diff options
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/mud.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/external/kmein.nix | 23 | ||||
-rw-r--r-- | krebs/3modules/iptables.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 26 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/hack.nix | 6 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/pager.nix | 23 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/xmonad-stockholm.nix | 17 | ||||
-rw-r--r-- | krebs/5pkgs/simple/git-hooks/default.nix | 7 | ||||
-rw-r--r-- | krebs/5pkgs/simple/pager.nix | 36 | ||||
-rw-r--r-- | krebs/5pkgs/simple/qrscan.nix | 26 | ||||
-rw-r--r-- | krebs/5pkgs/simple/untilport/default.nix | 2 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 8 |
13 files changed, 128 insertions, 60 deletions
diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix index 30f232b64..a53596cc6 100644 --- a/krebs/2configs/mud.nix +++ b/krebs/2configs/mud.nix @@ -5,7 +5,7 @@ MUD_SERVER=''${MUD_SERVER:-127.0.0.1} MUD_PORT=''${MUD_PORT:-8080} - if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then + if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then ${nvim}/bin/nvim \ +"let g:instant_username = \"$MUD_NICKNAME\"" \ +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix index 4605fbdf0..52ca718dd 100644 --- a/krebs/3modules/external/kmein.nix +++ b/krebs/3modules/external/kmein.nix @@ -116,6 +116,28 @@ in wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + tahina = { + nets.retiolum = { + ip4.addr = "10.243.2.74"; + aliases = [ "tahina.r" "tahina.kmein.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtX6RpdFl9AqCF6Jy9ZhGY1bOUnEw5x3wm8gBK/aFb5592G3sGbWV + 5Vv1msdLcoYQ5X4sgp3wizE5tbW7SiRVBwVB4mfYxe5KSiFJvTmXdp/VtKXs/hD8 + VXNBjCdPeFOZ4Auh4AT+eibA/lW5veOnBkrsD/GkEcAkKb2MMEoxv4VqLDKuNzPv + EfE+mIb/J3vJmfpLG/+VGLrCuyShjPR2z0o5KMg8fI4ukcg6vwWwGE3Qd8JkSYMz + iy9oIGo/AJNyOUG0vQXL1JU/LFBXKty515UmXR2hO/Xi1w92DT8lxfLYRgoseT2u + i4aHmfl49LGkpQVIFejj6R0FrZBd5R2ElmQbmxSKS1PO9VheOOm02fgVXRpeoh6R + FdDkFWWmELW921UtEB2jSIMkf5xW8XmlJlGveaDnkld07aQlshnnOUfIs3r7H+T9 + 9g1QxiE7EFeoLrfIkgT81F+iL6RazSbf9DcTxvrKv+cZBrZKdcurcTtX0wFFD4wZ + 0tzYPTcAnv/ytacf2/jv/Vm3xNFyjrBLM6ZtJtZ6NAJvD+OW4G/o2941KCu1Mqz/ + VFAJW3djrqfASNCU1GqtHV0wdJMN8EszDNYdJ7pyw6+rG2PeYCVfE7wNe3b6zYqY + tUYhU1xkQQD4xgOMX3AdSI/JGjxMBBKlJXafwdDW8LMBWBPt+9Xq2vMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "m8fnOzCx2KVsQx/616+AzVW5OTgAjBGDoT/PpKuyx+I"; + }; + }; zaatar = { nets.retiolum = { ip4.addr = "10.243.2.34"; @@ -125,6 +147,7 @@ in "grocy.kmein.r" "moodle.kmein.r" "radio.kmein.r" + "home.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 3bab13b0e..7007090c0 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -125,8 +125,8 @@ let (interface: interfaceConfig: [ (map (port: { predicate = "-i ${interface} -p tcp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPorts) (map (port: { predicate = "-i ${interface} -p udp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPorts) - (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges) - (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges) + (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges) + (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges) ]) config.networking.firewall.interfaces ); diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index e096118c6..965505a75 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,11 +1,13 @@ -with import <stockholm/lib>; +with import ../../../lib; { config, ... }: let - hostDefaults = hostName: host: foldl' recursiveUpdate {} [ + evalHost = hostName: hostConfig: evalSubmodule types.host [ + hostConfig { + name = hostName; owner = config.krebs.users.tv; } - (optionalAttrs (host.nets?retiolum) { + (optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) { nets.retiolum = { ip6.addr = (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; @@ -23,14 +25,19 @@ with import <stockholm/lib>; wireguard.pubkey = readFile pubkey-path; }; }) - host + (host: mkIf (host.config.ssh.pubkey != null) { + ssh.privkey = mapAttrs (const mkDefault) { + path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}"; + type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey)); + }; + }) ]; in { dns.providers = { "viljetic.de" = "regfish"; }; - hosts = mapAttrs hostDefaults { + hosts = mapAttrs evalHost { alnus = { ci = true; cores = 2; @@ -53,7 +60,6 @@ in { tinc.pubkey_ed25519 = "Td6pRkmSzSGVJll26rULdr6W4U87xsHZ/87NEaglW3K"; }; }; - ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa"; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; au = { @@ -79,7 +85,6 @@ in { }; }; secure = true; - ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; bu = { @@ -129,7 +134,6 @@ in { }; }; secure = true; - ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rrf9tvuusYlnSZwUiHS4O+AhrpVZ/6n7peSRKojTc root@hu"; }; mu = { @@ -154,7 +158,6 @@ in { tinc.pubkey_ed25519 = "cEf/Kq/2Fo70yoIcVmhIp4it9eA7L3GdkgrVE9AWU6C"; }; }; - ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu"; }; ni = { @@ -234,7 +237,6 @@ in { }; }; secure = true; - ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; wu = { @@ -261,7 +263,6 @@ in { }; }; secure = true; - ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; querel = { @@ -290,7 +291,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r"; }; xu = { @@ -321,7 +321,6 @@ in { }; }; secure = true; - ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; zu = { @@ -346,7 +345,6 @@ in { }; }; secure = true; - ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu"; }; umz = { diff --git a/krebs/5pkgs/haskell/hack.nix b/krebs/5pkgs/haskell/hack.nix index 37ef94e46..df3343818 100644 --- a/krebs/5pkgs/haskell/hack.nix +++ b/krebs/5pkgs/haskell/hack.nix @@ -3,11 +3,11 @@ }: mkDerivation { pname = "hack"; - version = "1.0.0"; + version = "1.0.1"; src = fetchgit { url = "https://cgit.krebsco.de/hack"; - sha256 = "0hi6frpnxbg3h6s7gd48ri57jc226qycy4rnhmpzpq195xf8y3pf"; - rev = "cb004b2e5f0fce6cea8d54e60558a1c1904dbe39"; + sha256 = "0ry5ikn89ij512qvk1xhdhfz4s8a6b9yawgx6lxgnw5jkiyjd7ka"; + rev = "f3ea150aca5cc86878fa10bc5b1f0918fc154e2a"; fetchSubmodules = true; }; isLibrary = true; diff --git a/krebs/5pkgs/haskell/pager.nix b/krebs/5pkgs/haskell/pager.nix new file mode 100644 index 000000000..3c9f80466 --- /dev/null +++ b/krebs/5pkgs/haskell/pager.nix @@ -0,0 +1,23 @@ +{ mkDerivation, base, blessings, bytestring, containers +, data-default, hack, lib, optparse-applicative, probability +, scanner, speculate, split, terminal-size, text, unix, X11 +, fetchgit +}: +mkDerivation { + pname = "pager"; + version = "1.0.0"; + src = fetchgit { + url = "https://cgit.krebsco.de/pager"; + sha256 = "1kqd27faxinkwpxancyk0xl6n7ljlc8iqhnnq85l76bk4qi9b45i"; + rev = "f4cdf79bd4a75e9eafe68b9a908f4cc68682b7ef"; + fetchSubmodules = true; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base blessings bytestring containers data-default hack + optparse-applicative probability scanner speculate split + terminal-size text unix X11 + ]; + license = lib.licenses.mit; +} diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 751f26749..c43dbe271 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,15 +1,18 @@ -{ mkDerivation, base, containers, fetchgit, filepath, lib, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib +{ mkDerivation, base, containers, directory, fetchgit, filepath +, lib, unix, X11, X11-xft, X11-xshape, xmonad, xmonad-contrib }: -mkDerivation rec { +mkDerivation { pname = "xmonad-stockholm"; - version = "1.3.0"; + version = "1.3.1"; src = fetchgit { - url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "refs/tags/v1.3.0"; - sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9"; + url = "https://cgit.krebsco.de/xmonad-stockholm"; + sha256 = "1m4kkppy143jvjzhy5aawh8q6sglpnqhiajxbdcr42j02ibf3vvq"; + rev = "89bae8aad73db8fe9e11da7d515f0b236e7fea51"; + fetchSubmodules = true; }; libraryHaskellDepends = [ - base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib + base containers directory filepath unix X11 X11-xft X11-xshape + xmonad xmonad-contrib ]; license = lib.licenses.mit; } diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index c9dcc7541..3ec43739c 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -96,7 +96,12 @@ with stockholm.lib; #$host $GIT_SSH_REPO $ref $link add_message $(pink push) $link $(gray "($receive_mode)") - ${optionalString verbose /* sh */ '' + ${optionalString (verbose == true || typeOf verbose == "set") /* sh */ '' + ${optionalString (verbose.exclude or [] != []) /* sh */ '' + case $ref in (${concatStringsSep "|" verbose.exclude}) + continue + esac + ''} add_message "$( git log \ --format="$(orange %h) %s $(gray '(%ar)')" \ diff --git a/krebs/5pkgs/simple/pager.nix b/krebs/5pkgs/simple/pager.nix new file mode 100644 index 000000000..ed740490d --- /dev/null +++ b/krebs/5pkgs/simple/pager.nix @@ -0,0 +1,36 @@ +{ pkgs }: + +pkgs.writeDashBin "pager" '' + # usage: pager {view,shift,shiftview} + # + # Environment variables + # + # PAGER_NAME (default: Pager) + # The environment variables specifies the application name under which + # resources are to be obtained. PAGER_NAME should not contain “.” or “*” + # characters. + # + set -efu + + pidfile=$XDG_RUNTIME_DIR/pager.lock + name=''${PAGER_NAME-Pager} + + if test -e "$pidfile" && + ${pkgs.procps}/bin/pgrep --pidfile="$pidfile" >/dev/null + then + ${pkgs.procps}/bin/pkill --pidfile="$pidfile" + ${pkgs.coreutils}/bin/rm "$pidfile" + exit + fi + + echo $$ > "$pidfile" + + exec ${pkgs.xterm}/bin/xterm \ + -name "$name" \ + -ti vt340 \ + -xrm 'Pager*geometry: 32x10' \ + -xrm 'Pager*internalBorder: 2' \ + -xrm 'Pager*background: #050505' \ + -xrm 'Pager*foreground: #d0d7d0' \ + -e ${pkgs.haskellPackages.pager}/bin/pager "$@" +'' diff --git a/krebs/5pkgs/simple/qrscan.nix b/krebs/5pkgs/simple/qrscan.nix index 7d99dcee7..df9a98053 100644 --- a/krebs/5pkgs/simple/qrscan.nix +++ b/krebs/5pkgs/simple/qrscan.nix @@ -1,27 +1,7 @@ -{ coreutils, gnused, writeDashBin, zbar }: +{ pkgs }: -writeDashBin "qrscan" '' +pkgs.writeDashBin "qrscan" '' set -efu - tmpdir=$(${coreutils}/bin/mktemp --tmpdir -d qrscan.XXXXXXXX) - codefile=$tmpdir/code - - cleanup() { - ${coreutils}/bin/rm "$codefile" - ${coreutils}/bin/rmdir "$tmpdir" - } - - ${coreutils}/bin/mkfifo "$codefile" - - ${zbar}/bin/zbarcam > "$codefile" & - zbarcampid=$! - - exec < "$codefile" - while read -r code; do - code=$(printf %s "$code" | ${gnused}/bin/sed -n 's/^QR-Code://p') - if test -n "$code"; then - ${coreutils}/bin/kill "$zbarcampid" - echo "$code" - fi - done + ${pkgs.zbar}/bin/zbarcam -1 | ${pkgs.gnused}/bin/sed -n 's/^QR-Code://p' '' diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix index 61bcc2b89..2930fd1eb 100644 --- a/krebs/5pkgs/simple/untilport/default.nix +++ b/krebs/5pkgs/simple/untilport/default.nix @@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" '' if [ $# -ne 2 ]; then usage else - until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done + until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done fi '' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 71367c2f1..0ab773cb1 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", - "date": "2022-02-21T09:47:16+01:00", - "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs", - "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2", + "rev": "ff9efb0724de5ae0f9db9df2debefced7eb1571d", + "date": "2022-04-12T21:26:28-03:00", + "path": "/nix/store/85qw9pp6zxy2dcgshm2xkhhhccrnp8hy-nixpkgs", + "sha256": "188h461pilsiym2dqzl17vx1g9pb816cwdi0az9mbw207w721avz", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e7760128f..5daeb5f44 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2", - "date": "2022-03-04T16:09:08+01:00", - "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs", - "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6", + "rev": "2f06b87f64bc06229e05045853e0876666e1b023", + "date": "2022-04-14T11:00:29-03:00", + "path": "/nix/store/bxspkr9qcbkzgrx16axi2qqbny9hcbvz-nixpkgs", + "sha256": "1d7zg96xw4qsqh7c89pgha9wkq3rbi9as3k3d88jlxy2z0ns0cy2", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, |