summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/repo-sync.yml2
-rw-r--r--krebs/2configs/container-networking.nix2
-rw-r--r--krebs/2configs/matterbridge.nix9
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/2configs/security-workarounds.nix2
-rw-r--r--krebs/3modules/acl.nix19
-rw-r--r--krebs/3modules/krebs/default.nix1
-rw-r--r--krebs/5pkgs/haskell/brockman/default.nix6
-rw-r--r--krebs/5pkgs/haskell/reaktor2/default.nix8
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix2
-rw-r--r--krebs/5pkgs/simple/weechat-declarative/default.nix85
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/1systems/daedalus/config.nix40
-rw-r--r--lass/1systems/lasspi/physical.nix1
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/1systems/xerxes/config.nix2
-rw-r--r--lass/2configs/IM.nix33
-rw-r--r--lass/2configs/alacritty.nix37
-rw-r--r--lass/2configs/baseX.nix8
-rw-r--r--lass/2configs/bgt-bot/bgt-check.sh57
-rw-r--r--lass/2configs/bgt-bot/default.nix44
-rw-r--r--lass/2configs/bitcoin.nix1
-rw-r--r--lass/2configs/bitlbee.nix2
-rw-r--r--lass/2configs/blue.nix1
-rw-r--r--lass/2configs/br.nix2
-rw-r--r--lass/2configs/codimd.nix5
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/git-brain.nix2
-rw-r--r--lass/2configs/git.nix6
-rw-r--r--lass/2configs/home-media.nix4
-rw-r--r--lass/2configs/jitsi.nix3
-rw-r--r--lass/2configs/mail.nix10
-rw-r--r--lass/2configs/minecraft.nix1
-rw-r--r--lass/2configs/mpv.nix30
-rw-r--r--lass/2configs/paste.nix4
-rw-r--r--lass/2configs/programs.nix35
-rw-r--r--lass/2configs/radio/default.nix5
-rw-r--r--lass/2configs/radio/news.nix46
-rw-r--r--lass/2configs/radio/weather.nix55
-rw-r--r--lass/2configs/radio/weather_for_ips.py12
-rw-r--r--lass/2configs/realwallpaper.nix4
-rw-r--r--lass/2configs/retiolum.nix1
-rw-r--r--lass/2configs/ssh-cryptsetup.nix2
-rw-r--r--lass/2configs/sync/decsync.nix9
-rw-r--r--lass/2configs/sync/sync.nix11
-rw-r--r--lass/2configs/sync/weechat.nix8
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh-tor.priv0
-rw-r--r--lass/2configs/themes.nix1
-rw-r--r--lass/2configs/tmux.nix29
-rw-r--r--lass/2configs/tor-ssh.nix14
-rw-r--r--lass/2configs/vim.nix62
-rw-r--r--lass/2configs/websites/domsen.nix56
-rw-r--r--lass/2configs/websites/lassulus.nix32
-rw-r--r--lass/2configs/websites/ref.ptkk.de/default.nix89
-rw-r--r--lass/2configs/websites/util.nix1
-rw-r--r--lass/2configs/wiregrill.nix4
-rw-r--r--lass/2configs/yubikey.nix2
-rw-r--r--lass/5pkgs/sshvnc/default.nix11
62 files changed, 633 insertions, 314 deletions
diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml
index b4c91299f..5112f7e0c 100644
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@@ -8,7 +8,7 @@ jobs:
if: github.repository_owner == 'Mic92'
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
persist-credentials: false
- name: repo-sync
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
index fa4488800..bf3fe711e 100644
--- a/krebs/2configs/container-networking.nix
+++ b/krebs/2configs/container-networking.nix
@@ -1,7 +1,7 @@
{ lib, ... }:
{
networking.nat.enable = true;
- networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.internalInterfaces = ["ve-+" "ctr+" ];
networking.nat.externalInterface = lib.mkDefault "et0";
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
}
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index 9c0908def..a68aa292c 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -19,11 +19,6 @@
inherit Nick;
};
};
- mumble.lassulus = {
- Server = "lassul.us:64738";
- Nick = "krebs_bridge";
- SkipTLSVerify = true;
- };
gateway = [
{
name = "krebs-bridge";
@@ -37,10 +32,6 @@
account = "telegram.krebs";
channel = "-330372458";
}
- {
- account = "mumble.lassulus";
- channel = 6; # "nixos"
- }
];
}
];
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 1f966bf24..9e2cec10a 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -164,7 +164,7 @@
if [ ''${#youtube_url} -eq 24 ]; then
youtube_id=$youtube_url
else
- youtube_id=$(${pkgs.youtube-dl}/bin/youtube-dl --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
+ youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
fi
echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss"
'';
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 305d31405..205cc96f4 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -148,6 +148,7 @@ in {
services.nginx = {
virtualHosts."agenda.r" = {
+ serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
alias ${pkgs.writeText "agenda.html" ''
<!DOCTYPE html>
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 0743f2b49..b1a492f51 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
- # https://github.com/Lassulus/CVE-2021-4034
- security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
}
diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix
index 9cdbb6cff..d23706499 100644
--- a/krebs/3modules/acl.nix
+++ b/krebs/3modules/acl.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: let
