diff options
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 5 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 3 | ||||
| -rw-r--r-- | krebs/5pkgs/bepasty-client-cli/default.nix | 22 | ||||
| -rw-r--r-- | krebs/5pkgs/krebspaste/default.nix | 7 | ||||
| -rw-r--r-- | krebs/5pkgs/translate-shell/default.nix | 43 | ||||
| -rw-r--r-- | krebs/default.nix | 3 | ||||
| -rw-r--r-- | makefu/1systems/wry.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/headless.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.blog.nix | 34 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.wiki.nix | 13 | ||||
| -rw-r--r-- | tv/1systems/cd.nix | 4 | ||||
| -rw-r--r-- | tv/1systems/mkdir.nix | 2 | ||||
| -rw-r--r-- | tv/1systems/nomic.nix | 4 | ||||
| -rw-r--r-- | tv/1systems/rmdir.nix | 2 | ||||
| -rw-r--r-- | tv/1systems/wu.nix | 4 | ||||
| -rw-r--r-- | tv/1systems/xu.nix | 3 | ||||
| -rw-r--r-- | tv/2configs/base.nix | 14 | ||||
| -rw-r--r-- | tv/2configs/vim.nix | 118 | ||||
| -rw-r--r-- | tv/4lib/default.nix | 3 |
19 files changed, 255 insertions, 40 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a9279b027..652527da2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -164,6 +164,7 @@ with lib; dc = "makefu"; #dc = "cac"; extraZones = { "krebsco.de" = '' + euer IN A ${head nets.internet.addrs4} wiki.euer IN A ${head nets.internet.addrs4} wry IN A ${head nets.internet.addrs4} io IN NS wry.krebsco.de. @@ -191,6 +192,9 @@ with lib; "paste.retiolum" "wry.retiolum" "wiki.makefu.retiolum" + "wiki.wry.retiolum" + "blog.makefu.retiolum" + "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -240,7 +244,6 @@ with lib; extraZones = { "krebsco.de" = '' - euer IN A ${head nets.internet.addrs4} share.euer IN A ${head nets.internet.addrs4} gum IN A ${head nets.internet.addrs4} ''; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 4c295dffe..302d1a92c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -158,7 +158,8 @@ with lib; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09"; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx"; }; ok = { nets = { diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix new file mode 100644 index 000000000..990f99af6 --- /dev/null +++ b/krebs/5pkgs/bepasty-client-cli/default.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, pythonPackages, fetchurl, ... }: + +with pythonPackages; buildPythonPackage rec { + name = "bepasty-client-cli-${version}"; + version = "0.3.0"; + propagatedBuildInputs = [ + python_magic + click + requests2 + ]; + + src = fetchurl { + url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz"; + sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw"; + }; + + meta = { + homepage = https://github.com/bepasty/bepasty-client-cli; + description = "CLI client for bepasty-server"; + license = lib.licenses.bsd2; + }; +} diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix new file mode 100644 index 000000000..fb318af83 --- /dev/null +++ b/krebs/5pkgs/krebspaste/default.nix @@ -0,0 +1,7 @@ +{ writeScriptBin, pkgs }: + +# TODO: use `wrapProgram --add-flags` instead? +writeScriptBin "krebspaste" '' + #! /bin/sh + exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" +'' diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix new file mode 100644 index 000000000..00ab226e5 --- /dev/null +++ b/krebs/5pkgs/translate-shell/default.nix @@ -0,0 +1,43 @@ +{stdenv, fetchurl,pkgs,... }: +let + s = + rec { + baseName="translate-shell"; + version="0.9.0.9"; + name="${baseName}-${version}"; + url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz; + sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34"; + }; + searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [ + fribidi + gawk + bash + curl + less + ]; + buildInputs = [ + pkgs.makeWrapper + ]; +in +stdenv.mkDerivation { + inherit (s) name version; + inherit buildInputs; + src = fetchurl { + inherit (s) url sha256; + }; + # TODO: maybe mplayer + installPhase = '' + mkdir -p $out/bin + make PREFIX=$out install + wrapProgram $out/bin/trans --suffix PATH : "${searchpath}" + ''; + + meta = { + inherit (s) version; + description = ''translate using google api''; + license = stdenv.lib.licenses.free; + maintainers = [stdenv.lib.maintainers.makefu]; + platforms = stdenv.lib.platforms.linux ; + }; +} + diff --git a/krebs/default.nix b/krebs/default.nix index 31a7f7d04..bfd6175d9 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -84,6 +84,7 @@ let out = { cat<<EOF # put following into config.krebs.hosts.$system: + ssh.privkey.path = <secrets/ssh.