summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-03-20 15:37:44 +0100
committerjeschli <jeschli@gmail.com>2018-03-20 15:37:44 +0100
commit01358d3947b46c2d9cceb7f6c53855cb536d6efe (patch)
tree194c3c5e346327774603f8948a0fa301a082be90 /lass
parent390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 (diff)
parent6267aa42509a4f56dc95dfc2db7773c33ca12522 (diff)
Merge branch 'staging/jeschli' of prism.r:stockholm into staging/jeschli
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/helios/config.nix42
-rw-r--r--lass/1systems/mors/config.nix11
-rw-r--r--lass/1systems/prism/config.nix23
-rw-r--r--lass/1systems/shodan/config.nix4
-rw-r--r--lass/2configs/IM.nix1
-rw-r--r--lass/2configs/baseX.nix12
-rw-r--r--lass/2configs/dcso-dev.nix8
-rw-r--r--lass/2configs/downloading.nix2
-rw-r--r--lass/2configs/dunst.nix277
-rw-r--r--lass/2configs/exim-smarthost.nix21
-rw-r--r--lass/2configs/logf.nix4
-rw-r--r--lass/2configs/mail.nix64
-rw-r--r--lass/2configs/minecraft.nix1
-rw-r--r--lass/2configs/network-manager.nix24
-rw-r--r--lass/2configs/rtl-sdr.nix6
-rw-r--r--lass/2configs/vim.nix6
-rw-r--r--lass/2configs/websites/util.nix1
-rw-r--r--lass/2configs/wine.nix15
-rw-r--r--lass/2configs/zsh.nix7
-rw-r--r--lass/3modules/xserver/default.nix6
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix (renamed from lass/5pkgs/xmonad-lass.nix)28
-rw-r--r--lass/5pkgs/default.nix63
-rw-r--r--lass/5pkgs/xephyrify/default.nix42
-rw-r--r--lass/default.nix4
-rw-r--r--lass/source.nix6
25 files changed, 589 insertions, 89 deletions
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index f53e93f26..c4d99cb2c 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -136,24 +137,47 @@ with import <stockholm/lib>;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
-
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.writeText "minio.cert" ''
+ -----BEGIN CERTIFICATE-----
+ MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
+ MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
+ OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+ AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
+ 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
+ YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
+ ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
+ CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
+ hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
+ MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
+ I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
+ CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
+ hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
+ jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
+ EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
+ zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
+ qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
+ -----END CERTIFICATE-----
+ '')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
+
+ virtualisation.docker.enable = true;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 936666a73..cbb71ab24 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
+ <stockholm/lass/2configs/dunst.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/home/virtual" = {
+ device = "/dev/mapper/pool-virtual";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
@@ -176,7 +182,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2
exit 23
else
- exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
+ exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
fi
'';
predeploy = pkgs.writeDash "predeploy" ''
@@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
+ virtualisation.docker.enable = true;
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 087aaab06..c0e4620cc 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -292,11 +292,22 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
+ users.users.jeschli = {
+ uid = genid "jeschli";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ jeschli.pubkey
+ jeschli-bln.pubkey
+ jeschli-bolide.pubkey
+ jeschli-brauerei.pubkey
+ ];
+ };
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
+ jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
@@ -313,6 +324,18 @@ in {
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
+ {
+ services.taskserver = {
+ enable = true;
+ fqdn = "lassul.us";
+ listenHost = "::";
+ listenPort = 53589;
+ organisations.lass.users = [ "lass" "android" ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ef015aebc..7fb57544f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 51512955e..7d3dfd428 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -41,6 +41,7 @@ in {
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
+ lass-helios.pubkey
];
};
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 5ca024574..ed179ded6 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -2,6 +2,7 @@
with import <stockholm/lib>;
let
user = config.krebs.build.user;
+ xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
in {
imports = [
./mpv.nix
@@ -10,6 +11,7 @@ in {
./livestream.nix
./dns-stuff.nix
./urxvt.nix
+ ./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
@@ -83,7 +85,6 @@ in {
powertop
push
rxvt_unicode_with-plugins
- screengrab
slock
sxiv
timewarrior
@@ -98,6 +99,7 @@ in {
zathura
cabal2nix
+ xephyrify
];
fonts.fonts = with pkgs; [
@@ -121,13 +123,13 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- ${pkgs.coreutils}/bin/sleep infinity
+ ${pkgs.systemd}/bin/systemctl --user start xmonad
+ exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
- wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";
@@ -135,8 +137,8 @@ in {
};
serviceConfig = {
SyslogIdentifier = "xmonad";
- ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
- ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
+ ExecStart = "${xmonad-lass}/bin/xmonad";
+ ExecStop = "${xmonad-lass}/bin/xmonad --shutdown";
};
restartIfChanged = false;
};
diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index cbf853d64..ae1c7bc8d 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey
+ config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
@@ -44,6 +45,11 @@ in {
};
};
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
+ { predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
+ ];
+
krebs.per-user.dev.packages = [
pkgs.go
];
@@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
+
+ services.minio.enable = true;
}
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 9582413ed..8d0fb0d02 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
+ lass-daedalus.pubkey
+ lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix
new file mode 100644
index 000000000..6d3d839bc
--- /dev/null
+++ b/lass/2configs/dunst.nix
@@ -0,0 +1,277 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ dunstConfig = pkgs.writeText "dunst-config" ''
+ [global]
+ font = Iosevka Term 11
+
+ # Allow a small subset of html markup:
+ # <b>bold</b>
+ # <i>italic</i>
+ # <s>strikethrough</s>
+ # <u>underline</u>
+ #
+ # For a complete reference see
+ # <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
+ # If markup is not allowed, those tags will be stripped out of the
+ # message.
+ markup = yes
+ plain_text = no
+
+ # The format of the message. Possible variables are:
+ # %a appname
+ # %s summary
+ # %b body
+ # %i iconname (including its path)
+ # %I iconname (without its path)
+ # %p progress value if set ([ 0%] to [100%]) or nothing
+ # Markup is allowed
+ format = "%a\n<b>%s</b>\n%b"
+
+ # Sort messages by urgency.
+ sort = yes
+
+ # Show how many messages are currently hidden (because of geometry).
+ indicate_hidden = yes
+
+ # Alignment of message text.
+ # Possible values are "left", "center" and "right".
+ alignment = center
+
+ # The frequency with wich text that is longer than the notification
+ # window allows bounces back and forth.
+ # This option conflicts with "word_wrap".
+ # Set to 0 to disable.
+ bounce_freq = 0
+
+ # Show age of message if message is older than show_age_threshold
+ # seconds.
+ # Set to -1 to disable.
+ show_age_threshold = 1
+
+ # Split notifications into multiple lines if they don't fit into
+ # geometry.
+ word_wrap = yes
+
+ # Ignore newlines '\n' in notifications.
+ ignore_newline = no
+
+ # Hide duplicate's count and stack them
+ stack_duplicates = yes
+ hide_duplicates_count = no
+
+
+ # The geometry of the window:
+ # [{width}]x{height}[+/-{x}+/-{y}]
+ # The geometry of the message window.
+ # The height is measured in number of notifications everything else
+ # in pixels. If the width is omitted but the height is given
+ # ("-geometry x2"), the message window expands over the whole screen
+ # (dmenu-like). If width is 0, the window expands to the longest
+ # message displayed. A positive x is measured from the left, a
+ # negative from the right side of the screen. Y is measured from
+ # the top and down respectevly.
+ # The width can be negative. In this case the actual width is the
+ # screen width minus the width defined in within the geometry option.
+ geometry = "500x10-0+0"
+
+ # Shrink window if it's smaller than the width. Will be ignored if
+ # width is 0.
+ shrink = no
+
+ # The transparency of the window. Range: [0; 100].
+ # This option will only work if a compositing windowmanager is
+ # present (e.g. xcompmgr, compiz, etc.).
+ # transparency = 5
+
+ # Don't remove messages, if the user is idle (no mouse or keyboard input)
+ # for longer than idle_threshold seconds.
+ # Set to 0 to disable.
+ idle_threshold = 0
+
+ # Which monitor should the notifications be displayed on.
+ monitor = keyboard
+
+ # Display notification on focused monitor. Possible modes are:
+ # mouse: follow mouse pointer
+ # keyboard: follow window with keyboard focus
+ # none: don't follow anything
+ #
+ # "keyboard" needs a windowmanager that exports the
+ # _NET_ACTIVE_WINDOW property.
+ # This should be the case for almost all modern windowmanagers.
+ #
+ # If this option is set to mouse or keyboard, the monitor option
+ # will be ignored.
+ follow = none
+
+ # Should a notification popped up from history be sticky or timeout
+ # as if it would normally do.
+ sticky_history = yes
+
+ # Maximum amount of notifications kept in history
+ history_length = 15
+
+ # Display indicators for URLs (U) and actions (A).
+ show_indicators = no
+
+ # The height of a single line. If the height is smaller than the
+ # font height, it will get raised to the font height.
+ # This adds empty space above and under the text.
+ line_height = 3
+
+ # Draw a line of "separatpr_height" pixel height between two
+ # notifications.
+ # Set to 0 to disable.
+ separator_height = 1
+
+ # Padding between text and separator.
+ padding = 1
+
+ # Horizontal padding.
+ horizontal_padding = 1
+
+ # Define a color for the separator.
+ # possible values are:
+ # * auto: dunst tries to find a color fitting to the background;
+ # * foreground: use the same color as the foreground;
+ # * frame: use the same color as the frame;
+ # * anything else will be interpreted as a X color.
+ separator_color = frame
+
+ # Print a notification on startup.
+ # This is mainly for error detection, since dbus (re-)starts dunst
+ # automatically after a crash.
+ startup_notification = true
+
+ # dmenu path.
+ dmenu = ${pkgs.dmenu}/bin/dmenu -p dunst:
+
+ # Browser for opening urls in context menu.
+ browser = /usr/bin/firefox -new-tab
+
+ # Align icons left/right/off
+ icon_position = off
+ max_icon_size = 80
+
+ # Paths to default icons.
+ icon_folders = /usr/share/icons/Paper/16x16/mimetypes/:/usr/share/icons/Paper/48x48/status/:/usr/share/icons/Paper/16x16/devices/:/usr/share/icons/Paper/48x48/notifications/:/usr/share/icons/Paper/48x48/emblems/
+
+ frame_width = 2
+ frame_color = "#8EC07C"
+
+ [shortcuts]
+
+ # Shortcuts are specified as [modifier+][modifier+]...key
+ # Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
+ # "mod3" and "mod4" (windows-key).
+ # Xev might be helpful to find names for keys.
+
+ # Close notification.
+ close = ctrl+space
+
+ # Close all notifications.
+ close_all = ctrl+shift+space
+
+ # Redisplay last message(s).
+ # On the US keyboard layout "grave" is normally above TAB and left
+ # of "1".
+ history = ctrl+grave
+
+ # Context menu.
+ context = mod4+u
+
+ [urgency_low]
+ # IMPORTANT: colors have to be defined in quotation marks.
+ # Otherwise the "#" and following would be interpreted as a comment.
+ frame_color = "#3B7C87"
+ foreground = "#3B7C87"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+
+ [urgency_normal]
+ frame_color = "#5B8234"
+ foreground = "#5B8234"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+
+ [urgency_critical]
+ frame_color = "#B7472A"
+ foreground = "#B7472A"
+ background = "#191311"
+ #background = "#2B313C"
+ timeout = 0
+
+
+ # Every section that isn't one of the above is interpreted as a rules to
+ # override settings for certain messages.
+ # Messages can be matched by "appname", "summary", "body", "icon", "category",
+ # "msg_urgency" and you can override the "timeout", "urgency", "foreground",
+ # "background", "new_icon" and "format".
+ # Shell-like globbing will get expanded.
+ #
+ # SCRIPTING
+ # You can specify a script that gets run when the rule matches by
+ # setting the "script" option.
