diff options
46 files changed, 216 insertions, 2932 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c114b74df..a38d2b227 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -91,8 +91,6 @@ let imp = lib.mkMerge [ { krebs = import ./lass { inherit config lib; }; } { krebs = import ./makefu { inherit config lib; }; } - { krebs = import ./miefda { inherit config lib; }; } - { krebs = import ./mv { inherit config lib; }; } { krebs = import ./shared { inherit config lib; }; } { krebs = import ./tv { inherit config lib; }; } { diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix deleted file mode 100644 index a03f7ff4d..000000000 --- a/krebs/3modules/miefda/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, ... }: - -with config.krebs.lib; - -{ - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.miefda) { - bobby = { - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.111.112"; - ip6.addr = "42:0:0:0:0:0:111:112"; - aliases = [ - "bobby.retiolum" - "cgit.bobby.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s - uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y - Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny - 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+ - jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu - cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - #ssh.privkey.path = <secrets/ssh.ed25519>; - #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; - }; - }; - users = { - miefda = { - mail = "miefda@miefda.de"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos"; - }; - }; -} diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix deleted file mode 100644 index 20118c61f..000000000 --- a/krebs/3modules/mv/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, ... }: - -with config.krebs.lib; - -{ - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { - stro = { - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.111.111"; - ip6.addr = "42:0:0:0:0:0:111:111"; - aliases = [ - "stro.retiolum" - "cgit.stro.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b - vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb - FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg - ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG - oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq - XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; - }; - }; - users = { - mv-stro = { - mail = "mv@stro.retiolum"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro"; - }; - }; -} diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 924e0c086..fa1b03833 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -213,4 +213,6 @@ rec { (name: path: pkgs.runCommand name {} /* sh */ '' ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''); + + writeSed = makeScriptWriter "${pkgs.gnused}/bin/sed -f"; } diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix index f82c7e8b7..7dda86601 100644 --- a/krebs/5pkgs/get/default.nix +++ b/krebs/5pkgs/get/default.nix @@ -1,12 +1,12 @@ { coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }: stdenv.mkDerivation { - name = "get-1.4.0"; + name = "get-1.4.1"; src = fetchgit { url = http://cgit.cd.krebsco.de/get; - rev = "08757d47c480c130d69270855c6c0371f6b7d385"; - sha256 = "7c609e2cde7a071bbf62241a7bea60313fdbf076b9f7b3d97226417e13e5ba9d"; + rev = "41c0c35805ec1708729f73d14650d8ebc94a405b"; + sha256 = "0rx1qsbb4py14795yhhqwlvaibj2569fqm7x2671l868xi59h9f9"; }; phases = [ diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix deleted file mode 100644 index b85e686b5..000000000 --- a/miefda/1systems/bobby.nix +++ /dev/null @@ -1,102 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ../. - ../2configs/miefda.nix - ../2configs/tlp.nix - ../2configs/x220t.nix - ../2configs/hardware-configuration.nix - ../2configs/tinc-basic-retiolum.nix - ../2configs/git.nix - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; - - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - i18n = { - # consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - }; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - wget chromium - ]; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable the KDE Desktop Environment. - #services.xserver.displayManager.kdm.enable = true; - services.xserver.desktopManager = { - xfce.enable = true; - xterm.enable= false; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.miefda = { - isNormalUser = true; - initialPassword= "welcome"; - uid = 1000; - extraGroups= [ - "wheel" - ]; - }; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; - - - networking.hostName = config.krebs.build.host.name; - - krebs = { - enable = true; - search-domain = "retiolum"; - build = { - host = config.krebs.hosts.bobby; - user = config.krebs.users.miefda; - source = { - git.nixpkgs = { - url = https://github.com/Lassulus/nixpkgs; - rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; - target-path = "/var/src/nixpkgs"; - }; - dir.secrets = { - host = config.krebs.hosts.bobby; - path = "/home/miefda/secrets/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.hosts.bobby; - path = "/home/miefda/gits/stockholm"; - }; - }; - }; - }; -} diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix deleted file mode 100644 index 51679d2a5..000000000 --- a/miefda/2configs/git.