diff options
Diffstat (limited to 'lass/2configs')
26 files changed, 120 insertions, 93 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index f6390ce4..9d4ad8c6 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -28,9 +28,19 @@ in { ''; } { #font magic - options.lass.myFont = mkOption { - type = types.str; - default = "-schumacher-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + options.lass.fonts = { + regular = mkOption { + type = types.str; + default = "xft:Hack-Regular:pixelsize=11,xft:Symbola"; + }; + bold = mkOption { + type = types.str; + default = "xft:Hack-Bold:pixelsize=11,xft:Symbola"; + }; + italic = mkOption { + type = types.str; + default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol"; + }; }; } ]; @@ -82,8 +92,11 @@ in { termite ]; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc + fonts.fonts = with pkgs; [ + hack-font + hasklig + symbola + xlibs.fontschumachermisc ]; services.xserver = { diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index b2d40d4f..43647892 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -31,7 +31,6 @@ in { } // genAttrs ext-doms (ext-dom: { nginx = { - enableSSL = true; forceSSL = true; enableACME = true; }; diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 9dba5fbf..b0e0a8b8 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -8,6 +8,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; }; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index b255254f..fa01a99c 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,12 +25,15 @@ in { environment = { DISPLAY = ":0"; }; + path = with pkgs; [ + qt5.full + ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; ExecStartPost = copyqConfig; Restart = "always"; - RestartSec = "2s"; + RestartSec = "15s"; StartLimitBurst = 0; User = "lass"; }; diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix new file mode 100644 index 00000000..0a5623bf --- /dev/null +++ b/lass/2configs/dcso-vpn.nix @@ -0,0 +1,44 @@ +with import <stockholm/lib>; +{ ... }: + +{ + + users.extraUsers = { + dcsovpn = rec { + name = "dcsovpn"; + uid = genid "dcsovpn"; + description = "user for running dcso openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.dcsovpn.gid = genid "dcsovpn"; + + services.openvpn.servers = { + dcso = { + config = '' + client + dev tun + tun-mtu 1356 + mssfix + proto udp + float + remote 217.111.55.41 1194 + nobind + user dcsovpn + group dcsovpn + persist-key + persist-tun + ca ${toString <secrets/dcsovpn/ca.pem>} + cert ${toString <secrets/dcsovpn/cert.pem>} + key ${toString <secrets/dcsovpn/cert.key>} + verb 3 + mute 20 + auth-user-pass ${toString <secrets/dcsovpn/login.txt>} + route-method exe + route-delay 2 + ''; + updateResolvConf = true; + }; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e96f4dc7..f745dc4a 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -119,6 +119,7 @@ with import <stockholm/lib>; aria2 #neat utils + file kpaste krebspaste mosh diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix index 0c96e6e9..e305145f 100644 --- a/lass/2configs/dns-stuff.nix +++ b/lass/2configs/dns-stuff.nix @@ -4,7 +4,12 @@ with import <stockholm/lib>; services.dnscrypt-proxy = { enable = true; localAddress = "127.1.0.1"; - resolverName = "cs-de"; + customResolver = { + address = config.krebs.hosts.gum.nets.internet.ip4.addr; + port = 15251; + name = "2.dnscrypt-cert.euer.krebsco.de"; + key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; + }; }; services.dnsmasq = { enable = true; @@ -17,8 +22,6 @@ with import <stockholm/lib>; all-servers dnssec trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 - address=/blog/127.0.0.1 - address=/blog/::1 rebind-domain-ok=/onion/ server=/.onion/127.0.0.1#9053 port=53 diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index c9d7a369..0b56f6f4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -43,6 +43,8 @@ with import <stockholm/lib>; { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } { from = "raf@lassul.us"; to = lass.mail; } + { from = "apple@lassul.us"; to = lass.mail; } + { from = "coinbase@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 00f318e5..ad015180 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; + automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ]; }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 3991acad..4a2199b3 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -53,6 +53,10 @@ let cgit.desc = "Good Music collection + tools"; cgit.section = "art"; }; + nix-user-chroot = { + cgit.desc = "Fork of nix-user-chroot my lethalman"; + cgit.section = "software"; + }; } // mapAttrs make-public-repo-silent { }; @@ -73,8 +77,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; @@ -94,8 +98,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; verbose = true; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 7a988118..91127f73 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -74,12 +74,9 @@ let virtual-mailboxes \ "Unread" "notmuch://?query=tag:unread"\ "INBOX" "notmuch://?query=tag:inbox \ - and NOT tag:killed \ - and NOT to:shackspace \ - and NOT to:c-base \ - and NOT from:security-alert@hpe.com \ and NOT to:nix-devel\ - and NOT to:radio"\ + and NOT to:shackspace\ + and NOT to:c-base" \ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index 65b91a74..2cfc292e 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -6,7 +6,7 @@ let set -euf export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null ''; in { diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index d1ff234e..adaecde2 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -29,7 +29,7 @@ with import <stockholm/lib>; data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#noise "$data" >/dev/null + irc.r 6667 prism-alarm \#noise "$data" >/dev/null ''; in { enable = true; diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 5bd2f2f7..1c253a6c 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -3,7 +3,8 @@ { krebs.per-user.lass.packages = with pkgs; [ pass - gnupg1 + gnupg ]; + programs.gnupg.agent.enable = true; } diff --git a/lass/2configs/reaktor-krebs.nix b/lass/2configs/reaktor-krebs.nix deleted file mode 100644 index 6b17b457..00000000 --- a/lass/2configs/reaktor-krebs.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - krebs.Reaktor.krebs = { - nickname = "Reaktor|krebs"; - channels = [ - "#krebs" - "#nixos-wiki" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - wiki-todo-add - wiki-todo-done - wiki-todo-show - ]; - }; - services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = '' - default_type "text/plain"; - alias /var/lib/Reaktor/state/wiki-todo; - ''; -} diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f0c0ebfe..f3ef23e6 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -15,8 +15,8 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; branches = [ "newest" ]; }; }); diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 7f36fcd9..698344b0 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -5,7 +5,7 @@ let out = { environment.systemPackages = [ (hiPrio vim) - pkgs.pythonPackages.flake8 + pkgs.python35Packages.flake8 ]; environment.etc.vimrc.source = vimrc; @@ -97,13 +97,17 @@ let noremap <esc>[b <nop> | noremap! <esc>[b <nop> noremap <esc>[c <nop> | noremap! <esc>[c <nop> noremap <esc>[d <nop> | noremap! <esc>[d <nop> - vnoremap u <nop> + + let g:ackprg = 'ag --vimgrep' + cnoreabbrev Ack Ack! ''; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ack-vim pkgs.vimPlugins.Gundo pkgs.vimPlugins.Syntastic pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-go (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17c39a5f..6e185a4d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -73,17 +73,6 @@ in { allowKeysForGroup = true; group = "lasscert"; }; - certs."cgit.lassul.us" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/acme-challenges"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - }; }; krebs.tinc_graphs.enable = true; @@ -119,8 +108,8 @@ in { ]; services.nginx.virtualHosts."lassul.us" = { + addSSL = true; enableACME = true; - serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' root /srv/http/lassul.us; ''; @@ -158,30 +147,12 @@ in { in '' alias ${initscript}; ''; - - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; - sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; services.nginx.virtualHosts.cgit = { - serverAliases = [ - "cgit.lassul.us" - ]; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenges; - ''; - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; - sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; + serverName = "cgit.lassul.us"; + addSSL = true; + enableACME = true; }; users.users.blog = { diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 7cb4b320..2fffa6cc 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -3,12 +3,13 @@ { krebs.secret.files.mysql_rootPassword = { path = "${config.services.mysql.dataDir}/mysql_rootPassword"; - owner.name = "root"; + owner.name = "mysql"; source-path = toString <secrets> + "/mysql_rootPassword"; }; services.mysql = { enable = true; + dataDir = "/var/mysql"; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 1e5f2d17..d5496ac0 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -13,13 +13,19 @@ in { uid = genid "chat"; useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-android.pubkey ]; }; + # mosh + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + #systemd.services.chat = { # description = "chat environment setup"; # after = [ "network.target" ]; diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 2444d32d..0d2b731c 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -5,7 +5,7 @@ let in { krebs.per-user.wine.packages = with pkgs; [ - wineFull + wine #(wineFull.override { wineBuild = "wine64"; }) ]; users.users= { diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index adbcd353..a3c54f3a 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -8,8 +8,10 @@ let URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt*SaveLines: 4096 - URxvt*font: ${config.lass.myFont} - URxvt*boldFont: ${config.lass.myFont} + + URxvt.font: ${config.lass.fonts.regular} + URxvt.boldFont: ${config.lass.fonts.bold} + URxvt.italicFont: ${config.lass.fonts.italic} ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl |