diff options
-rw-r--r-- | krebs/2configs/mud.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/external/kmein.nix | 22 | ||||
-rw-r--r-- | krebs/3modules/iptables.nix | 4 | ||||
-rw-r--r-- | krebs/5pkgs/simple/untilport/default.nix | 2 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 8 | ||||
-rw-r--r-- | lass/2configs/alacritty.nix | 99 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 21 | ||||
-rw-r--r-- | lass/2configs/fysiirc.nix | 18 | ||||
-rw-r--r-- | lass/2configs/hass/default.nix | 1 | ||||
-rw-r--r-- | lass/2configs/hass/pyscript/.gitignore | 1 | ||||
-rw-r--r-- | lass/2configs/hass/pyscript/default.nix | 26 | ||||
-rw-r--r-- | lass/2configs/hass/pyscript/shell.nix | 51 | ||||
-rw-r--r-- | lass/2configs/pipewire.nix | 13 | ||||
-rw-r--r-- | lass/2configs/print.nix | 2 | ||||
-rw-r--r-- | lass/2configs/themes.nix | 46 | ||||
-rw-r--r-- | lass/2configs/xmonad.nix | 6 | ||||
-rw-r--r-- | lass/5pkgs/l-gen-secrets/default.nix | 4 |
18 files changed, 302 insertions, 32 deletions
diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix index 30f232b64..a53596cc6 100644 --- a/krebs/2configs/mud.nix +++ b/krebs/2configs/mud.nix @@ -5,7 +5,7 @@ MUD_SERVER=''${MUD_SERVER:-127.0.0.1} MUD_PORT=''${MUD_PORT:-8080} - if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then + if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then ${nvim}/bin/nvim \ +"let g:instant_username = \"$MUD_NICKNAME\"" \ +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix index 6e4457eae..52ca718dd 100644 --- a/krebs/3modules/external/kmein.nix +++ b/krebs/3modules/external/kmein.nix @@ -116,6 +116,28 @@ in wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + tahina = { + nets.retiolum = { + ip4.addr = "10.243.2.74"; + aliases = [ "tahina.r" "tahina.kmein.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtX6RpdFl9AqCF6Jy9ZhGY1bOUnEw5x3wm8gBK/aFb5592G3sGbWV + 5Vv1msdLcoYQ5X4sgp3wizE5tbW7SiRVBwVB4mfYxe5KSiFJvTmXdp/VtKXs/hD8 + VXNBjCdPeFOZ4Auh4AT+eibA/lW5veOnBkrsD/GkEcAkKb2MMEoxv4VqLDKuNzPv + EfE+mIb/J3vJmfpLG/+VGLrCuyShjPR2z0o5KMg8fI4ukcg6vwWwGE3Qd8JkSYMz + iy9oIGo/AJNyOUG0vQXL1JU/LFBXKty515UmXR2hO/Xi1w92DT8lxfLYRgoseT2u + i4aHmfl49LGkpQVIFejj6R0FrZBd5R2ElmQbmxSKS1PO9VheOOm02fgVXRpeoh6R + FdDkFWWmELW921UtEB2jSIMkf5xW8XmlJlGveaDnkld07aQlshnnOUfIs3r7H+T9 + 9g1QxiE7EFeoLrfIkgT81F+iL6RazSbf9DcTxvrKv+cZBrZKdcurcTtX0wFFD4wZ + 0tzYPTcAnv/ytacf2/jv/Vm3xNFyjrBLM6ZtJtZ6NAJvD+OW4G/o2941KCu1Mqz/ + VFAJW3djrqfASNCU1GqtHV0wdJMN8EszDNYdJ7pyw6+rG2PeYCVfE7wNe3b6zYqY + tUYhU1xkQQD4xgOMX3AdSI/JGjxMBBKlJXafwdDW8LMBWBPt+9Xq2vMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "m8fnOzCx2KVsQx/616+AzVW5OTgAjBGDoT/PpKuyx+I"; + }; + }; zaatar = { nets.retiolum = { ip4.addr = "10.243.2.34"; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 3bab13b0e..7007090c0 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -125,8 +125,8 @@ let (interface: interfaceConfig: [ (map (port: { predicate = "-i ${interface} -p tcp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPorts) (map (port: { predicate = "-i ${interface} -p udp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPorts) - (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges) - (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges) + (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges) + (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges) ]) config.networking.firewall.interfaces ); diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix index 61bcc2b89..2930fd1eb 100644 --- a/krebs/5pkgs/simple/untilport/default.nix +++ b/krebs/5pkgs/simple/untilport/default.nix @@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" '' if [ $# -ne 2 ]; then usage else - until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done + until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done fi '' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 71367c2f1..b8d5c6d01 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", - "date": "2022-02-21T09:47:16+01:00", - "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs", - "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2", + "rev": "9bc841fec1c0e8b9772afa29f934d2c7ce57da8e", + "date": "2022-03-20T19:18:44+01:00", + "path": "/nix/store/zqxcjhw0x555zaxn55qnaszkabk1r4vi-nixpkgs", + "sha256": "0hh1gpw3lcacz3qba7pcc7j1vc09gawa4lzff3mkgsrmp732hg5f", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e7760128f..62391dbf0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2", - "date": "2022-03-04T16:09:08+01:00", - "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs", - "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6", + "rev": "31aa631dbc496500efd2507baaed39626f6650f2", + "date": "2022-03-21T15:39:15-07:00", + "path": "/nix/store/zdzdalfl2ksb5vlrj1jcqkf6jgvrfhwf-nixpkgs", + "sha256": "08qaraj9j7m2g1ldhpkg8ksylk7s00mr7khkzif0m8jshkq8j92b", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix new file mode 100644 index 000000000..a57dc7c25 --- /dev/null +++ b/lass/2configs/alacritty.nix @@ -0,0 +1,99 @@ +{ config, lib, pkgs, ... }: let + + alacritty-cfg = extrVals: builtins.toJSON ({ + font = { + normal = { + family = "Inconsolata"; + style = "Regular"; + }; + bold = { + family = "Inconsolata"; + style = "Bold"; + }; + italic = { + family = "Inconsolata"; + style = "Italic"; + }; + bold_italic = { + family = "Inconsolata"; + style = "Bold Italic"; + }; + size = 8; + }; + live_config_reload = true; + window.dimensions = { + columns = 80; + lines = 20; + }; + # window.opacity = 0; + hints.enabled = [ + { + regex = ''(mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-\u009F<>"\s{-}\^⟨⟩`]+''; + command = "/run/current-system/sw/bin/xdg-open"; + post_processing = true; + mouse.enabled = true; + binding = { + key = "U"; + mods = "Alt"; + }; + } + ]; + } // extrVals); + + alacritty = pkgs.symlinkJoin { + name = "alacritty"; + paths = [ + (pkgs.writeDashBin "alacritty" '' + ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@" + '') + pkgs.alacritty + ]; + }; + +in { + environment.etc = { + "themes/light/alacritty.yaml".text = alacritty-cfg { + colors = { + # Default colors + primary = { + # hard contrast: background = '#f9f5d7' + # background = "#fbf1c7"; + background = "#f9f5d7"; + # soft contrast: background = '#f2e5bc' + foreground = "#3c3836"; + }; + + # Normal colors + normal = { + black = "#fbf1c7"; + red = "#cc241d"; + green = "#98971a"; + yellow = "#d79921"; + blue = "#458588"; + magenta = "#b16286"; + cyan = "#689d6a"; + white = "#7c6f64"; + }; + + # Bright colors + bright = { + black = "#928374"; + red = "#9d0006"; + green = "#79740e"; + yellow = "#b57614"; + blue = "#076678"; + magenta = "#8f3f71"; + cyan = "#427b58"; + white = "#3c3836"; + }; + }; + }; + "themes/dark/alacritty.yaml".text = alacritty-cfg { + colors.primary = { + background = "#000000"; + foreground = "#ffffff"; + }; + }; + }; + environment.systemPackages = [ alacritty ]; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 59d1e0182..22a3037d7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -4,6 +4,7 @@ let user = config.krebs.build.user; in { imports = [ + ./alacritty.nix ./mpv.nix ./power-action.nix ./copyq.nix @@ -13,6 +14,7 @@ in { ./pipewire.nix ./tmux.nix ./xmonad.nix + ./themes.nix { krebs.per-user.lass.packages = [ pkgs.sshuttle @@ -55,7 +57,7 @@ in { environment.systemPackages = with pkgs; [ acpi acpilight - ag + ripgrep cabal2nix dic