summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitlab-ci.yml1
-rw-r--r--krebs/3modules/lass/default.nix52
-rw-r--r--krebs/3modules/lass/ssh/android.rsa2
-rw-r--r--krebs/3modules/syncthing.nix10
-rw-r--r--krebs/5pkgs/simple/q-power_supply.nix126
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/blue/config.nix30
-rw-r--r--lass/1systems/blue/source.nix20
-rw-r--r--lass/1systems/daedalus/physical.nix4
-rw-r--r--lass/1systems/green/config.nix28
-rw-r--r--lass/1systems/green/physical.nix8
-rw-r--r--lass/1systems/green/source.nix14
-rw-r--r--lass/1systems/icarus/config.nix2
-rw-r--r--lass/1systems/mors/config.nix10
-rw-r--r--lass/1systems/mors/physical.nix4
-rw-r--r--lass/1systems/prism/config.nix22
-rw-r--r--lass/1systems/shodan/physical.nix4
-rw-r--r--lass/1systems/yellow/config.nix5
-rw-r--r--lass/2configs/backup.nix8
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/blue.nix4
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/mail.nix6
-rw-r--r--lass/2configs/monitoring/node-exporter.nix15
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix217
-rw-r--r--lass/2configs/prism-share.nix39
-rw-r--r--lass/2configs/reaktor-coders.nix4
-rw-r--r--lass/2configs/syncthing.nix11
-rw-r--r--lass/2configs/virtualbox.nix1
-rw-r--r--lass/2configs/websites/domsen.nix6
-rw-r--r--lass/2configs/wine.nix2
-rw-r--r--lass/2configs/zsh.nix4
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/ensure-permissions.nix66
-rw-r--r--lass/3modules/screenlock.nix9
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix5
-rw-r--r--lass/krops.nix5
-rw-r--r--makefu/0tests/data/secrets/hass/router.nix1
-rw-r--r--makefu/0tests/data/secrets/hass/telegram-bot.json5
-rw-r--r--makefu/2configs/bureautomation/automation/10h_timer.nix13
-rw-r--r--makefu/2configs/bureautomation/automation/bureau-shutdown.nix49
-rw-r--r--makefu/2configs/bureautomation/automation/nachtlicht.nix4
-rw-r--r--makefu/2configs/bureautomation/device_tracker/openwrt.nix14
-rw-r--r--makefu/2configs/bureautomation/devices/users.nix17
-rw-r--r--makefu/2configs/bureautomation/hass.nix77
-rw-r--r--makefu/2configs/bureautomation/light/statuslight.nix19
-rw-r--r--makefu/2configs/bureautomation/person/team.nix29
-rw-r--r--makefu/2configs/bureautomation/switch/rfbridge.nix17
-rw-r--r--makefu/2configs/bureautomation/switch/tasmota_switch.nix7
-rw-r--r--makefu/2configs/editor/vim.nix1
-rw-r--r--makefu/2configs/editor/vimrc11
-rw-r--r--makefu/2configs/tools/all.nix1
-rw-r--r--makefu/2configs/tools/core-gui.nix2
-rw-r--r--makefu/2configs/tools/dev.nix13
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/init-host/default.nix (renamed from makefu/5pkgs/init-host/default.nix)0
-rw-r--r--makefu/2configs/tools/pcmanfm-extra.nix11
-rw-r--r--makefu/5pkgs/bento4/default.nix29
-rw-r--r--makefu/5pkgs/default.nix2
-rw-r--r--makefu/5pkgs/prison-break/default.nix20
-rw-r--r--makefu/5pkgs/prison-break/straight-plugin.nix22
-rw-r--r--makefu/5pkgs/targetcli/default.nix64
m---------submodules/nix-writers0
-rw-r--r--tv/5pkgs/simple/q/default.nix127
65 files changed, 717 insertions, 599 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1946f269e..6d2f15063 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,5 +15,6 @@ nur-packages makefu:
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
- git push --force deploy HEAD:master
+ - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
after_script:
- rm -f deploy.key
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 7352d36e9..a3b8cab39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -106,6 +106,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+ syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
archprism = {
cores = 1;
@@ -326,6 +327,13 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wiregrill = {
+ ip6.addr = w6 "5ce7";
+ aliases = [
+ "skynet.w"
+ ];
+ wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@@ -487,6 +495,46 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
};
+
+ green = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.66";
+ ip6.addr = r6 "12ee";
+ aliases = [
