "to:gatehub@lassul.us" + "to:bitfinex@lassul.us" + "to:binance@lassul.us" + "to:bitcoin.de@lassul.us" + "to:robinhood@lassul.us" + ]; + dezentrale = [ "to:dezentrale.space" ]; + dhl = [ "to:dhl@lassul.us" ]; + github = [ "to:github@lassul.us" ]; + gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; + nix-devel = [ "to:nix-devel@googlegroups.com" ]; + patreon = [ "to:patreon@lassul.us" ]; + paypal = [ "to:paypal@lassul.us" ]; + ptl = [ "to:ptl@posttenebraslab.ch" ]; + retiolum = [ "to:lass@mors.r" ]; + security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ]; + shack = [ "to:shackspace.de" ]; + steam = [ "to:steam@lassul.us" ]; + tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ]; + wireguard = [ "to:wireguard@lists.zx2c4" ]; + zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ]; }; + tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' + ${pkgs.notmuch}/bin/notmuch new + ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ''; + + tag-old-mails = pkgs.writeDashBin "nm-tag-old" '' + ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ''; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -80,16 +113,15 @@ let # V ''} %r |" - virtual-mailboxes \ - "Unread" "notmuch://?query=tag:unread"\ - "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\ - ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)} - "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\ - "TODO" "notmuch://?query=tag:TODO"\ - "Starred" "notmuch://?query=tag:*"\ - "Archive" "notmuch://?query=tag:archive"\ - "Sent" "notmuch://?query=tag:sent"\ - "Junk" "notmuch://?query=tag:junk" + virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" + virtual-mailboxes "Unread" "notmuch://?query=tag:unread" + ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} + virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" + virtual-mailboxes "Starred" "notmuch://?query=tag:*" + virtual-mailboxes "Archive" "notmuch://?query=tag:archive" + virtual-mailboxes "Sent" "notmuch://?query=tag:sent" + virtual-mailboxes "Junk" "notmuch://?query=tag:junk" + virtual-mailboxes "All" "notmuch://?query=*" tag-transforms "junk" "k" \ "unread" "u" \ @@ -163,5 +195,7 @@ in { mutt pkgs.much pkgs.notmuch + tag-new-mails + tag-old-mails ]; } diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix index aa33dcccc..6f8ceb358 100644 --- a/lass/2configs/minecraft.nix +++ b/lass/2configs/minecraft.nix @@ -17,5 +17,6 @@ krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } ]; } diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix new file mode 100644 index 000000000..c4f757de1 --- /dev/null +++ b/lass/2configs/network-manager.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, ... }: +{ + networking.wireless.enable = lib.mkForce false; + + systemd.services.modemmanager = { + description = "ModemManager"; + after = [ "network-manager.service" ]; + bindsTo = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" ]; + serviceC |