diff options
54 files changed, 957 insertions, 323 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3f2f28d65..1946f269e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,19 @@ +before_script: + - mkdir -p ~/.ssh + - echo "$deploy_privkey" > deploy.key + - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key" + - chmod 600 deploy.key + - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts nix-shell test: script: - env - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success +nur-packages makefu: + script: + - git reset --hard origin/master + - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD + - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git + - git push --force deploy HEAD:master +after_script: + - rm -f deploy.key diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6addb0818..914b38051 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -25,6 +25,7 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + <stockholm/krebs/2configs/shack/mobile.mpd.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { @@ -114,7 +115,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces."${ext-if}".ip4 = [{ + interfaces."${ext-if}".ipv4.addresses = [{ address = shack-ip; prefixLength = 20; }]; diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix new file mode 100644 index 000000000..2dc466edb --- /dev/null +++ b/krebs/2configs/shack/mobile.mpd.nix @@ -0,0 +1,32 @@ +{lib,pkgs, ... }: +let + mpdHost = "mpd.shack"; + ympd = name: port: let + webPort = 10000 + port; + in { + systemd.services."ympd-${name}" = { + description = "mpd for ${name}"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; + }; + services.nginx.virtualHosts."mobile.${name}.mpd.shack" = { + serverAliases = [ + "${name}.mpd.wolf.r" + "${name}.mpd.wolf.shack" + ]; + locations."/".proxyPass = "http://localhost:${toString webPort}"; + }; + }; +in lib.mkMerge [{ + services.nginx.enable = true; +} + (ympd "lounge" 6600) + (ympd "seminarraum" 6601) + (ympd "elab" 6602) + (ympd "kueche" 6603) + (ympd "crafting" 6604) + (ympd "fablab" 6605) + (ympd "workshop" 6606) + (ympd "klo" 6607) + +] diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 53b06a702..faa3dd714 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -31,11 +31,8 @@ in enable = mkDefault true; virtualHosts.retiolum-bootstrap = { inherit (cfg) serverName sslCertificate sslCertificateKey; - enableSSL = true; + forceSSL = true; extraConfig ='' - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } root ${pkgs.retiolum-bootstrap}; try_files $uri $uri/retiolum.sh; diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix index cd97a7c62..22c40039e 100644 --- a/makefu/1systems/cake/source.nix +++ b/makefu/1systems/cake/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="cake"; full = true; } diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix index b13b6c603..a8d7368ab 100644 --- a/makefu/1systems/darth/source.nix +++ b/makefu/1systems/darth/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="darth"; } diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix index b7e0d0395..2757db8cc 100644 --- a/makefu/1systems/drop/config.nix +++ b/makefu/1systems/drop/config.nix @@ -30,7 +30,7 @@ in { allowedTCPPorts = [ ]; allowedUDPPorts = [ 655 ]; }; - interfaces.enp0s3.ip4 = [{ + interfaces.enp0s3.ipv4.addresses = [{ address = external-ip; inherit prefixLength; }]; diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix index 45bd6f97e..a6bc834b0 100644 --- a/makefu/1systems/drop/source.nix +++ b/makefu/1systems/drop/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="drop"; torrent = true; } diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix index e36afecd5..7e9dea9ec 100644 --- a/makefu/1systems/fileleech/config.nix +++ b/makefu/1systems/fileleech/config.nix @@ -145,13 +145,13 @@ in { networking.nameservers = [ "8.8.8.8" ]; # SPF networking.defaultGateway = "151.217.176.1"; - networking.interfaces.enp6s0f0.ip4 = [{ + networking.interfaces.enp6s0f0.ipv4.addresses = [{ address = "151.217.178.63"; prefixLength = 22; }]; # Gigabit - networking.interfaces.enp8s0f1.ip4 = [{ + networking.interfaces.enp8s0f1.ipv4.addresses = [{ address = "192.168.126.1"; prefixLength = 24; }]; diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix index caca1fbcb..b6951a273 100644 --- a/makefu/1systems/fileleech/source.nix +++ b/makefu/1systems/fileleech/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name = "fileleech"; torrent = true; } diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix index 88c9f4f08..b81a2bf4a 100644 --- a/makefu/1systems/filepimp/source.nix +++ b/makefu/1systems/filepimp/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="filepimp"; } diff --git a/makefu/1systems/full/source.nix