diff options
24 files changed, 573 insertions, 43 deletions
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index bae8b96bf..39b9722ec 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -29,21 +29,37 @@ "140.82.126.*" "140.82.127.*" "13.114.40.48" - "13.229.188.59" + "52.192.72.89" + "52.69.186.44" + "15.164.81.167" + "52.78.231.108" "13.234.176.102" "13.234.210.38" + "13.229.188.59" + "13.250.177.223" + "52.74.223.119" "13.236.229.21" "13.237.44.5" - "13.250.177.223" - "15.164.81.167" - "18.194.104.89" - "18.195.85.27" - "35.159.8.160" - "52.192.72.89" "52.64.108.95" - "52.69.186.44" - "52.74.223.119" - "52.78.231.108" + "18.228.52.138" + "18.228.67.229" + "18.231.5.6" + "18.181.13.223" + "54.238.117.237" + "54.168.17.15" + "3.34.26.58" + "13.125.114.27" + "3.7.2.84" + "3.6.106.81" + "18.140.96.234" + "18.141.90.153" + "18.138.202.180" + "52.63.152.235" + "3.105.147.174" + "3.106.158.203" + "54.233.131.104" + "18.231.104.233" + "18.228.167.86" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 00847071a..2a75cc1bb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -30,6 +30,7 @@ in { 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + IN MX 5 lassul.us. 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" @@ -564,6 +565,42 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; + morpheus = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.19"; + ip6.addr = r6 "012f"; + aliases = [ + "morpheus.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY + T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN + /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh + S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz + Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR + bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI + Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz + sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ + VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j + 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA + U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "012f"; + aliases = [ + "morpheus.w" + ]; + wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + }; hilum = { cores = 1; nets = { diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 4cdaedebf..ab25934c8 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -16,10 +16,4 @@ foldl' mergeAttrs {} reaktor2 = self.haskellPackages.reaktor2; ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; - - # https://github.com/proot-me/PRoot/issues/106 - proot = self.writeDashBin "proot" '' - export PROOT_NO_SECCOMP=1 - exec ${super.proot}/bin/proot "$@" - ''; } diff --git a/krebs/5pkgs/haskell/flameshot-once.nix b/krebs/5pkgs/haskell/flameshot-once.nix index 5b369362e..1b54f7db6 100644 --- a/krebs/5pkgs/haskell/flameshot-once.nix +++ b/krebs/5pkgs/haskell/flameshot-once.nix @@ -4,11 +4,11 @@ }: mkDerivation { pname = "flameshot-once"; - version = "1.2.0"; + version = "1.3.0"; src = fetchgit { url = "https://cgit.krebsco.de/flameshot-once"; - sha256 = "01c11dk8ss37awfn9xqsgx668dcrf4kvzfxlq7ycnqsnpbjjvm0a"; - rev = "cebaefa37095e74ad2253c4e2f9d9ab390f88737"; + sha256 = "1jy73379srnkq79i7k3al406r0kb3pxwgg6f64i89jhzxjn7zmzl"; + rev = "81ce6b9bb68c2739ec5bda067fcfaeab931d55dd"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix new file mode 100644 index 000000000..7a7b979c4 --- /dev/null +++ b/krebs/5pkgs/override/default.nix @@ -0,0 +1,51 @@ +with import <stockholm/lib>; +self: super: { + + flameshot = super.flameshot.overrideAttrs (old: rec { + patches = old.patches or [] ++ [ + (self.writeText "flameshot-imgur.patch" /* diff */ '' +--- a/src/tools/imgur/imguruploader.cpp ++++ b/src/tools/imgur/imguruploader.cpp +@@ -40,6 +40,7 @@ + #include <QTimer> + #include <QJsonDocument> + #include <QJsonObject> ++#include <stdlib.h> + + ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : + QWidget(parent), m_pixmap(capture) +@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { + QJsonObject json = response.object(); + QJsonObject data = json["data"].toObject(); + m_imageURL.setUrl(data["link"].toString()); +- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( ++ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); ++ if (deleteImageURLPattern == NULL) ++ deleteImageURLPattern = "https://imgur.com/delete/%1"; ++ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( + data["deletehash"].toString())); + onUploadOk(); + } else { +@@ -105,7 +109,10 @@ void ImgurUploader::upload() { + QString description = FileNameHandler().parsedPattern(); + urlQuery.addQueryItem("description", description); + +- QUrl url("https://api.imgur.com/3/image"); ++ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); ++ if (createImageURLPattern == NULL) ++ createImageURLPattern = "https://api.imgur.com/3/image"; ++ QUrl url(createImageURLPattern); + url.setQuery(urlQuery); + QNetworkRequest request(url); + request.setHeader(QNetworkRequest::ContentTypeHeader, + '') + ]; + }); + + # https://github.com/proot-me/PRoot/issues/106 + proot = self.writeDashBin "proot" '' + export PROOT_NO_SECCOMP=1 + exec ${super.proot}/bin/proot "$@" + ''; + +} diff --git a/krebs/5pkgs/simple/flameshot-once/default.nix b/krebs/5pkgs/simple/flameshot-once/default.nix index c442a2e96..20c709fb5 100644 --- a/krebs/5pkgs/simple/flameshot-once/default.nix +++ b/krebs/5pkgs/simple/flameshot-once/default.nix @@ -16,6 +16,7 @@ in pkgs.flameshot pkgs.qt5.qtbase pkgs.xclip + pkgs.xwaitforwindow ]} ${optionalString (config != null) /* sh */ '' . ${import ./profile.nix { inherit config pkgs; }} diff --git a/krebs/5pkgs/simple/flameshot-once/profile.nix b/krebs/5pkgs/simple/flameshot-once/profile.nix index 8ea8a850c..4427e5b23 100644 --- a/krebs/5pkgs/simple/flameshot-once/profile.nix +++ b/krebs/5pkgs/simple/flameshot-once/profile.nix @@ -48,7 +48,9 @@ let "SAVE" "EXIT" "BLUR" - ]; + ] + ++ optional cfg.imgur.enable "IMAGEUPLOADER" + ; type = types.listOf (types.enum (attrNames ButtonType)); }; disabledTrayIcon = mkOption { @@ -65,6 +67,44 @@ let # This is types.filename extended by [%:][%:+]* types.addCheck types.str (test "[%:0-9A-Za-z._][%:+0-9A-Za-z._-]*"); }; + imgur = mkOption { + default = {}; + type = types.submodule { + options = { + enable = mkEnableOption "imgur"; + createUrl = mkOption { + example = "http://p.r/image"; + type = types.str; + }; + deleteUrl = mkOption { + example = "http://p.r/image/delete/%1"; + type = types.str; + }; + xdg-open = mkOption { + default = {}; + type = types.submodule { + options = { + enable = mkEnableOption "imgur.xdg-open" // { + default = true; + }; + browser = mkOption { + default = "${pkgs.coreutils}/bin/false"; + type = types.str; + }; + createPrefix = mkOption { + default = cfg.imgur.createUrl; + type = types.str; + }; + deletePrefix = mkOption { + default = removeSuffix "/%1" cfg.imgur.deleteUrl; + type = types.str; + }; + }; + }; + }; + }; + }; + }; savePath = mkOption { default = "/tmp"; type = types.absolute-pathname; @@ -135,4 +175,30 @@ in export FLAMESHOT_CAPTURE_PATH=${cfg.savePath} export FLAMESHOT_ONCE_TIMEOUT=${toString cfg.timeout} export XDG_CONFIG_HOME=${XDG_CONFIG_HOME} + ${optionalString cfg.imgur.enable /* sh */ '' + export IMGUR_CREATE_URL=${shell.escape cfg.imgur.createUrl} + export IMGUR_DELETE_URL=${shell.escape cfg.imgur.deleteUrl} + ${optionalString cfg.imgur.xdg-open.enable /* sh */ '' + PATH=$PATH:${makeBinPath [ + (pkgs.writeDashBin "xdg-open" '' + set -efu + uri=$1 + prefix=$(${pkgs.coreutils}/bin/dirname "$uri") + case $prefix in + (${shell.escape cfg.imgur.xdg-open.createPrefix}) + echo "opening