dmenu @@ -96,12 +98,17 @@ in { '') ]; - fonts.fonts = with pkgs; [ - hack-font - hasklig - symbola - xlibs.fontschumachermisc - ]; + fonts = { + fontDir.enable = true; + enableGhostscriptFonts = true; + + fonts = with pkgs; [ + hack-font + xorg.fontschumachermisc + terminus_font_ttf + inconsolata + ]; + }; services.udev.extraRules = '' SUBSYSTEM=="backlight", ACTION=="add", \ diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix index f3c1d5b7c..e12eda42e 100644 --- a/lass/2configs/fysiirc.nix +++ b/lass/2configs/fysiirc.nix @@ -54,14 +54,20 @@ in { name = "reaktor2-fysiweb-github"; }; script = ''. ${pkgs.writeDash "github-irc" '' - set -efu + set -xefu case "$Method $Request_URI" in "POST /") - payload=$(head -c "$req_content_length" \ - | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ - | xargs -0 echo -e \ - ) - echo "$payload" | ${format-github-message}/bin/format-github-message + payload=$(head -c "$req_content_length") + echo "$payload" >&2 + payload2=$payload + payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r') + if [ "$payload" != "$payload2" ]; then + echo "payload has been mangled" >&2 + else + echo "payload not mangled" >&2 + fi + echo "$payload2" > /tmp/last_fysi_payload + echo "$payload2" | ${format-github-message}/bin/format-github-message printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 8f93e0cec..cc8189f51 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -19,6 +19,7 @@ let in { imports = [ + ./pyscript ./zigbee.nix ./rooms/bett.nix ./rooms/essen.nix diff --git a/lass/2configs/hass/pyscript/.gitignore b/lass/2configs/hass/pyscript/.gitignore new file mode 100644 index 000000000..282debf56 --- /dev/null +++ b/lass/2configs/hass/pyscript/.gitignore @@ -0,0 +1 @@ +hass_token diff --git a/lass/2configs/hass/pyscript/default.nix b/lass/2configs/hass/pyscript/default.nix new file mode 100644 index 000000000..c56967e4b --- /dev/null +++ b/lass/2configs/hass/pyscript/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + systemd.tmpfiles.rules = [ + "L+ /var/lib/hass/custom_components/pyscript - - - - ${pkgs.fetchzip { + url = "https://github.com/custom-components/pyscript/releases/download/1.3.2/hass-custom-pyscript.zip"; + sha256 = "0cqdjj46s5xp4mqxb0ic790jm1xp3z0zr2n9f7bsfl5zpvdshl8z"; + stripRoot = false; + }}" + ]; + + services.home-assistant = { + package = (pkgs.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + })).override { + extraPackages = pp: [ pp.croniter ]; + }; + config.pyscript = { + allow_all_imports = true; + hass_is_global = true; + }; + }; + + networking.firewall.interfaces.retiolum.allowedTCPPortRanges = [ + { from = 50321; to = 50341; } # for ipython interactive debugging + ]; +} diff --git a/lass/2configs/hass/pyscript/shell.nix b/lass/2configs/hass/pyscript/shell.nix new file mode 100644 index 000000000..3cfac0275 --- /dev/null +++ b/lass/2configs/hass/pyscript/shell.nix @@ -0,0 +1,51 @@ +{ pkgs ? import <nixpkgs> {} }: let + + hass_host = "styx.r"; + hass_token = builtins.readFile ./hass_token; + + mach-nix = import (builtins.fetchGit { + url = "https://github.com/DavHau/mach-nix/"; + ref = "refs/tags/3.4.0"; + }) { + pkgs = pkgs; + }; + pyenv = mach-nix.mkPython { + requirements = '' + hass_pyscript_kernel + ''; + }; + jupyter = import (builtins.fetchGit { + url = https://github.com/tweag/jupyterWith; + ref = "master"; + }) {}; + + pyscriptKernel = { + spec = pkgs.runCommand "pyscript" {} '' + mkdir -p $out/kernels/pyscript + cp ${kernel_json} $out/kernels/pyscript/kernel.json + cp ${pyscript_conf} $out/kernels/pyscript/pyscript.conf + ''; + runtimePackages = [ pyenv ]; + }; + + kernel_json = pkgs.writeText "kernel.json" (builtins.toJSON { + argv = [ + "${pyenv}/bin/python3" "-m" "hass_pyscript_kernel" + "-f" "{connection_file}" + ]; + display_name = "hass_pyscript"; + language = "python"; + }); + + pyscript_conf = pkgs.writeText "pyscript.conf" '' + [homeassistant] + hass_host = ${hass_host} + hass_url = http://''${hass_host}:8123 + hass_token = ${hass_token} + ''; + + jupyterEnvironment = jupyter.jupyterlabWith { + kernels = [ pyscriptKernel ]; + }; + +in jupyterEnvironment.env diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix index 24de0e9ed..f6ccd48d4 100644 --- a/lass/2configs/pipewire.nix +++ b/lass/2configs/pipewire.nix @@ -10,7 +10,7 @@ environment.systemPackages = with pkgs; [ alsaUtils - pulseaudioLight + pulseaudio ponymix ]; @@ -22,4 +22,15 @@ pulse.enable = true; jack.enable = true; }; + + systemd.services.wireplumber = { + environment = { + HOME = "/var/lib/wireplumber"; + DISPLAY = ":0"; + }; + path = [ + pkgs.dbus + ]; + serviceConfig.StateDirectory = "wireplumber"; + }; } diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix index e2d021641..c2b3e8377 100644 --- a/lass/2configs/print.nix +++ b/lass/2configs/print.nix @@ -3,7 +3,7 @@ services.printing = { enable = true; drivers = [ - pkgs.foomatic_filters + pkgs.foomatic-filters pkgs.gutenprint ]; }; diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix new file mode 100644 index 000000000..dd98b2ef2 --- /dev/null +++ b/lass/2configs/themes.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: let + + switch-theme = pkgs.writers.writeDashBin "switch-theme" '' + if test -e "/etc/themes/$1"; then + ${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/ + echo "$1" > /var/theme/current_theme + chown lass:users /var/theme/current_theme + ${pkgs.procps}/bin/pkill -HUP xsettingsd + + else + echo "theme $1 not found" + fi + ''; + +in { + systemd.services.xsettingsd = { + wantedBy = [ "multi-user.target" ]; + environment.DISPLAY = ":0"; + serviceConfig = { + ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd -c /var/theme/config/xsettings.conf"; + User = "lass"; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/theme/ 755 lass users" + ]; + environment.systemPackages = [ + switch-theme + ]; + environment.etc = { + "themes/light/xsettings.conf".text = '' + Net/ThemeName "Adwaita" + ''; + "themes/dark/xsettings.conf".text = '' + Net/ThemeName "Adwaita-dark" + ''; + }; + system.activationScripts.theme.text = '' + if test -e /var/theme/current_theme; then + ${switch-theme}/bin/switch-theme "$(cat /var/theme/current_theme)" || + ${switch-theme}/bin/switch-theme dark + else + ${switch-theme}/bin/switch-theme dark + fi + ''; +} diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 099900d90..495b43372 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -123,9 +123,9 @@ myKeyMap = , ("M4-S-q", restart "xmonad" True) - , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") - , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") - , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") + , ("<XF86AudioMute>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") + , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") + , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1") , ("<XF86MonBrightnessUp>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1") , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index 6cf28c3c2..d999a4334 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" '' ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key - ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub + ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key + ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub cat <<EOF > $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; |