From 6bb208cb691565e74b4e0350cf90e0f8b21fd8e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 19:40:38 +0200 Subject: l 2 nixpkgs: 11a7899 -> c6ca9c8 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 931aabf08..b758bc24a 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; + ref = "c6ca9c8c8b7eb8f8e68868e36fb90e162adf080f"; }; } -- cgit v1.2.3 From d9c6fe8d3a1ea436f0f144559cd0f52c080bc9ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 19:47:42 +0200 Subject: l 2: move domes mail stuff to 2/websites --- lass/2configs/exim-smarthost.nix | 1 - lass/2configs/websites/domsen.nix | 43 +++++++++++++++++++++++++++++++-------- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1ba99c8cb..00a3612fd 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -27,7 +27,6 @@ with config.krebs.lib; { from = "lass@aidsballs.de"; to = lass.mail; } { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } - { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } ]; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 07df2e8de..becd1a872 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -110,14 +110,6 @@ in { }; }; - users.users.domsen = { - uid = genid "domsen"; - description = "maintenance acc for domsen"; - home = "/home/domsen"; - useDefaultShell = true; - extraGroups = [ "nginx" ]; - createHome = true; - }; #services.phpfpm.phpOptions = '' # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so @@ -133,5 +125,40 @@ in { cat ${pkgs.php}/etc/php-recommended.ini > $out echo "$options" >> $out ''; + + # MAIL STUFF + # TODO: make into its own module + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Mail"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport pop3"; target = "ACCEPT"; } + { predicate = "-p tcp --dport imap"; target = "ACCEPT"; } + ]; + krebs.exim-smarthost = { + internet-aliases = [ + { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "mail@jla-trading.com"; to = "jla-trading"; } + ]; + system-aliases = [ + ]; + }; + + users.users.domsen = { + uid = genid "domsen"; + description = "maintenance acc for domsen"; + home = "/home/domsen"; + useDefaultShell = true; + extraGroups = [ "nginx" ]; + createHome = true; + }; + + users.users.jla-trading = { + uid = genid "jla-trading"; + home = "/home/jla-trading"; + useDefaultShell = true; + createHome = true; + }; } -- cgit v1.2.3 From 617814725be64d5a7ce00c8a86a600644c963c67 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 21:26:16 +0200 Subject: l 2 downloading: remove folderPermissions --- lass/2configs/downloading.nix | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index cf9b631c8..597d20721 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -5,9 +5,6 @@ with config.krebs.lib; let rpc-password = import ; in { - imports = [ - ../3modules/folderPerms.nix - ]; users.extraUsers = { download = { @@ -64,15 +61,4 @@ in { { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; - - lass.folderPerms = { - enable = true; - permissions = [ - { - path = "/var/download"; - permission = "775"; - owner = "transmission:download"; - } - ]; - }; } -- cgit v1.2.3 From 0bd78c3b0de0fa79322e9031f45dcc62abd094d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 21:28:21 +0200 Subject: l 2 git: (re)move some repo-sync repos --- lass/2configs/repo-sync.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 45a4e2afd..027f31fe0 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -91,12 +91,11 @@ in { (sync-remote "repo-sync" "https://github.com/makefu/repo-sync") (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") + (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") (sync-retiolum "newsbot-js") - (sync-retiolum "painload") - (sync-retiolum "realwallpaper") (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") (sync-retiolum "web-routes-wai-custom") -- cgit v1.2.3 From 8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Jul 2016 13:06:15 +0200 Subject: nginx: use host name and aliases as default server-names --- krebs/3modules/nginx.