image in browser: $uri" >&2 + exec ${config.imgur.xdg-open.browser} "$uri" + ;; + (${shell.escape cfg.imgur.xdg-open.deletePrefix}) + echo "deleting image: $uri" >&2 + exec ${pkgs.curl}/bin/curl -fsS -X DELETE "$uri" + ;; + (*) + echo "don't know how to open URI: $uri" >&2 + exit 1 + esac + '') + ]} + ''} + ''} '' diff --git a/krebs/5pkgs/simple/htgen-imgur/default.nix b/krebs/5pkgs/simple/htgen-imgur/default.nix new file mode 100644 index 000000000..fe0b2ab04 --- /dev/null +++ b/krebs/5pkgs/simple/htgen-imgur/default.nix @@ -0,0 +1,29 @@ +with import <stockholm/lib>; +{ attr, coreutils, exiv2, findutils, gnugrep, jq, nix, utillinux, stdenv }: +stdenv.mkDerivation rec { + pname = "htgen-imgur"; + version = "1.0.0"; + + src = ./src; + + buildPhase = '' + ( + exec > htgen-imgur + echo PATH=${makeBinPath [ + attr + coreutils + exiv2 + findutils + gnugrep + jq + nix utillinux + ]} + echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"} + cat $src/htgen-imgur + ) + ''; + + installPhase = '' + install -D htgen-imgur $out/bin/htgen-imgur + ''; +} diff --git a/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur b/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur new file mode 100644 index 000000000..af092d007 --- /dev/null +++ b/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur @@ -0,0 +1,209 @@ +find_item() { + if test ${#1} -ge 7; then + set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ + -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" + if test -n "$1" && test $(echo "$1" | wc -l) = 1; then + echo "$1" + return 0 + fi + fi + return 1 +} + +# https://api.imgur.com/models/basic +basic_response() {( + status_code=$1 + status_reason=$2 + data=${3-null} + + response_body=$(jq -cn \ + --argjson data "$data" \ + --argjson status "$status_code" \ + ' + { + data: $data, + status: $status, + success: (200 <= $status and $status <= 299), + } + ') + + printf "HTTP/1.1 $status_code $status_reason\r\n" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' $(expr ${#response_body} + 1) + printf 'Content-Type: application/json; charset=UTF-8\r\n' + printf 'Server: %s\r\n' "$Server" + printf '\r\n' + printf '%s\n' "$response_body" + +)} + +file_response() { + jq -n -r \ + --argjson data "$(attr -q -g data "$1")" \ + --arg server "$Server" \ + ' + [ "HTTP/1.1 200 OK\r" + , "Connection: close\r" + , "Content-Length: \($data.size)\r" + , "Content-Type: \($data.type)\r" + , "Server: \($server)\r" + , "\r" + ][] + ' + cat "$1" +} + +read_uri() { + jq -cn --arg uri "$1" ' + $uri | + capture("^((?<scheme>[^:]*):)?(//(?<authority>[^/]*))?(?<path>[^?#]*)([?](?<query>[^#]*))?([#](?<fragment>.*))?$") | + . + { + query: (.query | if . != null then + split("&") | + map(split("=") | {key:.[0],value:.[1]}) | + from_entries + else . end) + } + ' +} + +uri=$(read_uri "$Request_URI") +path=$(jq -nr --argjson uri "$uri" '$uri.path') + +case "$Method $path" in + 'POST /image') + echo create image >&2 + + content=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap "rm $content >&2" EXIT + + case ${req_expect-} in 100-continue) + printf 'HTTP/1.1 100 Continue\r\n\r\n' + esac + + head -c $req_content_length > $content + + sha256=$(sha256sum -b $content | cut -d\ -f1) + base32=$(nix-hash --to-base32 --type sha256 $sha256) + item=$STATEDIR/items/$base32 + + if ! test -e $item; then + mkdir -v -p $STATEDIR/items >&2 + cp -v $content $item >&2 + fi + + base32short=$(echo $base32 | cut -b-7) + + scheme=${req_x_forwarded_proto-http} + link=$scheme://$req_host/image/$base32short + + if item=$(find_item $base32short); then + + deletehash=$(uuidgen) + + info=$( + exiv2 print "$item" | + jq -csR ' + split("\n") | + map( + match("^(.*\\S)\\s*:\\s*(.*)").captures | + map(.string) | + {key:.[0],value:.[1]} + ) | + from_entries | + + . + ( + .