$key_type>; ssh.pubkey = $(echo $pubkey | jq -R .); EOF ''; @@ -178,7 +179,7 @@ let out = { nix-path = lib.concatStringsSep ":" - (lib.mapAttrsToList (name: _: "${name}=/root/${name}") + (lib.mapAttrsToList (name: src: "${name}=${src.target-path}") (config.krebs.build.source.dir // config.krebs.build.source.git)); in '' diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index c90b84451..90710c857 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -8,7 +8,8 @@ let in { imports = [ # TODO: copy this config or move to krebs - ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../../tv/2configs/hw/CAC.nix + ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/unstable-sources.nix ../2configs/headless.nix @@ -23,6 +24,8 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix + ../2configs/nginx/euer.blog.nix + # collectd ../2configs/collectd/collectd-base.nix ]; @@ -71,5 +74,5 @@ in { nameservers = [ "8.8.8.8" ]; }; - + environment.systemPackages = [ pkgs.translate-shell ]; } diff --git a/makefu/2configs/headless.nix b/makefu/2configs/headless.nix index 33847c5e1..772ca3771 100644 --- a/makefu/2configs/headless.nix +++ b/makefu/2configs/headless.nix @@ -1,4 +1,4 @@ -_: +{lib,... }: { - sound.enable = false; + sound.enable = lib.mkForce false; } diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index e97050ec4..c6724c617 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -5,14 +5,40 @@ let sec = toString <secrets>; ssl_cert = "${sec}/wildcard.krebsco.de.crt"; ssl_key = "${sec}/wildcard.krebsco.de.key"; - hostname = krebs.build.host.name; + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + base-dir = "/var/www/blog.euer"; in { + # Prepare Blog directory + systemd.services.prepare-euer-blog = { + wantedBy = [ "local-fs.target" ]; + before = [ "nginx.service" ]; + serviceConfig = { + # do nothing if the base dir already exists + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + if ! test -d "${base-dir}" ;then + mkdir -p "${base-dir}" + chown ${user}:${group} "${base-dir}" + chmod 700 "${base-dir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + krebs.nginx = { enable = mkDefault true; servers = { euer-blog = { - listen = [ "80" "443 ssl" ]; - server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ]; + listen = [ "${external-ip}:80" "${external-ip}:443 ssl" + "${internal-ip}:80" "${internal-ip}:443 ssl" ]; + server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ]; extraConfig = '' gzip on; gzip_buffers 4 32k; @@ -22,7 +48,7 @@ in { default_type text/plain; ''; locations = singleton (nameValuePair "/" '' - root /var/www/euer.blog/; + root ${base-dir}; ''); }; }; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index fbcfe2047..2b5fa6ead 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -51,18 +51,21 @@ in { serviceConfig = { ExecStart = pkgs.writeScript "prepare-tw-service" '' #!/bin/sh - mkdir -p "${wiki-dir}" "${backup-dir}" + if ! test -d "${base-dir}" ;then + mkdir -p "${wiki-dir}" "${backup-dir}" - # write the base configuration - cat > "${base-cfg}" <<EOF + # write the base configuration + cat > "${base-cfg}" <<EOF [users] $(cat "${tw-pass-file}") [directories] backupdir = ${backup-dir} savedir = ${wiki-dir} EOF - chown -R ${user}:${group} "${base-dir}" - chmod 700 -R "${base-dir}" + + chown -R ${user}:${group} "${base-dir}" + chmod 700 -R "${base-dir}" + fi ''; Type = "oneshot"; RemainAfterExit = "yes"; diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 69f1300be..1122e6a19 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -10,8 +10,8 @@ with lib; krebs.build.source = { git.nixpkgs = { - url = https://github.com/4z3/nixpkgs; - rev = "03130ec91356cd250b80f144022ee2f4d665ca36"; # 1357692 + url = https://github.com/NixOS/nixpkgs; + rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; }; dir.secrets = { host = config.krebs.hosts.wu; diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 305ea7269..e8e354197 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -24,7 +24,7 @@ in krebs.build.source = { git.nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "e57024f821c94caf5684964474073649b8b6356b"; + rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; }; dir.secrets = { host = config.krebs.hosts.wu; diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 61f833d41..df45b8177 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -10,8 +10,8 @@ with lib; krebs.build.source = { git.nixpkgs = { - url = https://github.com/4z3/nixpkgs; - rev = "03130ec91356cd250b80f144022ee2f4d665ca36"; # 1357692 + url = https://github.com/NixOS/nixpkgs; + rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; }; dir.secrets = { host = config.krebs.hosts.wu; diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index f77268b53..e24ef64fc 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -24,7 +24,7 @@ in krebs.build.source = { git.nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; + rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; }; dir.secrets = { host = config.krebs.hosts.wu; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 65389b662..b12e7df93 