diff options
Diffstat (limited to 'lass')
30 files changed, 659 insertions, 404 deletions
diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix new file mode 100644 index 000000000..ed5bbcf12 --- /dev/null +++ b/lass/1systems/aergia/config.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/pipewire.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/sync/sync.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/yellow-mounts/samba.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/bitcoin.nix> + # <stockholm/lass/2configs/xonsh.nix> + <stockholm/lass/2configs/review.nix> + <stockholm/lass/2configs/dunst.nix> + <stockholm/lass/2configs/print.nix> + <stockholm/lass/2configs/br.nix> + ]; + + system.stateVersion = "22.11"; + + krebs.build.host = config.krebs.hosts.aergia; + + environment.systemPackages = with pkgs; [ + brain + bank + l-gen-secrets + generate-secrets + ]; + + programs.adb.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + }; + hardware.pulseaudio.package = pkgs.pulseaudioFull; + + lass.browser.config = { + fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; }; + }; + + nix.trustedUsers = [ "root" "lass" ]; + + # nix.extraOptions = '' + # extra-experimental-features = nix-command flakes + # ''; + + services.tor = { + enable = true; + client.enable = true; + }; + + documentation.nixos.enable = true; + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + + boot.cleanTmpDir = true; + + # vbox + virtualisation.virtualbox.host.enable = true; + users.users.mainUser.extraGroups = [ "vboxusers" ]; +} diff --git a/lass/1systems/aergia/disk.nix b/lass/1systems/aergia/disk.nix new file mode 100644 index 000000000..0ae0892ee --- /dev/null +++ b/lass/1systems/aergia/disk.nix @@ -0,0 +1,64 @@ +{ lib, ... }: +{ + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + type = "partition"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + type = "partition"; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + type = "partition"; + start = "1GiB"; + end = "100%"; + content = { + type = "luks"; + name = "aergia1"; + content = { + type = "btrfs"; + extraArgs = "-f"; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + # Mountpoints inferred from subvolume name + "/home" = { + mountOptions = []; + }; + "/nix" = { + mountOptions = []; + }; + }; + }; + }; + } + ]; + }; + }; + }; +} + diff --git a/lass/1systems/aergia/install.sh b/lass/1systems/aergia/install.sh new file mode 100644 index 000000000..0e4f0ab4c --- /dev/null +++ b/lass/1systems/aergia/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +target=$1 diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix new file mode 100644 index 000000000..de5f7540e --- /dev/null +++ b/lass/1systems/aergia/physical.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ + ./config.nix + (modulesPath + "/installer/scan/not-detected.nix") + ]; + disko.devices = import ./disk.nix; + + networking.hostId = "deadbeef"; + # boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; + device = "/dev/nvme0n1"; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + boot.kernelParams = [ + # Enable energy savings during sleep + "mem_sleep_default=deep" + "initcall_blacklist=acpi_cpufreq_init" + + # for ryzenadj -i + "iomem=relaxed" + ]; + + # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html + # On recent AMD CPUs this can be more energy efficient. + boot.kernelModules = [ "amd-pstate" "kvm-amd" ]; + + # hardware.cpu.amd.updateMicrocode = true; + + services.xserver.videoDrivers = [ + "amdgpu" + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + + environment.systemPackages = [ + pkgs.vulkan-tools + pkgs.ryzenadj + (pkgs.writers.writeDashBin "set_tdp" '' + set -efux + watt=$1 + value=$(( $watt * 1000 )) + ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit="$value" --fast-limit="$value" --slow-limit="$value" + '') + ]; + + # textsize + services.xserver.dpi = 200; + hardware.video.hidpi.enable = lib.mkDefault true; + + # corectrl + programs.corectrl.enable = true; + users.users.mainUser.extraGroups = [ "corectrl" ]; + + # use newer ryzenadj + nixpkgs.config.packageOverrides = super: { + ryzenadj = super.ryzenadj.overrideAttrs (old: { + version = "unstable-2023-01-15"; + src = pkgs.fetchFromGitHub { + owner = "FlyGoat"; + repo = "RyzenAdj"; + rev = "1052fb52b2c0e23ac4cd868c4e74d4a9510be57c"; # unstable on 2023-01-15 + sha256 = "sha256-/IxkbQ1XrBrBVrsR4EdV6cbrFr1m+lGwz+rYBqxYG1k="; + }; + }); + }; + + # keyboard quirks + services.xserver.displayManager.sessionCommands = '' + xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ''; + services.udev.extraHwdb = /* sh */ '' + # disable back buttons + evdev:input:b0003v2F24p0135* # /dev/input/event2 + KEYBOARD_KEY_70026=reserved + KEYBOARD_KEY_70027=reserved + ''; + + # ignore power key + services.logind.extraConfig = "HandlePowerKey=ignore"; +} diff --git a/lass/1systems/aergia/source.nix b/lass/1systems/aergia/source.nix new file mode 100644 index 000000000..abbf26c75 --- /dev/null +++ b/lass/1systems/aergia/source.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in { + nixpkgs = (if test then lib.mkForce ({ derivation = let + rev = npkgs.rev; + sha256 = npkgs.sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; }) else { + git.ref = lib.mkForce npkgs.rev; + }); +} diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index cd38c3585..077f7b3fa 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -27,7 +27,7 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.green; - lass.sync-containers3.inContainer = { + krebs.sync-containers3.inContainer = { enable = true; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; }; diff --git a/lass/1systems/hilum/disk.nix b/lass/1systems/hilum/disk.nix new file mode 100644 index 000000000..926401648 --- /dev/null +++ b/lass/1systems/hilum/disk.nix @@ -0,0 +1,53 @@ +{ lib, disk, keyFile, ... }: +{ + disk = { + main = { + type = "disk"; + device = disk; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + type = "partition"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + type = "partition"; + name = "ESP"; + start = "1MiB"; + end = "50%"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + type = "partition"; + start = "50%"; + end = "100%"; + content = { + type = "luks"; + name = "hilum_luks"; + keyFile = keyFile; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + }; + }; + } + ]; + }; + }; + }; +} + diff --git a/lass/1systems/hilum/flash-stick.sh b/lass/1systems/hilum/flash-stick.sh new file mode 100755 index 000000000..17a5fc580 --- /dev/null +++ b/lass/1systems/hilum/flash-stick.sh @@ -0,0 +1,37 @@ +#!/bin/sh +set -efux + +disk=$1 + +export NIXPKGS_ALLOW_UNFREE=1 +(umask 077; pass show admin/hilum/luks > /tmp/hilum.luks) +trap 'rm -f /tmp/hilum.luks' EXIT +stockholm_root=$(git rev-parse --show-toplevel) +ssh root@localhost -t -- $(nix-build \ + --no-out-link \ + -I nixpkgs=/var/src/nixpkgs \ + -I stockholm="$stockholm_root" \ + -I secrets="$stockholm_root"/lass/2configs/tests/dummy-secrets \ + -E "with import <nixpkgs> {}; (pkgs.nixos [ + { + luksPassFile = \"/tmp/hilum.luks\"; + mainDisk = \"$disk\"; + disko.rootMountPoint = \"/mnt/hilum\"; + } + ./physical.nix + ]).disko" +) +rm -f /tmp/hilum.luks +$(nix-build \ + --no-out-link \ + -I nixpkgs=/var/src/nixpkgs \ + "$stockholm_root"/lass/krops.nix -A populate \ + --argstr name hilum \ + --argstr target "root@localhost/mnt/hilum/var/src" \ + --arg force true +) +ssh root@localhost << SSH +NIXOS_CONFIG=/mnt/hilum/var/src/nixos-config nixos-install --no-root-password --root /mnt/hilum -I /var/src +nixos-enter --root /mnt/hilum -- nixos-rebuild -I /var/src switch --install-bootloader +umount -Rv /mnt/hilum +SSH diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix index f8bab57d6..6f160062d 100644 --- a/lass/1systems/hilum/physical.nix +++ b/lass/1systems/hilum/physical.nix @@ -1,11 +1,38 @@ -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ ./config.nix <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + { + # nice hack to carry around state passed impurely at the beginning + options.mainDisk = let + tryFile = path: default: + if lib.elem (builtins.baseNameOf path) (lib.attrNames (builtins.readDir (builtins.dirOf path))) then + builtins.readFile path + else + default + ; + in lib.mkOption { + type = lib.types.str; + default = tryFile "/etc/hilum-disk" "/dev/sdz"; + }; + config.environment.etc.hilum-disk.text = config.mainDisk; + } + { + options.luksPassFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + }; + } ]; + disko.devices = import ./disk.nix { + inherit lib; + disk = config.mainDisk; + keyFile = config.luksPassFile; + }; + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -13,21 +40,9 @@ boot.loader.grub.enable = true; boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0"; + boot.loader.grub.device = config.mainDisk; boot.loader.grub.efiInstallAsRemovable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2B9E-5131"; - fsType = "vfat"; - }; - swapDevices = [ ]; nix.maxJobs = lib.mkDefault 4; diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 8e5a60c36..7f6be782e 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -9,10 +9,16 @@ <stockholm/lass/2configs/consul.nix> <stockholm/lass/2configs/yellow-host.nix> <stockholm/lass/2configs/radio/container-host.nix> + <stockholm/lass/2configs/ubik-host.nix> # other containers <stockholm/lass/2configs/riot.nix> ]; krebs.build.host = config.krebs.hosts.neoprism; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx.enable = true; + security.acme.acceptTerms = true; + security.acme.defaults.email = "acme@lassul.us"; } diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix new file mode 100644 index 000000000..3bc20878e --- /dev/null +++ b/lass/1systems/orange/config.nix @@ -0,0 +1,21 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.orange; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l"; + }; +} diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/orange/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/1systems/radio/config.nix b/lass/1systems/radio/config.nix index 2fd23a448..5e34335d3 100644 --- a/lass/1systems/radio/config.nix +++ b/lass/1systems/radio/config.nix @@ -17,7 +17,7 @@ with import <stockholm/lib>; defaults.email = "acme@lassul.us"; }; - lass.sync-containers3.inContainer = { + krebs.sync-containers3.inContainer = { enable = true; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt"; }; diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix new file mode 100644 index 000000000..1d836d4ec --- /dev/null +++ b/lass/1systems/ubik/config.nix @@ -0,0 +1,33 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.ubik; + + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM"; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nextcloud = { + enable = true; + hostName = "c.apanowicz.de"; + package = pkgs.nextcloud25; + config.adminpassFile = "/run/nextcloud.pw"; + https = true; + }; + systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [ + "+${pkgs.writeDash "copy-pw" '' + ${pkgs.rsync}/bin/rsync \ + --chown nextcloud:nextcloud \ + --chmod 0700 \ + /var/src/secrets/nextcloud.pw /run/nextcloud.pw + ''}" + ]; +} diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/ubik/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 73d7f3780..ff8189e24 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -9,7 +9,7 @@ in { krebs.build.host = config.krebs.hosts.yellow; - lass.sync-containers3.inContainer = { + krebs.sync-containers3.inContainer = { enable = true; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL"; }; diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 1af2fa226..b35b0cb85 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -12,9 +12,9 @@ with import <stockholm/lib>; linkConfig = { RequiredForOnline = "routable"; }; - # networkConfig = { - # LinkLocalAddressing = "no"; - # }; + networkConfig = { + LinkLocalAddressing = "no"; + }; # dhcpV6Config = { # PrefixDelegationHint = "::/60"; # }; diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 1e41e8e02..66088a562 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -1,10 +1,6 @@ { config, pkgs, ... }: { - imports = [ - <stockholm/lass/2configs/container-networking.nix> - ]; - - lass.sync-containers3.containers.green = { + krebs.sync-containers3.containers.green = { sshKey = "${toString <secrets>}/green.sync.key"; }; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b874695a8..f5b2e22b7 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -1,5 +1,4 @@ -with import <stockholm/lib>; -{ pkgs, ... }: +{ config, lib, pkgs, ... }: let @@ -14,7 +13,6 @@ let port 465 tls on tls_starttls off - tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16 auth on user lassulus passwordeval pass show c-base/pass @@ -24,11 +22,12 @@ let notmuch-config = pkgs.writeText "notmuch-config" '' [database] path=/home/lass/Maildir + mail_root=/home/lass/Maildir [user] name=lassulus primary_email=lassulus@lassul.us - other_email=lass@mors.r;${concatStringsSep ";" (flatten (attrValues mailboxes))} + other_email=lass@mors.r;${lib.concatStringsSep ";" (lib.flatten (lib.attrValues mailboxes))} [new] tags=unread;inbox; @@ -93,11 +92,37 @@ let tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new - ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + ${lib.concatMapStringsSep "\n" (i: '' + '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} + ${lib.concatMapStringsSep "\n" (i: '' + mkdir -p "$HOME/Maildir/.