["Image size"] | + match("^(?<width>[0-9]+)\\s*x\\s*(?<height>[0-9]+)$").captures | + map({key:.name,value:(.string|tonumber)}) | + from_entries + ) | + . + ( + .["File size"] | + match("^(?<size>[0-9]+)\\s*Bytes$").captures | + map({key:.name,value:(.string|tonumber)}) | + from_entries + ) | + . + ' + ) + + data=$(jq -cn \ + --arg deletehash "$deletehash" \ + --arg id "$base32" \ + --arg link "$link" \ + --argjson info "$info" \ + --argjson uri "$uri" \ + ' + { + id: $id, + title: $uri.query.title, + description: $uri.query.description, + datetime: now, + type: $info["MIME type"], + animated: false, + width: $info.width, + height: $info.height, + size: $info.size, + views: 0, + bandwidth: 0, + vote: null, + favorite: false, + nsfw: null, + section: null, + account_url: null, + acount_id: 0, + is_ad: false, + is_most_viral: false, + tags: [], + ad_type: 0, + ad_url: "", + in_gallery: false, + deletehash: @uri "\($id)?deletehash=\($deletehash)", + name: "", + link: $link, + } + ') + + attr -q -s deletehash -V "$deletehash" "$item" + attr -q -s data -V "$data" "$item" + + basic_response 200 OK "$data" + exit + fi + ;; + 'GET /image/'*) + basename=$(basename "$path") + if printf %s "$basename" | grep -q '^[0-9a-z]\+$'; then + if item=$(find_item "$basename"); then + echo get image >&2 + file_response "$item" + exit + fi + fi + ;; + 'DELETE /image/delete/'*) + basename=$(basename "$path") + if printf %s "$basename" | grep -q '^[0-9a-z]\+$'; then + if item=$(find_item "$basename"); then + + deletehash=$(jq -nr --argjson uri "$uri" '$uri.query.deletehash') + + stored_deletehash=$(attr -q -g deletehash "$item") + + if test "$deletehash" = "$stored_deletehash"; then + echo "delete image" >&2 + + rm -v "$item" >&2 + + basic_response 200 OK + exit + else + echo "delete image error: bad deletehash provided: $deletehash" >&2 + basic_response 401 'Unauthorized' + exit + fi + fi + fi + ;; +esac diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index 0fca8bdf2..a44c1a7d0 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,14 +1,14 @@ { coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import <stockholm/lib>; let - version = "1.2.2"; + version = "1.2.3"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "0a8vn35vq6pxgk6d3d2cjp0vdxzq9nqf0zgkvnd6668v4cmdf91b"; + sha256 = "0lml336w31ckgspp633ym2jnppzln3f8mvmy3y2vz9yanf59j0hb"; }; installPhase = '' diff --git a/krebs/5pkgs/simple/xwaitforwindow.nix b/krebs/5pkgs/simple/xwaitforwindow.nix new file mode 100644 index 000000000..41ce65022 --- /dev/null +++ b/krebs/5pkgs/simple/xwaitforwindow.nix @@ -0,0 +1,15 @@ +{ writeDashBin, xdotool, xorg }: +writeDashBin "xwaitforwindow" '' + # usage: xwaitforwindow ARGS + # see xdotool search for possible ARGS + # example: xwaitforwindow -name WINDOWNAME + set -efu + + if id=$(${xdotool}/bin/xdotool search "$@"); then + printf 'waiting for window %#x\n' "$id" >&2 + exec ${xorg.xprop}/bin/xprop -spy -id "$id" >/dev/null + else + printf 'no window found with xdotool search %s\n' "$*" >&2 + exit 1 + fi +'' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 8f426cc05..c64d43862 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "b61999e4ad60c351b4da63ae3ff43aae3c0bbdfb", - "date": "2020-04-16T08:43:36-04:00", - "sha256": "0cggpdks4qscyirqwfprgdl91mlhjlw24wkg0riapk5f2g2llbpq", + "rev": "0f5ce2fac0c726036ca69a5524c59a49e2973dd4", + "date": "2020-05-19T01:31:20+02:00", + "sha256": "0nkk492aa7pr0d30vv1aw192wc16wpa1j02925pldc09s9m9i0r3", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index ecf2df035..8fd800964 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "f45ccd9d20b4e90e43c4562b9941ea1dbd8f07a4", - "date": "2020-05-20T11:42:56+02:00", - "sha256": "10476ij19glhs2yy1pmvm0azd75ifjchpfbljn7h1cnnpii1xprc", + "rev": "48723f48ab92381f0afd50143f38e45cf3080405", + "date": "2020-05-22T11:40:20+02:00", + "sha256": "0h3b3l867j3ybdgimfn76lw7w6yjhszd5x02pq5827l659ihcf53", "fetchSubmodules": false } diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix new file mode 100644 index 000000000..c3a8ea6c8 --- /dev/null +++ b/lass/1systems/morpheus/config.