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -11,7 +11,8 @@ with lib; krebs.build.source = { git.nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "e916273209560b302ab231606babf5ce1c481f08"; + rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; + target-path = "/var/src/nixpkgs"; }; dir.secrets = { host = config.krebs.hosts.wu; @@ -20,6 +21,7 @@ with lib; dir.stockholm = { host = config.krebs.hosts.wu; path = "/home/tv/stockholm"; + target-path = "/var/src/stockholm"; }; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 82f5abf73..e2cc2c06a 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -11,7 +11,7 @@ with lib; krebs.build.source = { git.nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "e57024f821c94caf5684964474073649b8b6356b"; + rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; }; dir.secrets = { host = config.krebs.hosts.wu; @@ -110,7 +110,6 @@ with lib; #minicom #mtools #ncmpc - #neovim #nethogs #nix-prefetch-scripts #cvs bug #openssl diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix index 0a8dbdcc2..41159690d 100644 --- a/tv/2configs/base.nix +++ b/tv/2configs/base.nix @@ -3,17 +3,13 @@ with builtins; with lib; -let - # "7.4.335" -> "74" - majmin = x: concatStrings (take 2 (splitString "." x)); -in - { krebs.enable = true; networking.hostName = config.krebs.build.host.name; imports = [ + ./vim.nix { # stockholm dependencies environment.systemPackages = with pkgs; [ @@ -107,10 +103,8 @@ in lAtr = "ls -lAtr"; # alias ll='ls -l' ls = "ls -h --color=auto --group-directories-first"; - # alias vim='vim -p' - # alias vi='vim' - # alias view='vim -R' dmesg = "dmesg -L --reltime"; + view = "vim -R"; }; programs.bash = { @@ -153,10 +147,6 @@ in } { - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.vim; - }; - services.cron.enable = false; services.nscd.enable = false; services.ntp.enable = false; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix new file mode 100644 index 000000000..14f086e5c --- /dev/null +++ b/tv/2configs/vim.nix @@ -0,0 +1,118 @@ +{ lib, pkgs, ... }: + +with lib; +let + out = { + environment.systemPackages = [ + pkgs.vim + ]; + + # Nano really is just a stupid name for Vim. + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.vim; + }; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; + }; + + extra-runtimepath = concatStringsSep "," [ + "${pkgs.vimPlugins.undotree}/share/vim-plugins/undotree" + ]; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=$HOME/.vim/backup/ + set directory=$HOME/.vim/cache// + set hlsearch + set incsearch + set mouse=a + set noruler + set pastetoggle=<INS> + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=$HOME/.vim/undo + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n$HOME/.vim/cache/info + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme industry + syntax on + + au Syntax * syn match Tabstop containedin=ALL /\t\+/ + \ | hi Tabstop ctermbg=16 + \ | syn match TrailingSpace containedin=ALL /\s\+$/ + \ | hi TrailingSpace ctermbg=88 + \ | hi Normal ctermfg=White + + au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" '' + setf nix + + " Ref <nix/src/libexpr/lexer.l> + syn match INT /[0-9]\+/ + syn match PATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match HPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match SPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match URI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + hi link INT Constant + hi link PATH Constant + hi link HPATH Constant + hi link SPATH Constant + hi link URI Constant + + syn match String /"\([^"]\|\\\"\)*"/ + syn match Comment /\s#.*/ + ''} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + nmap <esc>q :buffer + nmap <M-q> :buffer + + cnoremap <C-A> <Home> + + noremap <C-c> :q<cr> + + nnoremap <esc>[5^ :tabp<cr> + nnoremap <esc>[6^ :tabn<cr> + nnoremap <esc>[5@ :tabm -1<cr> + nnoremap <esc>[6@ :tabm +1<cr> + + nnoremap <f1> :tabp<cr> + nnoremap <f2> :tabn<cr> + inoremap <f1> <esc>:tabp<cr> + inoremap <f2> <esc>:tabn<cr> + + " <C-{Up,Down,Right,Left> + noremap <esc>Oa <nop> | noremap! <esc>Oa <nop> + noremap <esc>Ob <nop> | noremap! <esc>Ob <nop> + noremap <esc>Oc <nop> | noremap! <esc>Oc <nop> + noremap <esc>Od <nop> | noremap! <esc>Od <nop> + " <[C]S-{Up,Down,Right,Left> + noremap <esc>[a <nop> | noremap! <esc>[a <nop> + noremap <esc>[b <nop> | noremap! <esc>[b <nop> + noremap <esc>[c <nop> | noremap! <esc>[c <nop> + noremap <esc>[d <nop> | noremap! <esc>[d <nop> + vnoremap u <nop> + ''; +in +out diff --git a/tv/4lib/default.nix b/tv/4lib/default.nix index 7e6b2ab17..c099eb733 100644 --- a/tv/4lib/default.nix +++ b/tv/4lib/default.nix @@ -6,9 +6,6 @@ lib // rec { inherit lib pkgs; }; - # "7.4.335" -> "74" - majmin = with lib; x : concatStrings (take 2 (splitString "." x)); - # TODO deprecate shell-escape for lass shell-escape = lib.shell.escape; } |