diff options
Diffstat (limited to 'lass/2configs')
31 files changed, 796 insertions, 202 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 16f7502ac..6d26ff89a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,7 +8,13 @@ in { #./urxvt.nix ./xserver ./mpv.nix + #./pulse.nix + ./power-action.nix ]; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; users.extraUsers.mainUser.extraGroups = [ "audio" ]; @@ -16,11 +22,6 @@ in { virtualisation.libvirtd.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - programs.ssh.startAgent = false; security.setuidPrograms = [ "slock" ]; @@ -32,6 +33,7 @@ in { environment.systemPackages = with pkgs; [ + acpi dmenu gitAndTools.qgit lm_sensors @@ -44,6 +46,7 @@ in { sxiv xclip xorg.xbacklight + xorg.xhost xsel zathura diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 604d0728d..8fe2b4074 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -1,6 +1,14 @@ { lib, config, pkgs, ... }: -{ - krebs.buildbot.master = let + +with config.krebs.lib; + +let + sshWrapper = pkgs.writeDash "ssh-wrapper" '' + ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ''; + +in { + config.krebs.buildbot.master = let stockholm-mirror-url = http://cgit.prism/stockholm ; in { slaves = { @@ -25,20 +33,34 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; + build-lass-scheduler = '' + # build all lass hosts + sched.append(schedulers.SingleBranchScheduler( + ## only master + change_filter=util.ChangeFilter(branch_re="master"), + treeStableTimer=10, + name="prism-master", + builderNames=["build-lass"])) + ''; }; builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + # TODO: get nixpkgs/stockholm paths from krebs + env_lass = { + "LOGNAME": "lass", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq","nix","rsync" ] + deps = [ "gnumake", "jq", "nix", "rsync", "proot" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", @@ -51,16 +73,35 @@ factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { + build-lass = '' + f = util.BuildFactory() + f.addStep(grab_repo) + #TODO: get hosts via krebs + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + addShell(f,name="build-{}".format(i),env=env_lass, + command=nixshell + \ + ["make \ + test \ + ssh=${sshWrapper} \ + target=build@localhost:${config.users.users.build.home}/testbuild \ + method=build \ + system={}".format(i)]) + + bu.append(util.BuilderConfig(name="build-lass", + slavenames=slavenames, + factory=f)) + + ''; fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) for i in [ "prism", "mors", "echelon" ]: - addShell(f,name="populate-{}".format(i),env=env, + addShell(f,name="populate-{}".format(i),env=env_lass, command=nixshell + \ ["{}( make system={} eval.config.krebs.build.populate \ | jq -er .)".format("!" if "failing" in i else "",i)]) - addShell(f,name="build-test-minimal",env=env, + addShell(f,name="build-test-minimal",env=env_lass, command=nixshell + \ ["nix-instantiate \ --show-trace --eval --strict --json \ @@ -86,17 +127,17 @@ }; }; - krebs.buildbot.slave = { + config.krebs.buildbot.slave = { enable = true; masterhost = "localhost"; username = "testslave"; password = "lasspass"; packages = with pkgs;[ git nix gnumake jq rsync ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + NIX_PATH="nixpkgs=/var/src/nixpkgs"; }; }; - krebs.iptables = { + config.krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } @@ -104,4 +145,29 @@ ]; }; }; + + #ssh workaround for make test + options.lass.build-ssh-privkey = mkOption { + type = types.secret-file; + default = { + path = "${config.users.users.buildbotSlave.home}/ssh.privkey"; + owner = { inherit (config.users.users.buildbotSlave ) name uid;}; + source-path = toString <secrets> + "/build.ssh.key"; + }; + }; + config.krebs.secret.files = { + build-ssh-privkey = config.lass.build-ssh-privkey; + }; + config.users.users = { + build = { + name = "build"; + uid = genid "build"; + home = "/home/build"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" + ]; + }; + }; } diff --git a/lass/2configs/cbase.nix b/lass/2configs/c-base.nix index 9d13bc30d..9d13bc30d 100644 --- a/lass/2configs/cbase.nix +++ b/lass/2configs/c-base.