b/makefu/1systems/full/source.nix new file mode 100644 index 000000000..1e36c6e87 --- /dev/null +++ b/makefu/1systems/full/source.nix @@ -0,0 +1,5 @@ +{ + name="gum"; + torrent = true; + clever_kexec = true; +} diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index e3ca472e4..1e36c6e87 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="gum"; torrent = true; clever_kexec = true; diff --git a/makefu/1systems/iso/source.nix b/makefu/1systems/iso/source.nix index e200dbfd2..6bef8ada9 100644 --- a/makefu/1systems/iso/source.nix +++ b/makefu/1systems/iso/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="iso"; } diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix index e200dbfd2..6bef8ada9 100644 --- a/makefu/1systems/kexec/source.nix +++ b/makefu/1systems/kexec/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="iso"; } diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix index d9600909a..ab0a454c0 100644 --- a/makefu/1systems/latte/source.nix +++ b/makefu/1systems/latte/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name = "latte"; torrent = true; } diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix index 413889c47..6940498f1 100644 --- a/makefu/1systems/nextgum/source.nix +++ b/makefu/1systems/nextgum/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="nextgum"; torrent = true; clever_kexec = true; diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix index da0d87aad..0d42cc9e2 100644 --- a/makefu/1systems/omo/source.nix +++ b/makefu/1systems/omo/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="omo"; torrent = true; } diff --git a/makefu/1systems/pnp/source.nix b/makefu/1systems/pnp/source.nix index 0b630aa3b..02f7d0ab6 100644 --- a/makefu/1systems/pnp/source.nix +++ b/makefu/1systems/pnp/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="pnp"; } diff --git a/makefu/1systems/repunit/source.nix b/makefu/1systems/repunit/source.nix index ff361fb55..20d3cd1cb 100644 --- a/makefu/1systems/repunit/source.nix +++ b/makefu/1systems/repunit/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="repunit"; } diff --git a/makefu/1systems/sdev/source.nix b/makefu/1systems/sdev/source.nix index 833d9bf73..2e085740a 100644 --- a/makefu/1systems/sdev/source.nix +++ b/makefu/1systems/sdev/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="sdev"; } diff --git a/makefu/1systems/shack-autoinstall/source.nix b/makefu/1systems/shack-autoinstall/source.nix new file mode 100644 index 000000000..6bef8ada9 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/source.nix @@ -0,0 +1,3 @@ +{ + name="iso"; +} diff --git a/makefu/1systems/shoney/config.nix b/makefu/1systems/shoney/config.nix index ba9d0911e..27d389b85 100644 --- a/makefu/1systems/shoney/config.nix +++ b/makefu/1systems/shoney/config.nix @@ -46,7 +46,7 @@ in { dst = "10.8.10.6"; }; networking = { - interfaces.enp2s1.ip4 = [ + interfaces.enp2s1.ipv4.addresses = [ { address = ip; prefixLength = 24; } # { address = alt-ip; prefixLength = 24; } ]; diff --git a/makefu/1systems/shoney/source.nix b/makefu/1systems/shoney/source.nix index 382474f5e..3616716f9 100644 --- a/makefu/1systems/shoney/source.nix +++ b/makefu/1systems/shoney/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="shoney"; } diff --git a/makefu/1systems/studio/source.nix b/makefu/1systems/studio/source.nix index f662653e7..ff88d3557 100644 --- a/makefu/1systems/studio/source.nix +++ b/makefu/1systems/studio/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="studio"; musnix = true; } diff --git a/makefu/1systems/tsp/source.nix b/makefu/1systems/tsp/source.nix index 79f6a435d..9abf503e2 100644 --- a/makefu/1systems/tsp/source.nix +++ b/makefu/1systems/tsp/source.nix @@ -1,3 +1,5 @@ -import <stockholm/makefu/source.nix> { +{ name="tsp"; + full = true; + hw = true; } diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix index 5419215e2..59744faf5 100644 --- a/makefu/1systems/vbob/source.nix +++ b/makefu/1systems/vbob/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="vbob"; # musnix = true; } diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 9d8a91e6d..e1d66a2f9 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -150,7 +150,7 @@ in { # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash networking.wireless.interfaces = [ "wlp2s0" ]; - networking.interfaces.virbr1.ip4 = [{ + networking.interfaces.virbr1.ipv4.addresses = [{ address = "10.8.8.11"; prefixLength = 24; }]; diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix index b768aa87d..c76f73760 100644 --- a/makefu/1systems/wbob/source.nix +++ b/makefu/1systems/wbob/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="wbob"; # musnix = true; } diff --git a/makefu/1systems/wry/config.nix b/makefu/1systems/wry/config.nix index 2db1a9a95..b728703ec 100644 --- a/makefu/1systems/wry/config.nix +++ b/makefu/1systems/wry/config.nix @@ -42,7 +42,7 @@ in { allowedTCPPorts = [ 53 80 443 ]; allowedUDPPorts = [ 655 53 ]; }; - interfaces.enp2s1.ip4 = [{ + interfaces.enp2s1.ipv4.addresses = [{ address = external-ip; prefixLength = 24; }]; diff --git a/makefu/1systems/wry/source.nix b/makefu/1systems/wry/source.nix index fac3877ee..730300590 100644 --- a/makefu/1systems/wry/source.nix +++ b/makefu/1systems/wry/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="wry"; } diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index ab6429dc1..75af3255b 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -1,9 +1,10 @@ -import <stockholm/makefu/source.nix> { +{ name="x"; full = true; python = true; hw = true; unstable = true; mic92 = true; + clever_kexec = true; # torrent = true; } diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix index c671b1a0b..a09554e6a 100644 --- a/makefu/2configs/deployment/events-publisher/default.nix +++ b/makefu/2configs/deployment/events-publisher/default.nix @@ -2,8 +2,8 @@ with import <stockholm/lib>; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/5e7b083c63f25182a02c1fddb3d32cb9534fbc50.tar.gz"; - sha256 = "1zzlhyj8fr6y3a3b6qlyrm474xxxs1ydqjpkd2jva3g1lnzlmvkp"; + url = "https://github.com/makefu/events-publisher/archive/4cef900ba10348050208367af6b2035f5a0ef8b6.tar.gz"; + sha256 = "137vsibr289p3xxlw37xhizi309sygki95919hmj02dxgwmy1k74"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix new file mode 100644 index 000000000..d14a611b4 --- /dev/null +++ b/makefu/2configs/editor/vim.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +let + customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin { + name = "vim-better-whitespace"; + src = pkgs.fetchFromGitHub { + owner = "ntpeters"; + repo = "vim-better-whitespace"; + rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7"; + sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk"; + }; + }; + +in { + + environment.systemPackages = [ + pkgs.python27Full # required for youcompleteme + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = builtins.readFile ./vimrc; + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" + # "YouCompleteMe" + "vim-better-whitespace" ]; } + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + + }) + ]; +} diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc new file mode 100644 index 000000000..8cdab55db --- /dev/null +++ b/makefu/2configs/editor/vimrc @@ -0,0 +1,98 @@ +set nocompatible +syntax on +set list +set listchars=tab:▸\ +"set list listchars=tab:>-,trail:.,extends:> + +filetype off +filetype plugin indent on + +colorscheme darkblue +set background=dark + +set number +set relativenumber +set mouse=a +set ignorecase +set incsearch +set wildignore=*.o,*.obj,*.bak,*.exe,*.os +set textwidth=79 +set shiftwidth=2 +set expandtab +set softtabstop=2 +set shiftround +set smarttab +set tabstop=2 +set et +set autoindent +set backspace=indent,eol,start + + +inoremap <F1> <ESC> +nnoremap <F1> <ESC> +vnoremap <F1> <ESC> + +nnoremap <F5> :UndotreeToggle<CR> +set undodir =~/.vim/undo +set undofile +"maximum number of changes that can be undone +set undolevels=1000000 +"maximum number lines to save for undo on a buffer reload +set undoreload=10000000 + +nnoremap <F2> :set invpaste paste?<CR> +set pastetoggle=<F2> +set showmode + +set showmatch +set matchtime=3 +set hlsearch + +autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + +" save on focus lost +au FocusLost * :wa + +autocmd BufRead *.json set filetype=json +au BufNewFile,BufRead *.mustache set syntax=mustache + +cnoremap SudoWrite w !sudo tee > /dev/null % + +" create Backup/tmp/undo dirs +set backupdir=~/.vim/backup +set directory=~/.vim/tmp + +function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif +endfunction +call InitBackupDir() + +augroup Binary + " edit binaries in xxd-output, xxd is part of vim + au! + au BufReadPre *.bin let &bin=1 + au BufReadPost *.bin if &bin | %!xxd + au BufReadPost *.bin set ft=xxd | endif + au BufWritePre *.bin if &bin | %!xxd -r + au BufWritePre *.bin endif + au BufWritePost *.bin if &bin | %!xxd + au BufWritePost *.bin set nomod | endif +augroup END diff --git a/makefu/2configs/hw/smartcard.nix b/makefu/2configs/hw/smartcard.nix new file mode 100644 index 000000000..1e9bca53b --- /dev/null +++ b/makefu/2configs/hw/smartcard.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + services.pcscd = { + enable = true; + plugins = with pkgs; [ ifdnfc ccid ]; + + }; + environment.systemPackages = with pkgs; [ + # need to run ifdnfc-activate before usage + ifdnfc + # pcsc_scan + pcsctools + ]; + boot.blacklistedKernelModules = [ |