+ # The script will be called as follows:
+ # script appname summary body icon urgency
+ # where urgency can be "LOW", "NORMAL" or "CRITICAL".
+ #
+ # NOTE: if you don't want a notification to be displayed, set the format
+ # to "".
+ # NOTE: It might be helpful to run dunst -print in a terminal in order
+ # to find fitting options for rules.
+
+ #[espeak]
+ # summary = "*"
+ # script = dunst_espeak.sh
+
+ #[script-test]
+ # summary = "*script*"
+ # script = dunst_test.sh
+
+ #[ignore]
+ # # This notification will not be displayed
+ # summary = "foobar"
+ # format = ""
+
+ #[signed_on]
+ # appname = Pidgin
+ # summary = "*signed on*"
+ # urgency = low
+ #
+ #[signed_off]
+ # appname = Pidgin
+ # summary = *signed off*
+ # urgency = low
+ #
+ #[says]
+ # appname = Pidgin
+ # summary = *says*
+ # urgency = critical
+ #
+ #[twitter]
+ # appname = Pidgin
+ # summary = *twitter.com*
+ # urgency = normal
+ #
+ # vim: ft=cfg
+ '';
+in {
+ systemd.user.services.dunst = {
+ wantedBy = [ "graphical-session.target" ];
+ requires = [ "xmonad.service" ];
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "dunst";
+ ExecStart = "${pkgs.dunst}/bin/dunst -conf ${dunstConfig}";
+ Restart = "always";
+ RestartSec = "15s";
+ StartLimitBurst = 0;
+ };
+ };
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 0219f5216..ae652722a 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -11,7 +11,6 @@ with import <stockholm/lib>;
primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
- "aidsballs.de"
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
@@ -59,6 +58,26 @@ with import <stockholm/lib>;
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
+ { from = "binance@lassul.us"; to = lass.mail; }
+ { from = "bitfinex@lassul.us"; to = lass.mail; }
+ { from = "alternate@lassul.us"; to = lass.mail; }
+ { from = "redacted@lassul.us"; to = lass.mail; }
+ { from = "mytaxi@lassul.us"; to = lass.mail; }
+ { from = "pizza@lassul.us"; to = lass.mail; }
+ { from = "robinhood@lassul.us"; to = lass.mail; }
+ { from = "drivenow@lassul.us"; to = lass.mail; }
+ { from = "aws@lassul.us"; to = lass.mail; }
+ { from = "reddit@lassul.us"; to = lass.mail; }
+ { from = "banggood@lassul.us"; to = lass.mail; }
+ { from = "immoscout@lassul.us"; to = lass.mail; }
+ { from = "gmail@lassul.us"; to = lass.mail; }
+ { from = "amazon@lassul.us"; to = lass.mail; }
+ { from = "humblebundle@lassul.us"; to = lass.mail; }
+ { from = "meetup@lassul.us"; to = lass.mail; }
+ { from = "gebfrei@lassul.us"; to = lass.mail; }
+ { from = "github@lassul.us"; to = lass.mail; }
+ { from = "ovh@lassul.us"; to = lass.mail; }
+ { from = "hetzner@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix
index 03414a745..24b806efa 100644
--- a/lass/2configs/logf.nix
+++ b/lass/2configs/logf.nix
@@ -10,9 +10,13 @@ let
echelon = "197";
cloudkrebs = "119";
};
+ urgent = [
+ "\\blass@mors\\b"
+ ];
in {
environment.systemPackages = [
(pkgs.writeDashBin "logf" ''
+ export LOGF_URGENT=${pkgs.writeJSON "urgent" urgent}
export LOGF_HOST_COLORS=${pkgs.writeJSON "host-colors" host-colors}
${pkgs.logf}/bin/logf ${concatMapStringsSep " " (name: "root@${name}") (attrNames config.lass.hosts)}
'')
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 7c58e8c5f..03d39ef75 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -21,13 +21,46 @@ let
'';
mailboxes = {
- wireguard = [ "wireguard@lists.zx2c4" ];
- c-base = [ "c-base.org" ];
- security = [ "seclists.org" "security" "bugtraq" ];