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index fc7fcca6f..bc32da3b1 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -31,12 +31,10 @@ let options = { server-names = mkOption { type = with types; listOf str; - # TODO use identity - default = [ - "${config.networking.hostName}" - "${config.networking.hostName}.r" - "${config.networking.hostName}.retiolum" - ]; + default = + [config.krebs.build.host.name] ++ + concatMap (getAttr "aliases") + (attrValues config.krebs.build.host.nets); }; listen = mkOption { type = with types; either str (listOf str); -- cgit v1.2.3 From 716fcbf2821415b787d698cb2f6d5002ffe4644a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:20:32 +0200 Subject: tv git: allow all users to fetch public repos --- tv/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 4bc971370..fd3875410 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -101,7 +101,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ lass makefu ]; + user = attrValues config.krebs.users; repo = [ repo ]; perm = fetch; } ++ -- cgit v1.2.3 From 552e2cd918dbc41058ea97e7ee8001cc209582c9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:24:28 +0200 Subject: tv xserver: inherit (config.krebs.build) user --- tv/2configs/xserver/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index c41c0a81e..7a76530be 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,8 +1,7 @@ { config, pkgs, ... }@args: with config.krebs.lib; let - # TODO krebs.build.user - user = config.users.users.tv; + user = config.krebs.build.user; in { environment.systemPackages = [ -- cgit v1.2.3 From a774642d29dcc3a668abf9bbe13e88ee786b5d1d Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:46:24 +0200 Subject: tv pkgs.cr: %@ -> $@ --- tv/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index affb535ef..040a6ff3d 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -10,7 +10,7 @@ --ssl-version-min=tls1 \ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ --disk-cache-size=50000000 \ - "%@" + "$@" ''; ejabberd = pkgs.callPackage ./ejabberd { erlang = pkgs.erlangR16; -- cgit v1.2.3 From ad816aaa281094fc4fde1755de618440a5a1df28 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 11:47:46 +0200 Subject: tv pkgs.ff: drop sudo --- tv/5pkgs/default.nix | 4 +++- tv/5pkgs/ff/default.nix | 12 ------------ 2 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 tv/5pkgs/ff/default.nix diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 040a6ff3d..0b28747d5 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -15,7 +15,9 @@ ejabberd = pkgs.callPackage ./ejabberd { erlang = pkgs.erlangR16; }; - ff = pkgs.callPackage ./ff {}; + ff = pkgs.writeDashBin "ff" '' + exec ${pkgs.firefoxWrapper}/bin/firefox "$@" + ''; gnupg = if elem config.krebs.build.host.name ["xu" "wu"] then super.gnupg21 diff --git a/tv/5pkgs/ff/default.nix b/tv/5pkgs/ff/default.nix deleted file mode 100644 index b1d2c579a..000000000 --- a/tv/5pkgs/ff/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -# TODO use krebs.setuid -# This requires that we can create setuid executables that can only be accessed -# by a single user. [per-user-setuid] - -# using bash for %q -pkgs.writeBashBin "ff" '' - exec /var/setuid-wrappers/sudo -u ff -i < Date: Sat, 23 Jul 2016 12:18:46 +0200 Subject: tv ssh: init --- tv/1systems/zu.nix | 32 -------------------------------- tv/2configs/default.nix | 8 +------- tv/2configs/ssh.nix | 25 +++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 39 deletions(-) create mode 100644 tv/2configs/ssh.nix diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index bfc018cc3..645c60315 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -194,36 +194,4 @@ with config.krebs.lib; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; - -#/* -#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}'; -# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}'; -# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; } -#*/ -# networking.extraHosts = optionalString (1 == 1) '' -#54.255.133.72 api.zalora.sg -#52.77.12.194 bob.zalora.sg -#52.74.232.49 www.zalora.sg costa.zalora.sg -# ''; - - - #services.elasticsearch.enable = true; - #services.kibana.enable = true; - #services.logstash.enable = true; - - environment.etc."ssh/ssh_config".text = mkForce '' - AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} - - ${optionalString config.programs.ssh.setXAuthLocation '' - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - ''} - - ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} - - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - #PubkeyAcceptedKeyTypes +ssh-dss - - ${config.programs.ssh.extraConfig} - ''; - } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 04009f54d..8a14a2465 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -28,6 +28,7 @@ with config.krebs.lib; ./audit.nix ./backup.nix ./nginx + ./ssh.nix ./vim.nix { # stockholm dependencies @@ -140,13 +141,6 @@ with config.krebs.lib; fi ''; }; - - programs.ssh = { - extraConfig = '' - UseRoaming no - ''; - startAgent = false; - }; } { diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix new file mode 100644 index 000000000..7bf583426 --- /dev/null +++ b/tv/2configs/ssh.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: + +with config.krebs.lib; + +{ + # Override NixOS's "Allow DSA keys for now." + environment.etc."ssh/ssh_config".text = mkForce '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString config.programs.ssh.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} + + ${config.programs.ssh.extraConfig} + ''; + + programs.ssh = { + extraConfig = '' + UseRoaming no + ''; + startAgent = false; + }; +} -- cgit v1.2.3 From 5f0e7c6dd05022ac6f0ba1dd51594070a93068ba Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 12:58:03 +0200 Subject: tv x220: enableAllFirmware --- tv/1systems/alnus.nix | 1 - tv/1systems/xu.nix | 5 ----- tv/1systems/zu.nix | 5 ----- tv/2configs/hw/x220.nix | 3 +++ 4 files changed, 3 insertions(+), 11 deletions(-) diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix index 360390c09..a9646b588 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus.nix @@ -53,7 +53,6 @@ with config.krebs.lib; }; hardware = { - enableAllFirmware = true; opengl.driSupport32Bit = true; pulseaudio.enable = true; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index b832470d0..fec0a02c5 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -155,11 +155,6 @@ with config.krebs.lib; nixpkgs.config.chromium.enablePepperFlash = true; - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - #hardware.opengl.driSupport32Bit = true; - environment.systemPackages = with pkgs; [ ethtool tinc_pre diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 645c60315..c0d51436a 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -161,11 +161,6 @@ with config.krebs.lib; nixpkgs.config.chromium.enablePepperFlash = true; - #hardware.bumblebee.enable = true; - #hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - #hardware.opengl.driSupport32Bit = true; - environment.systemPackages = with pkgs; [ ethtool tinc_pre diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 9b3dd122a..c5a3485a2 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -10,6 +10,9 @@ networking.wireless.enable = true; + # Required for Centrino. + hardware.enableAllFirmware = true; + hardware.trackpoint = { enable = true; sensitivity = 220; -- cgit v1.2.3 From ce32d546deb0bab0fc664d65abe458fee34a5123 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:11:33 +0200 Subject: tv bash: init --- tv/2configs/bash.nix | 37 +++++++++++++++++++++++++++++++++++++ tv/2configs/default.nix | 37 +------------------------------------ 2 files changed, 38 insertions(+), 36 deletions(-) create mode 100644 tv/2configs/bash.nix diff --git a/tv/2configs/bash.nix b/tv/2configs/bash.nix new file mode 100644 index 000000000..fe87aa8d7 --- /dev/null +++ b/tv/2configs/bash.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + programs.bash = { + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + case $UID in + 0) + PS1='\[\e[1;31m\]\w\[\e[0m\] ' + ;; + ${toString config.krebs.build.user.uid}) + PS1='\[\e[1;32m\]\w\[\e[0m\] ' + ;; + *) + PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' + ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\e[35m\]\h'" $PS1" + fi + if test -n "$SSH_AGENT_PID"; then + PS1="ssh-agent[$SSH_AGENT_PID] $PS1" + fi + ''; + }; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 8a14a2465..c77c9cea9 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -27,6 +27,7 @@ with config.krebs.lib; ./audit.nix ./backup.nix + ./bash.nix ./nginx ./ssh.nix ./vim.nix @@ -105,42 +106,6 @@ with config.krebs.lib; environment.variables = { NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; }; - - programs.bash = { - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - - ${readFile ./bash_completion.sh} - - # TODO source bridge - ''; - promptInit = '' - case $UID in - 0) - PS1='\[\e[1;31m\]\w\[\e[0m\] ' - ;; - ${toString config.krebs.users.tv.uid}) - PS1='\[\e[1;32m\]\w\[\e[0m\] ' - ;; - *) - PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' - ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\e[35m\]\h'" $PS1" - fi - if test -n "$SSH_AGENT_PID"; then - PS1="ssh-agent[$SSH_AGENT_PID] $PS1" - fi - ''; - }; } { -- cgit v1.2.3 From 268303de888591f4b98dc610f89707cd3cfe3ef7 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:11:50 +0200 Subject: tv sshd: init --- tv/2configs/default.nix | 11 +---------- tv/2configs/sshd.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 tv/2configs/sshd.nix diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index c77c9cea9..7992c90cb 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -30,6 +30,7 @@ with config.krebs.lib; ./bash.nix ./nginx ./ssh.nix + ./sshd.nix ./vim.nix { # stockholm dependencies @@ -135,16 +136,6 @@ with config.krebs.lib; ''; } - { - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - tv.iptables.input-internet-accept-tcp = singleton "ssh"; - } - { environment.systemPackages = [ pkgs.get diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix new file mode 100644 index 000000000..943f32fe9 --- /dev/null +++ b/tv/2configs/sshd.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + services.openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "/etc/ssh/ssh_host_ed25519_key"; + } + ]; + }; + tv.iptables.input-internet-accept-tcp = singleton "ssh"; +} -- cgit v1.2.3 From b6dfed56ddb161907988e0bcbc923de0c5b226dd Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:19:44 +0200 Subject: tv xdg: init --- tv/2configs/default.nix | 11 +---------- tv/2configs/xdg.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 10 deletions(-) create mode 100644 tv/2configs/xdg.nix diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 7992c90cb..0e463212e 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -32,6 +32,7 @@ with config.krebs.lib; ./ssh.nix ./sshd.nix ./vim.nix + ./xdg.nix { # stockholm dependencies environment.systemPackages = with pkgs; [ @@ -144,15 +145,5 @@ with config.krebs.lib; pkgs.push ]; } - - { - systemd.tmpfiles.rules = let - forUsers = flip map users; - isUser = { name, group, ... }: - name == "root" || hasSuffix "users" group; - users = filter isUser (mapAttrsToList (_: id) config.users.users); - in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); - environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; - } ]; } diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix new file mode 100644 index 000000000..f05ec5431 --- /dev/null +++ b/tv/2configs/xdg.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; + + systemd.tmpfiles.rules = let + forUsers = flip map users; + isUser = { name, group, ... }: + name == "root" || hasSuffix "users" group; + users = filter isUser (mapAttrsToList (_: id) config.users.users); + in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); +} -- cgit v1.2.3 From ccb34ca338bec3219c0d25e1a5518548ce7ec898 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:29:39 +0200 Subject: mv: reinit --- krebs/3modules/default.nix | 1 + krebs/3modules/mv/default.nix | 41 ++++++++++ krebs/3modules/tv/default.nix | 2 +- mv/1systems/stro.nix | 172 +++++++++++++++++++++++++++++++++++++++++ tv/2configs/exim-smarthost.nix | 2 +- 5 files changed, 216 insertions(+), 2 deletions(-) create mode 100644 krebs/3modules/mv/default.nix create mode 100644 mv/1systems/stro.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a38d2b227..d64d8047a 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -91,6 +91,7 @@ let imp = lib.mkMerge [ { krebs = import ./lass { inherit config lib; }; } { krebs = import ./makefu { inherit config lib; }; } + { krebs = import ./mv { inherit config lib; }; } { krebs = import ./shared { inherit config lib; }; } { krebs = import ./tv { inherit config lib; }; } { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix new file mode 100644 index 000000000..dc47d8983 --- /dev/null +++ b/krebs/3modules/mv/default.nix @@ -0,0 +1,41 @@ +{ config, ... }: + +with config.krebs.lib; + +{ + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { + stro = { + cores = 4; + nets = { + retiolum = { + ip4.addr = "10.243.111.111"; + ip6.addr = "42:0:0:0:0:0:111:111"; + aliases = [ + "stro.r" + "cgit.stro.r" + "stro.retiolum" + "cgit.stro.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b + vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb + FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg + ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG + oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq + XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; + }; + }; + users = { + mv = { + mail = "mv@stro.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfMqkfXsGRaXJ86Pi5svAx4508ij5kc4cMLGwr1CLvFI5G7EHggiHMZYooibmkZimBF1PvLM1lOdoptJ4nSmc3UGuQaeV9BpZ1dNXexc8wOmVPKzAHYZG/2upcV/xVZQ9lk3UOmDym6fDUXThMx4nXdhOjScgWpKp7+0N3JRCf2UHusZjWFGlhE9l4irLFHCwlZeBQ16DNF4fc03vsfZBB1ZrGGZlaVpkcY+FTC3sm8R0iF5QGaq8PgltJoCNnp3L1g3Yn7Elva7kCHjZfJC1pu5icV8vZMNptPn1b10gPsNwb302FCjvZohzRcMo39L2gwdNWQmflYfYk+NPY9EgqkLtSvZJywYu8oTVLeYBAp0ZGzJR4+uIH9at/WQF499HFMxpF4uwYiQweUcPiHrrOqI5zLQoOvqh9Jv0UMsnFynNrszbCTgwzeW8bcvv8ILcjE9of8GXRCrlIMvt7Z9q8xrb5j1RhKscvusyyNOAL+HMZl6jgSxUBDtzRqPZ62QHJsBEBdRXdJRQLGeHNW9kGPrh/tiKGucuT3/HZC+2Rcemxt3RVT60+lHkghrMLi0/VOWBUKL9J94UK5xIE4Gb3RTW9DcNK53U4ql+N4ORSSEuhk3Rqzx3Bzv7AXpLKQCFKdB7tjxzGN7sCQM3PBUUo6Tk0VG2cIKOjzTRnDJlb7Q== mv@stro"; + }; + }; +} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d04f1cab2..a933cbddb 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -418,7 +418,7 @@ with config.krebs.lib; dv = { mail = "dv@alnus.r"; }; - mv = { + mv-cd = { mail = "mv@cd.r"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; }; diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix new file mode 100644 index 000000000..c948754df --- /dev/null +++ b/mv/1systems/stro.nix @@ -0,0 +1,172 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + krebs = { + enable = true; + build = { + user = config.krebs.users.mv; + host = config.krebs.hosts.stro; + source = let + HOME = getEnv "HOME"; + host = config.krebs.build.host; + in { + nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix"; + secrets.file = "${HOME}/secrets/${host.name}"; + stockholm.file = "${HOME}/stockholm"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; + }; + }; + }; + }; + + imports = [ + + + + + + + + + + + + + + + + + ]; + + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { + name = "luks1"; + device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part2"; + } + ]; + }; + + environment = { + profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; + shellAliases = mkForce { + gp = "${pkgs.pari}/bin/gp -q"; + df = "df -h"; + du = "du -h"; + ls = "ls -h --color=auto --group-directories-first"; + dmesg = "dmesg -L --reltime"; + view = "vim -R"; + + reload = "systemctl reload"; + restart = "systemctl restart"; + start = "systemctl start"; + status = "systemctl status"; + stop = "systemctl stop"; + }; + systemPackages = with pkgs; [ + dic + htop + p7zip + q + + pavucontrol + rxvt_unicode.terminfo + + # stockholm + git + gnumake + populate + ]; + variables = { + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; + }; + }; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part1"; + }; + "/" = { + device = "/dev/mapper/vg1-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/vg1-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + networking.hostName = config.krebs.build.host.name; + + nix = { + binaryCaches = ["https://cache.nixos.org"]; + # TODO check if both are required: + chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; + requireSignedBinaryCaches = true; + useChroot = true; + }; + + nixpkgs.config.allowUnfree = false; + + users = { + defaultUserShell = "/run/current-system/sw/bin/bash"; + mutableUsers = false; + users = { + mv = { + inherit (config.krebs.users.mv) home uid; + isNormalUser = true; + }; + }; + }; + + security.setuidPrograms = [ + "sendmail" + ]; + + security.sudo.extraConfig = '' + Defaults env_keep+="SSH_CLIENT" + Defaults mailto="${config.krebs.users.mv.mail}" + Defaults !lecture + ''; + + services.cron.enable = false; + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + services.nscd.enable = false; + services.ntp.enable = false; + services.timesyncd.enable = true; + + time.timeZone = "Europe/Berlin"; + + tv.iptables = { + enable = true; + accept-echo-request = "internet"; + }; + + system.stateVersion = "16.03"; +} diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 351b54da1..cade6fa7b 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -20,7 +20,7 @@ with config.krebs.lib; ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@viljetic.de"; to = tv.mail; } # RFC 822 - { from = "mirko@viljetic.de"; to = mv.mail; } + { from = "mirko@viljetic.de"; to = mv-cd.mail; } { from = "tomislav@viljetic.de"; to = tv.mail; } { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; } { from = "tv@viljetic.de"; to = tv.mail; } -- cgit v1.2.3 From 20142392d8f2dbf95c5629b588d3cf1d94be791c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:41:06 +0200 Subject: tv pkgs: with lib --- tv/5pkgs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 0b28747d5..baa1531ab 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,5 +1,5 @@ -{ pkgs, ... }: - +{ config, pkgs, ... }: +with config.krebs.lib; { nixpkgs.config.packageOverrides = { # TODO use XDG_RUNTIME_DIR? -- cgit v1.2.3 From 751afae363d1f5492d4a54a7b3f334499d32fb5b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:46:36 +0200 Subject: tv pkgs: packageOverride with super This is part of 0c7a44139fba572487fe853310b6d88a6ffa21c3. --- tv/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index baa1531ab..3590ad572 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: with config.krebs.lib; { - nixpkgs.config.packageOverrides = { + nixpkgs.config.packageOverrides = super: { # TODO use XDG_RUNTIME_DIR? cr = pkgs.writeDashBin "cr" '' set -efu -- cgit v1.2.3 From c546bc8c2dc1ec0fa120c79df3de4d977ce322ed Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 14:22:55 +0200 Subject: tv nixpkgs: 8bf31d7 -> 2568ee3 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 0e463212e..db1bfe5a2 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with config.krebs.lib; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; + ref = "2568ee3d73bdebd6bab6739adf8a900f3429c8e6"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From 917bdf236f8b38efeafd6c7b697a437ac18f64a6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:16:22 +0200 Subject: k 3 exim-smarthost: add authenticators option --- krebs/3modules/exim-smarthost.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index aba6ee0b5..8b6627678 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -2,6 +2,7 @@ with config.krebs.lib; let + indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; out = { @@ -12,6 +13,11 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + authenticators = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + dkim = mkOption { type = types.listOf (types.submodule ({ config, ... }: { options = { @@ -257,6 +263,10 @@ let begin rewrite begin authenticators + ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${name}: + ${indent text} + '') cfg.authenticators)} ''; }; }; -- cgit v1.2.3 From 3d8318d625db60060a3624081059f93b66ca5c46 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:16:41 +0200 Subject: k 3 exim-smarthost: add ssl options --- krebs/3modules/exim-smarthost.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 8b6627678..cfe2e5f04 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -86,6 +86,16 @@ let default = []; }; + ssl_cert = mkOption { + type = types.nullOr types.str; + default = null; + }; + + ssl_key = mkOption { + type = types.nullOr types.str; + default = null; + }; + system-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -142,7 +152,9 @@ let syslog_timestamp = false syslog_duplication = false - tls_advertise_hosts = + ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"} + ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"} + tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"} begin acl -- cgit v1.2.3 From 