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1c06acf38..9e0e37e48 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -7,6 +7,7 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ../2configs/nixpkgs.nix ./backups.nix { users.extraUsers = @@ -40,6 +41,12 @@ with config.krebs.lib; }; }; } + { + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; + } ]; networking.hostName = config.krebs.build.host.name; @@ -52,14 +59,13 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + secrets = if getEnv "dummy_secrets" == "true" + then toString <stockholm/lass/2configs/tests/dummy-secrets> + else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; - stockholm = "/home/lass/stockholm"; - nixpkgs = { - url = https://github.com/lassulus/nixpkgs; - rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894"; - dev = "/home/lass/src/nixpkgs"; - }; + stockholm = if getEnv "dummy_secrets" == "true" + then "/var/lib/buildbot/slave/build-all/build" + else "/home/lass/stockholm"; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); @@ -114,8 +120,12 @@ with config.krebs.lib; #neat utils krebspaste + pciutils psmisc + rs + tmux untilport + usbutils #unpack stuff p7zip diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 3639a743a..cf9b631c8 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -21,6 +21,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 8199f2bd7..1ba99c8cb 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -28,6 +28,8 @@ with config.krebs.lib; { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "netzclub@lassul.us"; to = lass.mail; } + { from = "nebenan@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index f3b65e816..a724e2e45 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,7 +5,8 @@ let in { krebs.fetchWallpaper = { enable = true; - url = "cloudkrebs/wallpaper.png"; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + url = "prism/wallpaper.png"; }; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 72d6f987f..7c050005b 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -10,8 +10,9 @@ let account default: prism ''; - msmtp = pkgs.writeDashBin "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + msmtp = pkgs.writeBashBin "msmtp" '' + ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ ''; muttrc = pkgs.writeText "muttrc" '' @@ -42,7 +43,7 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="msmtp" # enables parsing of outgoing mail + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set use_from=yes set envelope_from=yes diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 636b44395..f2b70d831 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -41,7 +41,6 @@ let cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news csm_world|http://rss.csmonitor.com/feeds/world|#news - cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news danisch|http://www.danisch.de/blog/feed/|#news dod|http://www.defense.gov/news/afps2.xml|#news dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news @@ -102,7 +101,7 @@ let npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news npr_world|http://www.npr.org/rss/rss.php?id=1004|#news - nsa|http://www.nsa.gov/rss.shtml|#news #bullerei + nsa|https://www.nsa.gov/rss.xml|#news #bullerei nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news painload|https://github.com/krebscode/painload/commits/master.atom|#news phys|http://phys.org/rss-feed/|#news diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix new file mode 100644 index 000000000..c6d8a5f8c --- /dev/null +++ b/lass/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs = { + url = https://github.com/lassulus/nixpkgs; + rev = "7d932301fe1d98a1ef1872a7124e8809279def74"; + }; +} diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix new file mode 100644 index 000000000..0ff8547c7 --- /dev/null +++ b/lass/2configs/power-action.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + +let + suspend = pkgs.writeDash "suspend" '' + ${pkgs.systemd}/bin/systemctl suspend + ''; + + speak = text: + pkgs.writeDash "speak" '' + ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}" + ''; + +in { + lass.power-action = { + enable = true; + plans.low-battery = { + upperLimit = 30; + lowerLimit = 25; + charging = false; + action = pkgs.writeDash "warn-low-battery" '' + ${speak "power level low"} + ''; + }; + plans.suspend = { + upperLimit = 10; + lowerLimit = 0; + charging = false; + action = pkgs.writeDash "suspend-wrapper" '' + /var/setuid-wrappers/sudo ${suspend} + ''; + }; + }; + + users.users.power-action.extraGroups = [ + "audio" + ]; + + security.sudo.extraConfig = '' + ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ''; +} diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix new file mode 100644 index 000000000..3be482191 --- /dev/null +++ b/lass/2configs/pulse.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + pkg = pkgs.pulseaudioLight; + runDir = "/run/pulse"; + + alsaConf = pkgs.writeText "asound.conf" '' + ctl_type.pulse { + libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so; + } + pcm_type.pulse { + libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so; + } + ctl.!default { + type pulse + } + pcm.!default { + type pulse + } + ''; + + clientConf = pkgs.writeText "client.conf" '' + autospawn=no + default-server = unix:${runDir}/socket + ''; + + daemonConf = pkgs.writeText "daemon.conf" '' + exit-idle-time=0 + flat-volumes = no + default-fragments = 4 + default-fragment-size-msec = 25 + ''; + + configFile = pkgs.writeText "default.pa" '' + .include ${pkg}/etc/pulse/default.pa + load-module ${toString [ + "module-native-protocol-unix" + "auth-anonymous=1" + "socket=${runDir}/socket" + ]} + ''; +in + +{ + environment = { + etc = { + "asound.conf".source = alsaConf; + # XXX mkForce is not strong enough (and neither is mkOverride) to create + # /etc/pulse/client.conf, see pulseaudio-hack below for a solution. + #"pulse/client.conf" = mkForce { source = clientConf; }; + #"pulse/client.conf".source = mkForce clientConf; + "pulse/default.pa".source = configFile; + "pulse/daemon.pa".source = daemonConf; + }; + systemPackages = [ + pkg + ] ++ optionals config.services.xserver.enable [ + pkgs.pavucontrol + ]; + }; + + # Allow PulseAudio to get realtime priority using rtkit. + security.rtkit.enable = true; + + system.activationScripts.pulseaudio-hack = '' + ln -fns ${clientConf} /etc/pulse/client.conf + ''; + + systemd.services.pulse = { + wantedBy = [ "sound.target" ]; + before = [ "sound.target" ]; + environment = { + PULSE_RUNTIME_PATH = "${runDir}/home"; + }; + serviceConfig = { + ExecStart = "${pkg}/bin/pulseaudio"; + ExecStartPre = pkgs.writeDash "pulse-start" '' + install -o pulse -g audio -m 0750 -d ${runDir} + install -o pulse -g audio -m 0700 -d ${runDir}/home + ''; + PermissionsStartOnly = "true"; + User = "pulse"; + }; + }; + + users = { + groups.pulse.gid = config.users.users.pulse.uid; + users.pulse = { + uid = genid "pulse"; + group = "pulse"; + extraGroups = [ "audio" ]; + home = "${runDir}/home"; + }; + }; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 17be327b9..59678dbff 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -11,7 +11,7 @@ let source-password = import <secrets/icecast-source-pw>; add_random = pkgs.writeDashBin "add_random" '' - mpc add "$(mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -52,13 +52,8 @@ in { print_current ncmpcpp mpc_cli - tmux ]; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - services.mpd = { enable = true; group = "radio"; @@ -67,7 +62,7 @@ in { audio_output { type "shout" encoding "ogg" - name "my cool stream" + name "the_playlist" host "localhost" port "8000" mount "/radio.ogg" @@ -84,7 +79,7 @@ in { # Optional Parameters user "source" # description "here is my long description" - # genre "jazz" + genre "good music" } # end of audio_output ''; @@ -114,7 +109,7 @@ in { wantedBy = [ "timers.target" ]; timerConfig = { - OnCalendar = "*:*"; + OnCalendar = "*:0/1"; }; }; @@ -123,8 +118,8 @@ in { LIMIT=$1 #in secconds timeLeft () { - playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') + currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -136,16 +131,10 @@ in { description = "radio playlist autoadder"; after = [ "network.target" ]; - path = with pkgs; [ - gawk - mpc_cli - ]; - restartIfChanged = true; serviceConfig = { - Restart = "always"; - ExecStart = "${autoAdd} 100"; + ExecStart = "${autoAdd} 150"; }; }; diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/cbase.txt diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv new file mode 100644 index 000000000..215a7fa0c --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword new file mode 100644 index 000000000..922a74472 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword @@ -0,0 +1 @@ +blabla123 diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key new file mode 100644 index 000000000..91448ad2f --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nix-serve.key @@ -0,0 +1 @@ +key-name:blabla123 diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..99a4033f6 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv @@ -0,0 +1,4 @@ + +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 new file mode 100644 index 000000000..5c12da0b3 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +private key bla +-----END OPENSSH PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa new file mode 100644 index 000000000..885cf61f0 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +private key bla +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw new file mode 100644 index 000000000..b71df1a2d --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/transmission-pw @@ -0,0 +1 @@ +"krebskrebs123" diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix new file mode 100644 index 000000000..c1fce9ea2 --- /dev/null +++ b/lass/2configs/umts.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + + modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl stop wpa_supplicant + systemctl start umts + trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Modem = ${modem-device} + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Baud = 460800 + phone= *99# + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0 + ''; + + + out = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts + ''; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "10s"; + ExecStart = "${wvdial}/bin/wvdial -n"; + }; + }; + }; +in out + diff --git a/lass/2conf |