+ "green.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
+ uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
+ ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
+ n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
+ hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
+ m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
+ BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
+ pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
+ 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
+ UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
+ udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
+ 3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "12ee";
+ aliases = [
+ "green.w"
+ ];
+ wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
+ syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
+ };
+
phone = {
nets = {
wiregrill = {
@@ -494,12 +542,12 @@ in {
aliases = [
"phone.w"
];
- wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
+ wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM=";
};
};
external = true;
ci = false;
- syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7";
+ syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB";
};
morpheus = {
cores = 1;
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
index 3d35b76e4..675ba8df2 100644
--- a/krebs/3modules/lass/ssh/android.rsa
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 3c60eec4b..34879fd3f 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -11,8 +11,7 @@ let
}) cfg.peers;
folders = map (folder: {
- inherit (folder) path type;
- id = folder.path;
+ inherit (folder) path id type;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch;
@@ -83,13 +82,18 @@ in
folders = mkOption {
default = [];
- type = types.listOf (types.submodule ({
+ type = types.listOf (types.submodule ({ config, ... }: {
options = {
path = mkOption {
type = types.absolute-pathname;
};
+ id = mkOption {
+ type = types.str;
+ default = config.path;
+ };
+
peers = mkOption {
type = types.listOf types.str;
default = [];
diff --git a/krebs/5pkgs/simple/q-power_supply.nix b/krebs/5pkgs/simple/q-power_supply.nix
new file mode 100644
index 000000000..87f900194
--- /dev/null
+++ b/krebs/5pkgs/simple/q-power_supply.nix
@@ -0,0 +1,126 @@
+{ gawk, gnused, writeDashBin }:
+
+writeDashBin "q-power_supply" ''
+ power_supply() {(
+ set -efu
+ uevent=$1
+ eval "$(${gnused}/bin/sed -n '
+ s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p
+ ' $uevent)"
+ case $POWER_SUPPLY_NAME in
+ AC)
+ exit # not battery
+ ;;
+ esac
+ exec </dev/null
+ exec ${gawk}/bin/awk '
+ function die(s) {
+ printf "%s: %s\n", name, s
+ exit 1
+ }
+
+ function print_hm(h, m) {
+ m = (h - int(h)) * 60
+ return sprintf("%dh%dm", h, m)
+ }
+
+ function print_bar(n, r, t1, t2, t_col) {
+ t1 = int(r * n)
+ t2 = n - t1
+ if (r >= .42) t_col = "1;32"
+ else if (r >= 23) t_col = "1;33"
+ else if (r >= 11) t_col = "1;31"
+ else t_col = "5;1;31"
+ return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr()
+ }
+
+ function sgr(p) {
+ return "\x1b[" p "m"
+ }
+
+ function strdup(s,n,t) {
+ t = sprintf("%"n"s","")
+ gsub(/ /,s,t)
+ return t
+ }
+
+ END {
+ name = ENVIRON["POWER_SUPPLY_NAME"]
+
+ charge_unit = "Ah"
+ charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
+ charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6
+
+ current_unit = "A"
+ current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6
+
+ energy_unit = "Wh"
+ energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6
+ energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
+
+ power_unit = "W"
+ power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6
+
+ voltage_unit = "V"
+ voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6
+ voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6
+
+ #printf "charge_now: %s\n", charge_now
+ #printf "charge_full: %s\n", charge_full
+ #printf "current_now: %s\n", current_now
+ #printf "energy_now: %s\n", energy_now
+ #printf "energy_full: %s\n", energy_full
+ #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"]
+ #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6
