diff options
21 files changed, 124 insertions, 35 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 67257eacd..af11c6944 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -73,6 +73,13 @@ system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan ''; + + # to access vorstand vm + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey + ]; + users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 9bfc920a3..080c259aa 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -167,6 +167,20 @@ in { }; }; }; + horisa = { + cores = 2; + owner = config.krebs.users.ulrich; # main laptop + nets = { + retiolum = { + ip4.addr = "10.243.226.213"; + ip6.addr = "42:0:e644:9099:4f8:b9aa:3856:4e85"; + aliases = [ + "horisa.r" + ]; + tinc.pubkey = tinc-for "horisa"; + }; + }; + }; idontcare = { owner = config.krebs.users.Mic92; nets = rec { diff --git a/krebs/3modules/external/tinc/horisa.pub b/krebs/3modules/external/tinc/horisa.pub new file mode 100644 index 000000000..06d686ce3 --- /dev/null +++ b/krebs/3modules/external/tinc/horisa.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40 +Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn +XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT ++EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP +sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo +M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/makefu/2configs/backup/ssh/wbob.pub b/makefu/2configs/backup/ssh/wbob.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/wbob.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 02465520c..ace1d10ce 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -146,6 +146,7 @@ in { "device_tracker.ecki_tablet" "device_tracker.daniel_phone" "device_tracker.carsten_phone" + "device_tracker.thierry_phone" # "person.thorsten" # "person.felix" # "person.ecki" diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index 8a58e44de..d14a611b4 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -23,7 +23,6 @@ in { vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" # "YouCompleteMe" - "LanguageClient-neovim" "vim-better-whitespace" ]; } # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index 96c505ba8..8cdab55db 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -96,14 +96,3 @@ augroup Binary au BufWritePost *.bin if &bin | %!xxd au BufWritePost *.bin set nomod | endif augroup END - -let g:LanguageClient_serverCommands = { -\ 'python': ['pyls'] -\ } -nnoremap <F6> :call LanguageClient_contextMenu()<CR> -nnoremap <silent> gh :call LanguageClient_textDocument_hover()<CR> -nnoremap <silent> gd :call LanguageClient_textDocument_definition()<CR> -nnoremap <silent> gr :call LanguageClient_textDocument_references()<CR> -nnoremap <silent> gs :call LanguageClient_textDocument_documentSymbol()<CR> -nnoremap <silent> <F2> :call LanguageClient_textDocument_rename()<CR> -nnoremap <silent> gf :call LanguageClient_textDocument_formatting()<CR> diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index e790ed6a8..4f0cf8c6b 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -8,7 +8,31 @@ # / (main-root) # /home (main-home) -with import <stockholm/lib>; +# clean the boot sector: +# dd if=/dev/zero of=/dev/sda count=2048 +# Installation Instruction on ISO: +# fdisk /dev/sda + # boot 500M + # rest rest +# cryptsetup luksFormat /dev/sda2 +# mkfs.ext4 -L nixboot /dev/sda1 +# cryptsetup luksOpen /dev/sda2 cryptoluks +# pvcreate /dev/mapper/cryptoluks +# vgcreate main /dev/mapper/cryptoluks +# lvcreate -L 200Gib main -n root +# lvcreate -L 800Gib main -n home +# mkfs.ext4 /dev/main/root +# mkfs.ext4 /dev/main/home +# mount /dev/mapper/main-root /mnt +# mkdir -p /mnt/{boot,home,var/src} /var/src +# mount /dev/sda1 /mnt/boot +# mount /dev/mapper/main-home /mnt/home +# touch /mnt/var/src/.populate +# mount -o bind /mnt/var/src /var/src +# nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs && # nix-channel --update +# nix-env -iA nixpkgs.gitMinimal +# (on deploy-host) $(nix-build ~/stockholm/makefu/krops.nix --no-out-link --argstr name x --argstr target 10.42.22.91 -A deploy --show-trace) +# NIXOS_CONFIG=/var/src/nixos-config nixos-install -I /var/src --no-root-passwd --no-channel-copy { imports = [ diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index 55cfd74f5..e49843cfe 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -9,8 +9,7 @@ # boot 500M # rest rest # cryptsetup luksFormat /dev/sda2 -# -with import <stockholm/lib>; +# mkfs.ext4 -L nixboot /dev/sda1 { boot = { loader.grub.enable = true; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 267a2e878..d24969ef0 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -25,12 +25,12 @@ then [ -d .direnv ] || mkdir .direnv local tmp=$(nix-shell --show-trace "$@" \ - --run "\"$direnv\" dump bash") + --run "\"$direnv\" dump zsh") echo "$tmp" > "$cache" fi local path_backup=$PATH term_backup=$TERM - direnv_load cat "$cache" + . "$cache" export PATH=$PATH:$path_backup TERM=$term_backup diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix index f8f82e76b..d27b888a7 100644 --- a/makefu/2configs/mail/mail.euer.nix +++ b/makefu/2configs/mail/mail.euer.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { imports = [ - (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz") + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz") ]; mailserver = { @@ -32,8 +32,12 @@ }; services.dovecot2.extraConfig = '' - ssl_dh = </var/lib/dhparams/dovecot.pem + ssl_dh = </var/lib/dhparams/dovecot2.pem ''; + state = [ # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/wikis/A-Complete-Backup-Guide + config.mailserver.mailDirectory + config.mailserver.dkimKeyDirectory + ]; # workaround for DH creation # security.dhparams = { # enable = true; diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index c56521812..8b77df962 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -5,6 +5,9 @@ host = "0.0.0.0"; users = {}; # TODO: secure that shit + aclExtraConf = '' + pattern readwrite /# + ''; allowAnonymous = true; }; } diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix index dda00063a..3cb4981e0 100644 --- a/makefu/2configs/nur.nix +++ b/makefu/2configs/nur.nix @@ -1,7 +1,7 @@ { pkgs, ... }:{ nixpkgs.config.packageOverrides = pkgs: { - nur = pkgs.callPackage (import (builtins.fetchGit { - url = "https://github.com/nix-community/NUR"; - })) {}; + nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { + inherit pkgs; + }; }; } diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 0889ebbc1..d297483b2 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -32,4 +32,5 @@ in { tcp 192.168.1.5 ''; #home printer SCX-3205W }; + state = [ "/var/lib/cups" ]; } diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index c16629cc5..6ab9d3774 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -2,7 +2,7 @@ with import <stockholm/lib>; let pkg = with pkgs.python3Packages;buildPythonPackage rec { - rev = "762d747"; + rev = "775d0c2"; name = "arafetch-${rev}"; propagatedBuildInputs = [ requests @@ -13,7 +13,7 @@ let src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/arafetch"; inherit rev; - sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + sha256 = "0z35avn7vmbd1661ca1zkc9i4lwcm03kpwgiqxddpkp1yxhl548p"; }; }; home = "/var/lib/arafetch"; @@ -34,7 +34,7 @@ in { path = [ pkg pkgs.git pkgs.wget ]; serviceConfig = { User = "arafetch"; - Restart = "always"; + # Restart = "always"; WorkingDirectory = home; PrivateTmp = true; ExecStart = pkgs.writeDash "start-weekrun" '' diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix index 470193d6c..1fdddb9b1 100644 --- a/makefu/2configs/task-client.nix +++ b/makefu/2configs/task-client.nix @@ -4,11 +4,4 @@ pkgs.taskwarrior ]; - environment.shellAliases = { - tshack = "task project:shack"; - twork = "task project:soc"; - tpki = "task project:pki"; - tkrebs = "task project:krebs"; - t = "task project: "; - }; } diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix index 5ca3b9904..122ad66a7 100644 --- a/makefu/2configs/taskd.nix +++ b/makefu/2configs/taskd.nix @@ -1,5 +1,6 @@ {config, ... }: { + state = [ config.services.taskserver.dataDir ]; services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; services.taskserver.listenHost = "::"; diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 1ae10459f..a3c489ccc 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -40,6 +40,7 @@ in { qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; + prison-break = abort "`prison-break` moved from this namespace to `nur.repos.krebs.prison-break`"; } // (mapAttrs (_: flip callPackage {}) diff --git a/makefu/5pkgs/pico2wave/default.nix b/makefu/5pkgs/pico2wave/default.nix new file mode 100644 index 000000000..5302e8bf3 --- /dev/null +++ b/makefu/5pkgs/pico2wave/default.nix @@ -0,0 +1,44 @@ +{ stdenv, lib, fetchurl +, popt +, libredirect +, dpkg +, makeWrapper +, autoPatchelfHook +, ... +}: +# https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=svox-pico-bin +let + pkgrel="8"; + _arch = "amd64"; +in +stdenv.mkDerivation rec { + name = "pico2wave"; # svox-pico-bin + version = "1.0+git20130326"; + srcs = [ + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico0_${version}-${pkgrel}_${_arch}.deb"; sha256 = "0b8r7r8by5kamnm960bsicimnj1a40ghy3475nzy1jvwj5xgqhrj"; }) + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-dev_${version}-${pkgrel}_${_arch}.deb"; sha256 = "1knjiwi117h02nbf7k6ll080vl65gxwx3rpj0fq5xkvxbqpjjbvz"; }) + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-data_${version}-${pkgrel}_all.deb"; sha256 = "0k0x5jh5qzzasrg766pfmls3ksj18wwdbssysvpxkq98aqg4fgmx"; }) + (fetchurl { url = "http://mirrors.kernel.org/ubuntu/pool/multiverse/s/svox/libttspico-utils_${version}-${pkgrel}_${_arch}.deb"; sha256 = "11yk25fh4n7qz4xjg0dri68ygc3aapj1bk9cvhcwkfvm46j5lrjv"; }) + ] ; + + nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook ]; + + dontBuild = true; + + buildInputs = [ popt ]; + + unpackPhase = lib.concatMapStringsSep ";" (src: "dpkg-deb -x ${src} .") srcs; + + installPhase = '' + mkdir -p $out + cp -r usr/. $out/ + + mv $out/lib/*-linux-gnu/* $out/lib/ + rmdir $out/lib/*-linux-gnu + + wrapProgram "$out/bin/pico2wave" \ + --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS /usr/share/pico/lang=$out/share/pico/lang + ''; + +} diff --git a/krebs/5pkgs/simple/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix index 051a46184..672e0b3a0 100644 --- a/krebs/5pkgs/simple/prison-break/default.nix +++ b/makefu/5pkgs/prison-break/default.nix @@ -3,12 +3,12 @@ with pkgs.python3.pkgs; buildPythonPackage rec { pname = "prison-break"; - version = "1.0.0"; + version = "1.2.0"; src = fetchFromGitHub { owner = "makefu"; repo = pname; - rev = "1.0.0"; - sha256 = "0ab42z6qr42vz4fc077irn9ykrrylagx1dzlw8dqcanf49dxd961"; + rev = version; + sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9"; }; propagatedBuildInputs = [ docopt diff --git a/krebs/5pkgs/simple/prison-break/straight-plugin.nix b/makefu/5pkgs/prison-break/straight-plugin.nix index 606c60b5d..606c60b5d 100644 --- a/krebs/5pkgs/simple/prison-break/straight-plugin.nix +++ b/makefu/5pkgs/prison-break/straight-plugin.nix |