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - - out = { - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = - public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - painload = {}; - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - }; - #wai-middleware-time = {}; - #web-routes-wai-custom = {}; - #go = {}; - #newsbot-js = {}; - #kimsufi-check = {}; - #realwallpaper = {}; - }; - - restricted-repos = mapAttrs make-restricted-repo ( - { - brain = { - collaborators = with config.krebs.users; [ tv makefu ]; - }; - } // - import <secrets/repos.nix> { inherit config lib pkgs; } - ); - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "bobby"; - }; - }; - }; - - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; - public = false; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = miefda; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = [ lass tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix deleted file mode 100644 index 3eb1f43fe..000000000 --- a/miefda/2configs/hardware-configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = 4; -} diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix deleted file mode 100644 index f17e8aa34..000000000 --- a/miefda/2configs/miefda.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - - #networking.wicd.enable = true; - -} diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix deleted file mode 100644 index f82fd6b03..000000000 --- a/miefda/2configs/tinc-basic-retiolum.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - "prism" - "ire" - ]; - }; -} diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix deleted file mode 100644 index 32f4f2ee7..000000000 --- a/miefda/2configs/tlp.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - hardware.cpu.intel.updateMicrocode = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 220; - emulateWheel = true; - }; - - - services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - ''; -} diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix deleted file mode 100644 index 2d128e533..000000000 --- a/miefda/2configs/x220t.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - - services.xserver = { - xkbVariant = "altgr-intl"; - videoDriver = "intel"; - # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - deviceSection = '' - Option "AccelMethod" "sna" - ''; - }; - - - - services.xserver.displayManager.sessionCommands ='' - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 - ''; - - hardware.bluetooth.enable = true; - - -} diff --git a/miefda/default.nix b/miefda/default.nix deleted file mode 100644 index 7f275c2eb..000000000 --- a/miefda/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: -{ - imports = [ - ../krebs - ]; -} diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix deleted file mode 100644 index 520bf14eb..000000000 --- a/mv/1systems/stro.nix +++ /dev/null @@ -1,245 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -{ - krebs.build.host = config.krebs.hosts.stro; - - krebs.build.source.git.nixpkgs.rev = - "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; - - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/git.nix - ../2configs/mail-client.nix - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - - # stockholm - genid - gnumake - hashPassword - lentil - parallel - (pkgs.writeScriptBin "im" '' - #! ${pkgs.bash}/bin/bash - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - - # root - cryptsetup - ntp # ntpate - - # tv - bc - bind # dig - #cac - dic - file - gnupg21 - haskellPackages.hledger - htop - jq - manpages - mkpasswd - netcat - nix-repl - nmap - p7zip - pass - posix_man_pages - qrencode - texLive - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "http" - "tinc" - "smtp" - ]; - }; - } - { - krebs.exim-retiolum.enable = true; - } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "gum" - "wry" - ]; - }; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "xuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/xuvga-root"; - fsType = "btrfs"; - options = "defaults,noatime,ssd,compress=lzo"; - }; - "/home" = { - device = "/dev/mapper/xuvga-home"; - fsType = "btrfs"; - options = "defaults,noatime,ssd,compress=lzo"; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = "nosuid,nodev,noatime"; - }; - }; - - nixpkgs.config.chromium.enablePepperFlash = true; - - #nixpkgs.config.allowUnfreePredicate = pkg: - # pkgs.lib.hasPrefix "virtualbox" pkg.name; - - #nixpkgs.config.allowUnfree = true; - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - #hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.enable = true; - - environment.systemPackages = with pkgs; [ - #xlibs.fontschumachermisc - #slock - ethtool - #firefoxWrapper # with plugins - #chromiumDevWrapper - tinc - iptables - #jack2 - - gptfdisk - ]; - - security.setuidPrograms = [ - "sendmail" # for cron - ]; - - services.bitlbee.enable = true; - services.printing.enable = true; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - #virtualisation.libvirtd.enable = true; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - - #nixpkgs.config.virtualbox.enableExtensionPack = true; - - # XXX Enable for maximum slowness: - virtualisation.virtualbox.host.enable = true; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/mv/2configs/bash_completion.sh b/mv/2configs/bash_completion.sh deleted file mode 100644 index 537484fb9..000000000 --- a/mv/2configs/bash_completion.sh +++ /dev/null @@ -1,779 +0,0 @@ - -# Expand variable starting with tilde (~) -# We want to expand ~foo/... to /home/foo/... to avoid problems when -# word-to-complete starting with a tilde is fed to commands and ending up -# quoted instead of expanded. |