parents = dir:
if dir == "/" then
- [ dir ]
+ []
else
[ dir ] ++ parents (builtins.dirOf dir)
;
@@ -40,13 +40,16 @@ in {
pkgs.coreutils
];
serviceConfig = {
- ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings (
- lib.mapAttrsToList (_: rule: ''
- setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
- ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
- ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
- '') rules
- ));
+ ExecStart = pkgs.writers.writeDash "acl" ''
+ mkdir -p "${path}"
+ ${lib.concatStrings (
+ lib.mapAttrsToList (_: rule: ''
+ setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
+ ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
+ ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents (builtins.dirOf path)))}
+ '') rules
+ )}
+ '';
RemainAfterExit = true;
Type = "simple";
};
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index d58f0fbaa..854176f0b 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -74,6 +74,7 @@ in {
aliases = [
"hotdog.r"
"agenda.r"
+ "kri.r"
"build.r"
"build.hotdog.r"
"ca.r"
diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix
index 8a2311a2e..6a0c7f9df 100644
--- a/krebs/5pkgs/haskell/brockman/default.nix
+++ b/krebs/5pkgs/haskell/brockman/default.nix
@@ -7,19 +7,19 @@
}:
mkDerivation rec {
pname = "brockman";
- version = "4.0.3";
+ version = "4.0.4";
src = fetchFromGitHub {
owner = "kmein";
repo = "brockman";
rev = version;
- sha256 = "sha256-rjwroSG9ys0FV2JM70kzmCutMVpUTx8cQ+jQq8Hw1kw=";
+ sha256 = "sha256-GOEEUjehFgMMf6cNpi0AP/Rz74sTDEcpKRbLD+6YEz0=";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson aeson-pretty base bytestring case-insensitive conduit
containers directory feed filepath hashable hslogger html-entity
- http-client irc-conduit lens lrucache lrucaching network
+ http-client irc-conduit lens lrucache network
optparse-applicative random safe text time timerep wreq
];
license = lib.licenses.mit;
diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix
index d41d8d818..9ff2bd883 100644
--- a/krebs/5pkgs/haskell/reaktor2/default.nix
+++ b/krebs/5pkgs/haskell/reaktor2/default.nix
@@ -8,11 +8,11 @@
}:
mkDerivation rec {
pname = "reaktor2";
- version = "0.4.0";
+ version = "0.4.0a";
src = fetchgit {
- url = "https://cgit.krebsco.de/reaktor2";
- sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp";
- rev = "v${version}";
+ url = "https://cgit.lassul.us/reaktor2";
+ sha256 = "sha256-x1i2TWcycYVFij6832xaBiQa1RQ1VmSfu5Qt1QrUtds=";
+ rev = "6d3eb6de5e770ee26874bb7449934f0c55bd1efa";
fetchSubmodules = true;
};
isLibrary = false;
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 2fbc7ff86..832e47f26 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -122,7 +122,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') &
# regular fetches
- fetch marker.json.tmp "$marker_url"
+ fetch marker.json.tmp "$marker_url" || :
if [ -s marker.json.tmp ]; then
mv marker.json.tmp marker.json
fi
diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix
index e6ecfd631..5f9c8635b 100644
--- a/krebs/5pkgs/simple/weechat-declarative/default.nix
+++ b/krebs/5pkgs/simple/weechat-declarative/default.nix
@@ -109,45 +109,60 @@ let
};
};
+ setFile = pkgs.writeText "weechat.set" (
+ lib.optionalString (cfg.settings != {})
+ (lib.concatStringsSep "\n" (
+ lib.optionals
+ (cfg.settings.irc or {} != {})
+ (lib.mapAttrsToList
+ (name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}")
+ cfg.settings.irc.server)
+ ++
+ lib.optionals
+ (cfg.settings.matrix or {} != {})
+ (lib.mapAttrsToList
+ (name: server: "/matrix server add ${name} ${server.address}")
+ cfg.settings.matrix.server)
+ ++
+ lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
+ ++
+ lib.optionals
+ (cfg.settings.filters or {} != {})
+ (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
+ ++
+ lib.singleton cfg.extraCommands
+ ))
+ );
+
weechat = pkgs.weechat.override {
configure = _: {
- init = lib.optionalString (cfg.settings != {})
- (lib.concatStringsSep "\n" (
- lib.optionals
- (cfg.settings.irc or {} != {})
- (lib.mapAttrsToList
- (name: server: "/server add ${name} ${server.address}")
- cfg.settings.irc.server)
- ++
- lib.optionals
- (cfg.settings.matrix or {} != {})
- (lib.mapAttrsToList
- (name: server: "/matrix server add ${name} ${server.address}")
- cfg.settings.matrix.server)
- ++
- lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
- ++
- lib.optionals
- (cfg.settings.filters or {} != {})
- (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
- ++
- lib.singleton cfg.extraCommands
- ));
+ init = "/exec -oc cat ${setFile}";
scripts = cfg.scripts;
};
};
-in pkgs.writers.writeDashBin "weechat" ''
- CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
- ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
- ${lib.concatStringsSep "\n"
- (lib.mapAttrsToList
- (name: target: /* sh */ ''
- ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
- '')
- cfg.files
- )
- }
- exec ${weechat}/bin/weechat "$@"
-''
+ wrapper = pkgs.writers.writeDashBin "weechat" ''
+ CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
+ ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
+ ${lib.concatStringsSep "\n"
+ (lib.mapAttrsToList
+ (name: target: /* sh */ ''
+ ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+ '')
+ cfg.files
+ )
+ }
+ exec ${weechat}/bin/weechat "$@"
+ '';
+
+in pkgs.symlinkJoin {
+ name = "weechat-configured";
+ paths = [
+ wrapper
+ pkgs.weechat
+ ];
+ postBuild = ''
+ ln -s ${setFile} $out/weechat.set
+ '';
+}
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 30be112d1..49d65160d 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d",
- "date": "2022-05-09T07:45:23+00:00",
- "path": "/nix/store/56hy8l0ky71qdx5zibjzzg0q8ivkk7vc-nixpkgs",
- "sha256": "0px2fk64s56qxd8ir8xg8bsj5yz1w399ps4xfkyx29n2ywp9ar7c",
+ "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060",
+ "date": "2022-05-24T17:55:48+02:00",
+ "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs",
+ "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 970ffa20a..3e20b2a87 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879",
- "date": "2022-04-30T11:27:15+02:00",
- "path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs",
- "sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h",
+ "rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f",
+ "date": "2022-05-28T12:29:49+02:00",
+ "path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs",
+ "sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index bc421a75f..59dbd91b5 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-21.11' \
+ --rev refs/heads/nixos-22.05' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index b08919802..d6943c110 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -43,7 +43,7 @@ with import <stockholm/lib>;
libreoffice
audacity
zathura
- skype
+ skypeforlinux
wine
geeqie
vlc
@@ -56,22 +56,32 @@ with import <stockholm/lib>;
services.xserver.layout = "de";
}
{
- krebs.per-user.bitcoin.packages = [
- pkgs.electrum
- pkgs.electron-cash
- pkgs.litecoin
- ];
- users.extraUsers = {
- bitcoin = {
- name = "bitcoin";
- description = "user for bitcoin stuff";
- home = "/home/bitcoin";
- isNormalUser = true;
- useDefaultShell = true;
- createHome = true;
- extraGroups = [ "audio" ];
+ users = {
+ groups.plugdev = {};
+ users = {
+ bitcoin = {
+ name = "bitcoin";
+ description = "user for bitcoin stuff";
+ home = "/home/bitcoin";
+ isNormalUser = true;
+ useDefaultShell = true;
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ "plugdev"
+ ];
+ packages = let
+ unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
+ in [
+ pkgs.electrum
+ pkgs.electron-cash
+ unstable.ledger-live-desktop
+ ];
+ };
};
};
+ hardware.ledger.enable = true;
security.sudo.extraConfig = ''
bubsy ALL=(bitcoin) NOPASSWD: ALL
'';
diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix
index 80c459a95..868bafad5 100644
--- a/lass/1systems/lasspi/physical.nix
+++ b/lass/1systems/lasspi/physical.nix
@@ -25,7 +25,6 @@
version = 4;
};
boot.loader.grub.enable = false;
- boot.loader.generic-extlinux-compatible.enable = true;
# Required for the Wireless firmware
hardware.enableRedistributableFirmware = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d174e6057..62c6f0b71 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -124,6 +124,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
+ <stockholm/lass/2configs/bgt-bot>
{
services.tor = {
enable = true;
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
index bf818a9b2..6972567d7 100644
--- a/lass/1systems/xerxes/config.nix
+++ b/lass/1systems/xerxes/config.nix
@@ -47,7 +47,7 @@
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.xboxdrv.overrideAttrs(o: {
- patches = [ (pkgs.fetchurl {
+ patches = o.patches ++ [ (pkgs.fetchurl {
url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch";
sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5";
}) ];
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 5b8cebf5c..8567def02 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -1,38 +1,23 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }: let
weechat = pkgs.weechat.override {
- configure = { availablePlugins, ... }: with pkgs.weechatScripts; {
- plugins = lib.attrValues (availablePlugins // {
- python = availablePlugins.python.withPackages (_: [ weechat-matrix ]);
- });
- scripts = [ weechat-matrix ];
+ configure = { availablePlugins, ... }: {
+ scripts = with pkgs.weechatScripts; [
+ weechat-matrix
+ ];
};
};
- tmux = pkgs.writeDashBin "tmux" ''
- exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
- set-option -g prefix `
- unbind-key C-b
- bind ` send-prefix
-
- set-option -g status off
- set-option -g default-terminal screen-256color
-
- #use session instead of windows
- bind-key c ne