${i.name}/cur" + for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do + if test -e "$mail"; then + mv "$mail" "$HOME/Maildir/.${i.name}/cur/" + else + echo "$mail does not exist" + fi + done + ${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${lib.concatMapStringsSep " or " (f: "${f}") i.value} + '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} + ${pkgs.notmuch}/bin/notmuch new + ${pkgs.notmuch}/bin/notmuch dump > "$HOME/Maildir/notmuch.backup" ''; tag-old-mails = pkgs.writeDashBin "nm-tag-old" '' - ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} + set -efux + ${lib.concatMapStringsSep "\n" (i: '' + ${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${lib.concatMapStringsSep " or " (f: "${f}") i.value} + mkdir -p "$HOME/Maildir/.${i.name}/cur" + for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files ${lib.concatMapStringsSep " or " (f: "${f}") i.value}); do + if test -e "$mail"; then + mv "$mail" "$HOME/Maildir/.${i.name}/cur/" + else + echo "$mail does not exist" + fi + done + '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} + ${pkgs.notmuch}/bin/notmuch new --no-hooks ''; muttrc = pkgs.writeText "muttrc" '' @@ -110,17 +135,6 @@ let set crypt_verify_sig = yes set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" - macro index \Cv \ - "<enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \ - <enter-command> set crypt_verify_sig=yes<enter> \ - <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \ - 'Verify PGP signature and open the message' - - macro pager \Cv \ - "<exit><enter-command> set my_crypt_verify_sig=\$crypt_verify_sig<enter> \ - <enter-command> set crypt_verify_sig=yes<enter> \ - <display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \ - 'Verify PGP signature' # read html mails auto_view text/html @@ -138,8 +152,8 @@ let set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" alternates ^.*@lassul\.us$ ^.*@.*\.r$ - set use_from=yes - set envelope_from=yes + unset envelope_from_address + set use_envelope_from set reverse_name set sort=threads @@ -148,7 +162,7 @@ let virtual-mailboxes "Unread" "notmuch://?query=tag:unread" virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" - ${concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)} + ${lib.concatMapStringsSep "\n" (i: ''${" "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (lib.mapAttrsToList lib.nameValuePair mailboxes)} virtual-mailboxes "TODO" "notmuch://?query=tag:TODO" virtual-mailboxes "Starred" "notmuch://?query=tag:*" virtual-mailboxes "Archive" "notmuch://?query=tag:archive" @@ -166,6 +180,15 @@ let macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred + # muchsync + bind index \Cr noop + macro index \Cr \ + "<enter-command>unset wait_key<enter> \ + <shell-escape>${pkgs.writeDash "muchsync" '' + set -efu + ${pkgs.muchsync}/bin/muchsync -F lass@green.r + ''}<enter> \ + 'run muchsync to green.r' #killed bind index d noop @@ -213,6 +236,9 @@ let macro pager ,@3 "<enter-command> set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar<Enter>" macro pager ] ,@1 'Toggle indexbar + # urlview + macro pager \cb <pipe-entry>'${pkgs.urlview}/bin/urlview'<enter> 'Follow links with urlview' + # sidebar set sidebar_divider_char = '│' set sidebar_delim_chars = "/" diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix new file mode 100644 index 000000000..e4bfcff89 --- /dev/null +++ b/lass/2configs/orange-host.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + krebs.sync-containers3.containers.orange = { + sshKey = "${toString <secrets>}/orange.sync.key"; + }; + services.nginx.virtualHosts."lassul.us" = { + # enableACME = config.security; + # forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://orange.r"; + }; + }; +} diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/radio/container-host.nix index e32095ffa..de0ea9afe 100644 --- a/lass/2configs/radio/container-host.nix +++ b/lass/2configs/radio/container-host.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - lass.sync-containers3.containers.radio = { + krebs.sync-containers3.containers.radio = { sshKey = "${toString < |