83090eb4a1f98614671ea3bdb48315cf5be5585c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:17:36 +0200 Subject: k 3: add genid_signed --- krebs/4lib/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 296748333..f62c033bd 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -33,6 +33,7 @@ let out = rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); genid = import ./genid.nix { lib = lib // out; }; + genid_signed = x: ((genid x) + 16777216) / 2; git = import ./git.nix { lib = lib // out; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; -- cgit v1.2.3 From 18469388a6f8f255b8094d002b3c176dab81b845 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:18:43 +0200 Subject: k 5 exim: add pam support --- krebs/5pkgs/exim/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix index 0918e308d..835970555 100644 --- a/krebs/5pkgs/exim/default.nix +++ b/krebs/5pkgs/exim/default.nix @@ -1,4 +1,4 @@ -{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: +{ coreutils, fetchurl, db, openssl, pam, pcre, perl, pkgconfig, stdenv }: stdenv.mkDerivation rec { name = "exim-4.87"; @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl"; }; - buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; + buildInputs = [ coreutils db openssl pam pcre perl pkgconfig ]; preBuild = '' sed ' @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { s:^# \(SUPPORT_TLS\)=.*:\1=yes: s:^# \(USE_OPENSSL_PC=openssl\)$:\1: s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(SUPPORT_PAM\)=.*:\1=yes\nEXTRALIBS=-lpam: s:^# \(HAVE_IPV6=yes\)$:\1: s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: -- cgit v1.2.3 From 29ef105c46287bb9964269004a56c51d4a2834bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:19:18 +0200 Subject: l 2 buildbot: uss ssh sockets --- lass/2configs/buildbot-standalone.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 5afb23687..7c7693ab7 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -3,8 +3,13 @@ with config.krebs.lib; let + sshHostConfig = pkgs.writeText "ssh-config" '' + ControlMaster auto + ControlPath /tmp/%u_sshmux_%r@%h:%p + ControlPersist 4h + ''; sshWrapper = pkgs.writeDash "ssh-wrapper" '' - ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ${pkgs.openssh}/bin/ssh -F ${sshHostConfig} -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" ''; in { -- cgit v1.2.3 From 947f79a399dd9ca6dd8a177d31d8b016692040f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Jul 2016 18:03:47 +0200 Subject: l 2 git: allow all users to fetch public repos --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 9a1cab176..ab4450715 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -80,7 +80,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu ]; + user = attrValues config.krebs.users; repo = [ repo ]; perm = fetch; } ++ -- cgit v1.2.3 From b139155bee6006f21993f3b2b6bfd5adde6fff6f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Jul 2016 21:36:47 +0200 Subject: l 3 power-action -> k 3 power-action --- krebs/3modules/default.nix | 1 + krebs/3modules/power-action.nix | 97 +++++++++++++++++++++++++++++++++++++++++ lass/1systems/helios.nix | 2 +- lass/2configs/power-action.nix | 4 +- lass/3modules/default.nix | 1 - lass/3modules/power-action.nix | 97 ----------------------------------------- 6 files changed, 101 insertions(+), 101 deletions(-) create mode 100644 krebs/3modules/power-action.nix delete mode 100644 lass/3modules/power-action.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d64d8047a..9af42acc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -28,6 +28,7 @@ let ./on-failure.nix ./os-release.nix ./per-user.nix + ./power-action.nix ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix new file mode 100644 index 000000000..4c2533eb7 --- /dev/null +++ b/krebs/3modules/power-action.