- nix-devel = [ "nix-devel@googlegroups.com" ];
- shack = [ "shackspace.de" ];
+ c-base = [ "to:c-base.org" ];
+ coins = [
+ "to:btce@lassul.us"
+ "to:coinbase@lassul.us"
+ "to:polo@lassul.us"
+ "to:bitwala@lassul.us"
+ "to:payeer@lassul.us"
+ "to:gatehub@lassul.us"
+ "to:bitfinex@lassul.us"
+ "to:binance@lassul.us"
+ "to:bitcoin.de@lassul.us"
+ "to:robinhood@lassul.us"
+ ];
+ dezentrale = [ "to:dezentrale.space" ];
+ dhl = [ "to:dhl@lassul.us" ];
+ github = [ "to:github@lassul.us" ];
+ gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
+ kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
+ nix-devel = [ "to:nix-devel@googlegroups.com" ];
+ patreon = [ "to:patreon@lassul.us" ];
+ paypal = [ "to:paypal@lassul.us" ];
+ ptl = [ "to:ptl@posttenebraslab.ch" ];
+ retiolum = [ "to:lass@mors.r" ];
+ security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
+ shack = [ "to:shackspace.de" ];
+ steam = [ "to:steam@lassul.us" ];
+ tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
+ wireguard = [ "to:wireguard@lists.zx2c4" ];
+ zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
};
+ tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
+ ${pkgs.notmuch}/bin/notmuch new
+ ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+ '';
+
+ tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
+ ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+ '';
+
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@@ -80,16 +113,15 @@ let
# V
''} %r |"
- virtual-mailboxes \
- "Unread" "notmuch://?query=tag:unread"\
- "INBOX" "notmuch://?query=tag:inbox ${concatMapStringsSep " " (f: "and NOT to:${f}") (flatten (attrValues mailboxes))}"\
- ${concatMapStringsSep "\n" (i: ''${" "}"${i.name}" "notmuch://?query=${concatMapStringsSep " or " (f: "to:${f}") i.value}"\'') (mapAttrsToList nameValuePair mailboxes)}
- "BOX" "notmuch://?query=${concatMapStringsSep " and " (f: "NOT to:${f}") (flatten (attrValues mailboxes))}"\
- "TODO" "notmuch://?query=tag:TODO"\
- "Starred" "notmuch://?query=tag:*"\
- "Archive" "notmuch://?query=tag:archive"\
- "Sent" "notmuch://?query=tag:sent"\
- "Junk" "notmuch://?query=tag:junk"
+ virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
+ virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
+ ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
+ virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
+ virtual-mailboxes "Starred" "notmuch://?query=tag:*"
+ virtual-mailboxes "Archive" "notmuch://?query=tag:archive"
+ virtual-mailboxes "Sent" "notmuch://?query=tag:sent"
+ virtual-mailboxes "Junk" "notmuch://?query=tag:junk"
+ virtual-mailboxes "All" "notmuch://?query=*"
tag-transforms "junk" "k" \
"unread" "u" \
@@ -163,5 +195,7 @@ in {
mutt
pkgs.much
pkgs.notmuch
+ tag-new-mails
+ tag-old-mails
];
}
diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix
index aa33dcccc..6f8ceb358 100644
--- a/lass/2configs/minecraft.nix
+++ b/lass/2configs/minecraft.nix
@@ -17,5 +17,6 @@
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
];
}
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
new file mode 100644
index 000000000..c4f757de1
--- /dev/null
+++ b/lass/2configs/network-manager.nix
@@ -0,0 +1,24 @@
+{ pkgs, lib, ... }:
+{
+ networking.wireless.enable = lib.mkForce false;
+
+ systemd.services.modemmanager = {
+ description = "ModemManager";
+ after = [ "network-manager.service" ];
+ bindsTo = [ "network-manager.service" ];
+ wantedBy = [ "network-manager.service" ];
+ serviceC