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.morpheus; + + networking.wireless.enable = false; + networking.networkmanager.enable = true; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + + environment.systemPackages = with pkgs; [ + gitAndTools.hub + nix-review + firefox + ]; + + services.openssh.forwardX11 = true; + programs.x2goserver.enable = true; +} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix new file mode 100644 index 000000000..3fb03cda4 --- /dev/null +++ b/lass/1systems/morpheus/physical.nix @@ -0,0 +1,47 @@ +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + networking.hostId = "06442b9a"; + + fileSystems."/" = { + device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" + ''; +} diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 639ba3d3f..a48c61a69 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -14,6 +14,7 @@ with import ./lib.nix { inherit lib; }; { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i wiregrill -p tcp --dport 8123"; target = "ACCEPT"; } # hass ]; services.home-assistant = { diff --git a/lass/2configs/hass/lib.nix b/lass/2configs/hass/lib.nix index 555cfae28..9281a19ec 100644 --- a/lass/2configs/hass/lib.nix +++ b/lass/2configs/hass/lib.nix @@ -99,7 +99,7 @@ rec { conditions = [ { condition = "template"; - value_template = "{{ trigger.to_state.attributes.illuminance < 13000 }}"; + value_template = "{{ trigger.to_state.attributes.illuminance < 7500 }}"; } { condition = "template"; diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 156ebcae7..6b2a0142a 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - krebs.per-user.lass.packages = with pkgs; [ + users.users.lass.packages = with pkgs; [ (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f55886e2e..0e4ac5394 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -127,7 +127,6 @@ let extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.ack-vim - pkgs.vimPlugins.Gundo pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-go pkgs.vimPlugins.fzf-vim @@ -155,26 +154,26 @@ let let colors_name = ${toJSON name} - hi Normal ctermbg=235 - hi Comment ctermfg=242 - hi Constant ctermfg=062 - hi Identifier ctermfg=068 + hi Normal ctermbg=016 + hi Comment ctermfg=255 + hi Constant ctermfg=229 + hi Identifier ctermfg=123 hi Function ctermfg=041 hi Statement ctermfg=167 hi PreProc ctermfg=167 - hi Type ctermfg=041 + hi Type ctermfg=046 hi Delimiter ctermfg=251 - hi Special ctermfg=062 + hi Special ctermfg=146 - hi Garbage ctermbg=088 - hi TabStop ctermbg=016 - hi NBSP ctermbg=094 + hi Garbage ctermbg=124 + hi TabStop ctermbg=020 + hi NBSP ctermbg=056 hi NarrowNBSP ctermbg=097 hi Todo ctermfg=174 ctermbg=NONE - hi NixCode ctermfg=148 + hi NixCode ctermfg=190 hi NixData ctermfg=149 - hi NixQuote ctermfg=150 + hi NixQuote ctermfg=119 hi diffNewFile ctermfg=207 hi diffFile ctermfg=207 diff --git a/submodules/krops b/submodules/krops -Subproject f1b7112ac3cbe090e96f2c82c525b6db69b8203 +Subproject 55aa2c77ce8183f3d2b24f54efa33ab6a42e1e0 diff --git a/tv/2configs/imgur.nix b/tv/2configs/imgur.nix new file mode 100644 index 000000000..ba84fd2df --- /dev/null +++ b/tv/2configs/imgur.nix @@ -0,0 +1,25 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + services.nginx.virtualHosts."ni.r" = { + locations."/image" = { + extraConfig = /* nginx */ '' + client_max_body_size 20M; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; + proxy_pass_header Server; + ''; + }; + }; + + krebs.ht |