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + cfg = config.krebs.power-action; + + out = { + options.krebs.power-action = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "power-action"; + battery = mkOption { + type = types.str; + default = "BAT0"; + }; + user = mkOption { + type = types.user; + default = { + name = "power-action"; + }; + }; + startAt = mkOption { + type = types.str; + default = "*:0/1"; + }; + plans = mkOption { + type = with types; attrsOf (submodule { + options = { + charging = mkOption { + type = nullOr bool; + default = null; + description = '' + check for charging status. + null = don't care + true = only if system is charging + false = only if system is discharging + ''; + }; + upperLimit = mkOption { + type = int; + }; + lowerLimit = mkOption { + type = int; + }; + action = mkOption { + type = path; + }; + }; + }); + }; + }; + + imp = { + systemd.services.power-action = { + serviceConfig = rec { + ExecStart = startScript; + User = cfg.user.name; + }; + startAt = cfg.startAt; + }; + users.users.${cfg.user.name} = { + inherit (cfg.user) name uid; + }; + }; + + startScript = pkgs.writeDash "power-action" '' + set -euf + + power="$(${powerlvl})" + state="$(${state})" + ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} + ''; + charging_check = plan: + if (plan.charging == null) then "" else + if plan.charging + then ''&& [ "$state" = "true" ]'' + else ''&& ! [ "$state" = "true" ]'' + ; + + writeRule = _: plan: + "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; + + powerlvl = pkgs.writeDash "powerlvl" '' + cat /sys/class/power_supply/${cfg.battery}/capacity + ''; + + state = pkgs.writeDash "state" '' + if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] + then echo "false" + else echo "true" + fi + ''; + +in out diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 5f161d731..53026a6fb 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -58,7 +58,7 @@ with config.krebs.lib; # }; #} { - lass.power-action.battery = "BAT1"; + krebs.power-action.battery = "BAT1"; } ]; diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index 0ff8547c7..133966498 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -11,7 +11,7 @@ let ''; in { - lass.power-action = { + krebs.power-action = { enable = true; plans.low-battery = { upperLimit = 30; @@ -36,6 +36,6 @@ in { ]; security.sudo.extraConfig = '' - ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} ''; } diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 6a3b41ca4..60370b230 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./ejabberd ./folderPerms.nix ./mysql-backup.nix - ./power-action.nix ./umts.nix ./urxvtd.nix ./wordpress_nginx.nix diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix deleted file mode 100644 index 30875c9a9..000000000 --- a/lass/3modules/power-action.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - cfg = config.lass.power-action; - - out = { - options.lass.power-action = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "power-action"; - battery = mkOption { - type = types.str; - default = "BAT0"; - }; - user = mkOption { - type = types.user; - default = { - name = "power-action"; - }; - }; - startAt = mkOption { - type = types.str; - default = "*:0/1"; - }; - plans = mkOption { - type = with types; attrsOf (submodule { - options = { - charging = mkOption { - type = nullOr bool; - default = null; - description = '' - check for charging status. - null = don't care - true = only if system is charging - false = only if system is discharging - ''; - }; - upperLimit = mkOption { - type = int; - }; - lowerLimit = mkOption { - type = int; - }; - action = mkOption { - type = path; - }; - }; - }); - }; - }; - - imp = { - systemd.services.power-action = { - serviceConfig = rec { - ExecStart = startScript; - User = cfg.user.name; - }; - startAt = cfg.startAt; - }; - users.users.${cfg.user.name} = { - inherit (cfg.user) name uid; - }; - }; - - startScript = pkgs.writeDash "power-action" '' - set -euf - - power="$(${powerlvl})" - state="$(${state})" - ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} - ''; - charging_check = plan: - if (plan.charging == null) then "" else - if plan.charging - then ''&& [ "$state" = "true" ]'' - else ''&& ! [ "$state" = "true" ]'' - ; - - writeRule = _: plan: - "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; - - powerlvl = pkgs.writeDash "powerlvl" '' - cat /sys/class/power_supply/${cfg.battery}/capacity - ''; - - state = pkgs.writeDash "state" '' - if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] - then echo "false" - else echo "true" - fi - ''; - -in out -- cgit v1.2.3