+ #printf "power_now: %s\n", power_now
+ #printf "voltage_now: %s\n", voltage_now
+
+ if (current_now == 0 && voltage_now != 0) {
+ current_now = power_now / voltage_now
+ }
+ if (power_now == 0) {
+ power_now = current_now * voltage_now
+ }
+ if (charge_now == 0 && voltage_min_design != 0) {
+ charge_now = energy_now / voltage_min_design
+ }
+ if (energy_now == 0) {
+ energy_now = charge_now * voltage_min_design
+ }
+ if (charge_full == 0 && voltage_min_design != 0) {
+ charge_full = energy_full / voltage_min_design
+ }
+ if (energy_full == 0) {
+ energy_full = charge_full * voltage_min_design
+ }
+
+ if (charge_now == 0 || charge_full == 0) {
+ die("unknown charge")
+ }
+
+ charge_ratio = charge_now / charge_full
+
+ out = out name
+ out = out sprintf(" %s", print_bar(10, charge_ratio))
+ out = out sprintf(" %d%", charge_ratio * 100)
+ out = out sprintf(" %.2f%s", charge_now, charge_unit)
+ if (current_now != 0) {
+ out = out sprintf("/%.1f%s", current_now, current_unit)
+ }
+ out = out sprintf(" %d%s", energy_full, energy_unit)
+ if (power_now != 0) {
+ out = out sprintf("/%.1f%s", power_now, power_unit)
+ }
+ if (current_now != 0) {
+ out = out sprintf(" %s", print_hm(charge_now / current_now))
+ }
+
+ print out
+ }
+ '
+ )}
+
+ for uevent in /sys/class/power_supply/*/uevent; do
+ power_supply "$uevent" || :
+ done
+''
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 28c98ceb2..1ee21020b 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba",
- "date": "2019-03-07T09:54:51+01:00",
- "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr",
+ "rev": "222950952f15f6b1e9f036b80440b597f23e652d",
+ "date": "2019-04-05T10:07:50+02:00",
+ "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd",
"fetchSubmodules": false
}
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index d740403da..a287f548b 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -13,17 +13,24 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.blue;
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
- $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
networking.nameservers = [ "1.1.1.1" ];
- lass.restic = genAttrs [
+ services.restic.backups = genAttrs [
"daedalus"
"icarus"
"littleT"
@@ -31,20 +38,19 @@ with import <stockholm/lib>;
"shodan"
"skynet"
] (dest: {
- dirs = [
- "/home/"
- "/var/lib"
+ initialize = true;
+ extraOptions = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
+ repository = "sftp:backup@${dest}.r:/backups/blue";
passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/blue";
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
+ paths = [
+ "/home/"
+ "/var/lib"
];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
});
+
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a52771a4d..21f3a8bd5 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,20 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = let
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- '';
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
};
}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
index 33a0cb473..d10ced7da 100644
--- a/lass/1systems/daedalus/physical.nix
+++ b/lass/1systems/daedalus/physical.nix
@@ -11,6 +11,10 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
new file mode 100644
index 000000000..6ae157e38
--- /dev/null
+++ b/lass/1systems/green/config.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/mail.nix>
+
+ #<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.green;
+
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
+
+ #networking.nameservers = [ "1.1.1.1" ];
+
+ #time.timeZone = "Europe/Berlin";
+}
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/green/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
new file mode 100644
index 000000000..21f3a8bd5
--- /dev/null
+++ b/lass/1systems/green/source.nix
@@ -0,0 +1,14 @@
+{ lib, pkgs, ... }:
+{
+ nixpkgs = lib.mkForce {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
+ };
+}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 868d75083..06b1e7366 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems