diff options
-rw-r--r-- | krebs/2configs/shack/mobile.mpd.nix | 5 | ||||
-rw-r--r-- | krebs/2configs/shack/ympd-top-next.patch | 16 | ||||
-rw-r--r-- | krebs/krops.nix | 14 | ||||
-rw-r--r-- | lass/1systems/blue/source.nix | 14 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 1 | ||||
-rw-r--r-- | lass/2configs/hardening.nix | 11 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 61 | ||||
-rw-r--r-- | lass/2configs/reaktor-coders.nix | 46 | ||||
-rw-r--r-- | lass/5pkgs/custom/xmonad-lass/default.nix | 3 | ||||
-rw-r--r-- | makefu/0tests/data/secrets/nixos-community | 0 | ||||
-rw-r--r-- | makefu/1systems/x/config.nix | 4 | ||||
-rw-r--r-- | makefu/2configs/bureautomation/default.nix | 7 | ||||
-rw-r--r-- | makefu/2configs/bureautomation/hass.nix | 97 | ||||
-rw-r--r-- | makefu/2configs/dict.nix | 5 | ||||
-rw-r--r-- | makefu/2configs/remote-build/aarch64-community.nix | 15 | ||||
-rw-r--r-- | makefu/2configs/tools/dev.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/virtualisation/virtualbox.nix | 5 |
17 files changed, 231 insertions, 74 deletions
diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix index 2dc466edb..751d233ec 100644 --- a/krebs/2configs/shack/mobile.mpd.nix +++ b/krebs/2configs/shack/mobile.mpd.nix @@ -1,5 +1,8 @@ {lib,pkgs, ... }: let + pkg = lib.overrideDerivation pkgs.ympd (old: { + patches = [ ./ympd-top-next.patch ]; + }); mpdHost = "mpd.shack"; ympd = name: port: let webPort = 10000 + port; @@ -7,7 +10,7 @@ let systemd.services."ympd-${name}" = { description = "mpd for ${name}"; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; + serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; }; services.nginx.virtualHosts."mobile.${name}.mpd.shack" = { serverAliases = [ diff --git a/krebs/2configs/shack/ympd-top-next.patch b/krebs/2configs/shack/ympd-top-next.patch new file mode 100644 index 000000000..fd424f11a --- /dev/null +++ b/krebs/2configs/shack/ympd-top-next.patch @@ -0,0 +1,16 @@ +diff --git a/htdocs/index.html b/htdocs/index.html +index ed77279..eaf92b6 100644 +--- a/htdocs/index.html ++++ b/htdocs/index.html +@@ -76,6 +76,11 @@ + + <div class="col-md-10 col-xs-12"> + <div class="notifications top-right"></div> ++ ++ <ul class="pager"> ++ <li id="prev" class="page-btn hide"><a href="">Previous</a></li> ++ <li id="next" class="page-btn"><a href="">Next</a></li> ++ </ul> + + <div class="panel panel-primary"> + <!-- Default panel contents --> diff --git a/krebs/krops.nix b/krebs/krops.nix index 76bca026d..94418fdc2 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -9,13 +9,19 @@ krebs-source = { test ? false }: rec { nixpkgs = if test then { - derivation = '' - with import <nixpkgs> {}; + derivation = let + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = "${(lib.importJSON ./nixpkgs.json).rev}"; - sha256 = "${(lib.importJSON ./nixpkgs.json).sha256}"; + rev = "${rev}"; + sha256 = "${sha256}"; } ''; } else { diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index a32c3a829..a52771a4d 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,13 +1,19 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - derivation = '' - with import <nixpkgs> {}; + derivation = let + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}"; - sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}"; + rev = "${rev}"; + sha256 = "${sha256}"; } ''; }; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b6565dc6a..f35ebff56 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -36,6 +36,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/hardening.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix new file mode 100644 index 000000000..aee4bf06f --- /dev/null +++ b/lass/2configs/hardening.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, ... }: +with lib; +{ + security.chromiumSuidSandbox.enable = true; + security.lockKernelModules = false; + boot.kernel.sysctl."user.max_user_namespaces" = 63414; + + imports = [ + <nixpkgs/nixos/modules/profiles/hardened.nix> + ]; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 987632cd1..f88b2627b 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -170,32 +170,45 @@ in { }; }; - krebs.Reaktor.playlist = { - nickname = "the_playlist|r"; - channels = [ - "#the_playlist" - "#krebs" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - }; - plugins = with pkgs.ReaktorPlugins; [ - (buildSimpleReaktorPlugin "skip" { - script = "${skip_track}/bin/skip_track"; - pattern = "^skip$"; - }) - (buildSimpleReaktorPlugin "current" { - script = "${print_current}/bin/print_current"; - pattern = "^current$"; - }) - (buildSimpleReaktorPlugin "suggest" { - script = "${pkgs.writeDash "suggest" '' - echo "$@" >> $HOME/playlist_suggest - ''}"; - pattern = "^suggest: (?P<args>.*)$"; - }) + krebs.reaktor2.the_playlist = { + hostname = "irc.freenode.org"; + port = "6697"; + useTLS = true; + nick = "the_playlist"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#the_playlist" + "#krebs" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.the_playlist.stateDir; + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + skip.filename = "${skip_track}/bin/skip_track"; + current.filename = "${print_current}/bin/print_current"; + suggest.filename = pkgs.writeDash "suggest" '' + echo "$@" >> playlist_suggest + ''; + }; + } + ]; + }; + } ]; }; + services.nginx = { enable = true; virtualHosts."radio.lassul.us" = { diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 44d9d6866..4baec1976 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -32,6 +32,7 @@ in { pattern = ''@([^ ]+) (.*)$''; command = 1; arguments = [2]; + env.HOME = config.krebs.reaktor2.coders.stateDir; commands = let lambdabot = (import (pkgs.fetchFromGitHub { owner = "NixOS"; repo = "nixpkgs"; @@ -46,36 +47,21 @@ in { -e "$@" ''; in { - pl = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-pl" '' - ${lambdabotWrapper} "@pl $1" - ''; - }; - type = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-type" '' - ${lambdabotWrapper} "@type $1" - ''; - }; - "let" = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-let" '' - ${lambdabotWrapper} "@let $1" - ''; - }; - run = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-run" '' - ${lambdabotWrapper} "@run $1" - ''; - }; - kind = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-kind" '' - ${lambdabotWrapper} "@kind $1" - ''; - }; + pl.filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + type.filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + "let".filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + run.filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + kind.filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; }; } { diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 483e37bc8..1f2e7110e 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -41,6 +41,7 @@ import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) +import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) @@ -93,7 +94,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) + defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile) floatHooks :: Query (Endo WindowSet) floatHooks = composeOne diff --git a/makefu/0tests/data/secrets/nixos-community b/makefu/0tests/data/secrets/nixos-community new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/nixos-community diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 35779507b..138735d91 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -14,10 +14,12 @@ <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> + <stockholm/makefu/2configs/dict.nix> <stockholm/makefu/2configs/backup/state.nix> # <stockholm/makefu/2configs/dnscrypt/client.nix> <stockholm/makefu/2configs/avahi.nix> + <stockholm/makefu/2configs/support-nixos.nix> # Debugging # <stockholm/makefu/2configs/disable_v6.nix> @@ -64,7 +66,7 @@ <stockholm/makefu/2configs/tor.nix> <stockholm/makefu/2configs/vpn/vpngate.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> - # <stockholm/makefu/2configs/remote-build/master.nix> + <stockholm/makefu/2configs/remote-build/aarch64-community.nix> # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 3897537ea..917044d63 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -5,7 +5,7 @@ let port = 3001; runit = pkgs.writeDash "runit" '' set -xeuf - PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin name=''${1?must provide name as first arg} state=''${2?must provide state as second arg} # val=''${3?must provide val as third arg} @@ -14,9 +14,10 @@ let test $state = alerting || exit 0 echo $name - $state - curl 'http://bauarbeiterlampe/ay?o=1' + topic=plug + mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON sleep 5 - curl 'http://bauarbeiterlampe/ay?o=1' + mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF ''; in { services.logstash = { diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 57184bdf7..b70c9b030 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -1,5 +1,40 @@ { pkgs, lib, ... }: let + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" + { platform = "mqtt"; + inherit name; + retain = false; + qos = 1; + optimistic = false; + # state + # TODO: currently broken, will not use the custom state topic + state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/bam/${topic}/stat/Dimmer"; + brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; + brightness_value_template = "{{ value_json.Dimmer }}"; + brightness_scale = 100; + # color + rgb_state_topic = "/bam/${topic}/stat/Color"; + rgb_command_topic = "/bam/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/bam/${topic}/stat/Scheme"; + effect_command_topic = "/bam/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; +}; tasmota_plug = name: topic: { platform = "mqtt"; inherit name; @@ -74,6 +109,10 @@ in { (tasmota_plug "Blitzdings" "plug2") (tasmota_plug "Fernseher" "plug3") (tasmota_plug "Feuer" "plug4") + (tasmota_plug "Nachtlicht" "plug5") + ]; + light = [ + (tasmota_rgb "Status Felix" "status1") ]; binary_sensor = [ { platform = "mqtt"; @@ -169,12 +208,16 @@ in { }; automation = [ "automation.turn_off_fernseher_10_minutes_after_last_movement" + "automation.turn_off_nachtlicht_on_sunrise" + "automation.turn_on_nachtlicht_on_motion_and_dusk" ]; switches = [ "switch.bauarbeiterlampe" "switch.blitzdings" "switch.fernseher" "switch.feuer" + "switch.nachtlicht" + "light.status_felix" ]; camera = [ "camera.Baumarkt" @@ -207,11 +250,55 @@ in { }; action = { service = "homeassistant.turn_on"; - entity_id = [ "switch.fernseher" "switch.feuer" ]; + entity_id = [ + "switch.fernseher" + "switch.feuer" + "light.status_felix" + ]; + }; + } + { + alias = "Turn off Nachtlicht on sunrise"; + trigger = + { + platform = "sun"; + event = "sunrise"; + }; + action = + { + service = "homeassistant.turn_off"; + entity_id = [ "switch.nachtlicht" ]; + }; + } + { + alias = "Turn on Nachtlicht on motion and dusk"; + trigger = + { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + condition = # 'when dark' + { + condition = "or"; + conditions = [ + { condition = "sun"; + after = "sunset"; + after_offset = "-00:45:00"; # on dusk + } + { condition = "sun"; + before = "sunrise"; + } + ]; + }; + action = + { + service = "homeassistant.turn_on"; + entity_id = [ "switch.nachtlicht" ]; }; } { alias = "Turn off Fernseher 10 minutes after last movement"; - trigger = [ + trigger = [ { # trigger when movement was detected at the time platform = "state"; entity_id = "binary_sensor.motion"; @@ -226,7 +313,11 @@ in { ]; action = { service = "homeassistant.turn_off"; - entity_id = [ "switch.fernseher" "switch.feuer" ]; + entity_id = [ + "switch.fernseher" + "switch.feuer" + "light.status_felix" + ]; }; condition = { condition = "and"; diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix new file mode 100644 index 000000000..6db9102ba --- /dev/null +++ b/makefu/2configs/dict.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: +{ + services.dictd.enable = true; + services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ]; +} diff --git a/makefu/2configs/remote-build/aarch64-community.nix b/makefu/2configs/remote-build/aarch64-community.nix new file mode 100644 index 000000000..d57eacd68 --- /dev/null +++ b/makefu/2configs/remote-build/aarch64-community.nix @@ -0,0 +1,15 @@ +{ + nix = { + distributedBuilds = true; + buildMachines = [ + { + hostName = "aarch64.nixos.community"; + maxJobs = 64; + sshKey = toString <secrets/nixos-community>; + sshUser = "makefu"; + system = "aarch64-linux"; + supportedFeatures = [ "big-parallel" ]; + } + ]; + }; +} diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index f8e3f9f46..0c877fc7b 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -4,6 +4,7 @@ users.users.makefu.packages = with pkgs;[ python3 python3Packages.pyserial + picocom python3Packages.virtualenv # embedded gi diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix index e90cc1e8d..a8a50939f 100644 --- a/makefu/2configs/virtualisation/virtualbox.nix +++ b/makefu/2configs/virtualisation/virtualbox.nix @@ -2,8 +2,7 @@ { virtualisation.virtualbox.host.enable = true; - nixpkgs.config.virtualbox.enableExtensionPack = true; - virtualisation.virtualbox.host.enableHardening = false; - + virtualisation.virtualbox.host.enableExtensionPack = true; + # virtualisation.virtualbox.host.enableHardening = false; users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ]; } |