From c9e353d1aaa5d3331dc678a6181de8d96b5b1541 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 15:03:29 +0100 Subject: l: add consul config --- lass/2configs/consul.nix | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 lass/2configs/consul.nix (limited to 'lass/2configs') diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix new file mode 100644 index 000000000..b8d925de5 --- /dev/null +++ b/lass/2configs/consul.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + services.consul = { + enable = true; + # dropPrivileges = false; + webUi = true; + # interface.bind = "retiolum"; + extraConfig = { + bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr; + bootstrap_expect = 3; + server = true; + # retry_join = config.services.consul.extraConfig.start_join; + retry_join = lib.mapAttrsToList (n: h: + lib.head h.nets.retiolum.aliases + ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts); + rejoin_after_leave = true; + + # try to fix random lock loss on leader reelection + retry_interval = "3s"; + performance = { + raft_multiplier = 8; + }; + }; + }; + + environment.etc."consul.d/testservice.json".text = builtins.toJSON { + service = { + name = "testing"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; } + ]; +} -- cgit v1.2.3 From 3736bbf091a34ac9ab33b60d872a922080fd81f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 14:18:11 +0100 Subject: l green.r: add weechat auto mode --- lass/2configs/et-server.nix | 7 ++ lass/2configs/weechat.nix | 221 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 228 insertions(+) create mode 100644 lass/2configs/et-server.nix create mode 100644 lass/2configs/weechat.nix (limited to 'lass/2configs') diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix new file mode 100644 index 000000000..19961fb84 --- /dev/null +++ b/lass/2configs/et-server.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + services.eternal-terminal = { + enable = true; + }; + networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ]; +} diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix new file mode 100644 index 000000000..845a7e3b8 --- /dev/null +++ b/lass/2configs/weechat.nix @@ -0,0 +1,221 @@ +{ config, lib, pkgs, ... }: let + + weechat-configured = pkgs.weechat-declarative.override { + config = { + scripts = [ + pkgs.weechat-matrix + pkgs.weechatScripts.wee-slack + ]; + settings = { + irc.server_default.nicks = [ "lassulus" "hackulus" ]; + irc.server.bitlbee = { + addresses = "localhost/6666"; + command = "msg &bitlbee identify \${sec.data.bitlbee}"; + }; + irc.server.hackint = { + addresses = "irc.hackint.org/6697"; + autojoin = [ + "#c3-gsm" + "#panthermoderns" + "#36c3" + "#cccac" + "#nixos" + "#krebs" + "#c-base" + "#afra" + "#tvl" + "#eloop" + "#systemdultras" + "#rc3" + "#krebs-announce" + "#the_playlist" + "#germany" + "#hackint" + "#dezentrale" + "#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way + ]; + ssl = true; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.hackint_sasl}"; + }; + irc.server.r = { + addresses = "irc.r"; + autojoin = [ + "#xxx" + "#autowifi" + "#brockman" + "#flix" + "#kollkoll" + "#noise" + "#mukke" + ]; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.r_sasl}"; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + irc.server.libera = { + addresses = "irc.libera.chat/6697"; + autojoin = [ + "#shackspace" + "#nixos" + "#krebs" + "#dezentrale" + "#tinc" + "#nixos-de" + "#fysi" + "#hillhacks" + "#nixos-rc3" + "#binaergewitter" + "#hackerfleet" + "#weechat" + ]; + ssl = true; + sasl_username = "lassulus"; + sasl_fail = "reconnect"; + sasl_password = "\${sec.data.libera_sasl}"; + }; + irc.server.news = { + addresses = "news.r"; + autojoin = [ + "#all" + "#aluhut" + "#querdenkos" + "#news" + "#drachengame" + ]; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + matrix.server.lassulus = { + address = "matrix.lassul.us"; + username = "lassulus"; + password = "\${sec.data.matrix_lassulus}"; + device_name = config.networking.hostName; + }; + matrix.server.nixos_dev = { + address = "matrix.nixos.dev"; + username = "@lassulus:nixos.dev"; + device_name = config.networking.hostName; + sso_helper_listening_port = 55123; + }; + plugins.var.python.go.short_name = true; + plugins.var.python.go.short_name_server = true; + plugins.var.python.go.fuzzy_search = true; + relay.network.password = "xxx"; # secret? + relay.port.weechat = 9998; + relay.weechat.commands = "*,!exec,!quit"; + weechat.look.buffer_time_format = "%m-%d_%H:%M:%S"; + weechat.look.item_time_format = "%m-%d_%H:%M:%S"; + irc.look.color_nicks_in_names = true; + irc.look.color_nicks_in_nicklist = true; + logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog"; + logger.file.path = "/var/state/weechat_logs"; + logger.look.backlog = 1000; + weechat.notify.python.matrix.nixos_dev."!YLoVsCxScyQODoqIbb:hackint.org" = "none"; #c-base + weechat.notify.python.matrix.nixos_dev."!bohcSYPVoePqBDWlvE:hackint.org" = "none"; #krebs + weechat.notify.irc.news."#all" = "highlight"; + + # setting logger levels for channels is currently not possible declarativly + # because of already defined + logger.level.core.weechat = 0; + logger.level.irc = 3; + logger.level.python = 3; + weechat.bar.title.color_bg = 0; + weechat.bar.status.color_bg = 0; + alias.cmd.reload = "exec -oc cat /etc/weechat.set"; + script.scripts.download_enabled = true; + weechat.look.prefix_align = "left"; + weechat.look.prefix_align_max = 20; + irc.look.server_buffer = "independent"; + matrix.look.server_buffer = "independent"; + weechat.bar.buflist.size_max = 20; + weechat.color.chat_nick_colors = [ + 1 2 3 4 5 6 9 + 10 11 12 13 14 + 28 29 + 30 31 32 33 34 35 36 37 38 39 + 70 + 94 + 101 102 103 104 105 106 107 + 130 131 133 134 135 136 137 + 140 141 142 143 + 160 161 162 163 165 166 167 168 169 + 170 171 172 173 174 175 + 196 197 198 199 + 200 201 202 203 204 205 206 208 209 209 + 210 211 212 + ]; + }; + extraCommands = '' + /script upgrade + /script install go.py + /script install nickregain.pl + /script install autosort.py + /key bind meta-q /go + /key bind meta-t /bar toggle nicklist + /key bind meta-y /bar toggle buflist + /filter addreplace irc_smart * irc_smart_filter * + /filter addreplace playlist_topic irc.*.#the_playlist irc_topic * + /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit * + /set logger.level.irc.news 0 + /set logger.level.python.server.nixos_dev = 0; + /set logger.level.irc.hackint.#the_playlist = 0; + /connect bitlbee + /connect r + /connect news + /connect libera + /connect hackint + /matrix connect nixos_dev + /matrix connect lassulus + ''; + files."sec.conf" = toString (pkgs.writeText "sec.conf" '' + [crypt] + cipher = aes256 + hash_algo = sha256 + passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE" + salt = on + + [data] + __passphrase__ = on + hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC" + libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778" + r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD" + c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162" + matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9" + bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C" + matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97" + ''); + }; + }; + +in { + users.users.mainUser.packages = [ + weechat-configured + ]; + environment.etc."weechat.set".source = "${weechat-configured}/weechat.set"; + systemd.tmpfiles.rules = [ + "d /var/state/weechat_logs 0700 lass users -" + "d /var/state/weechat 0700 lass users -" + "d /var/state/weechat_cfg 0700 lass users -" + "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat" + "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg" + ]; + + systemd.services.weechat = { + wantedBy = [ "multi-user.target" ]; + restartIfChanged = false; + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + LoadCredential = [ + "WEECHAT_PASSPHRASE:${toString }/weechat_passphrase" + ]; + ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat"; + ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat + }; + }; +} -- cgit v1.2.3 From df68f9efc2c84b7507f5e1745e78bdb9e14cc851 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 Nov 2022 01:21:36 +0100 Subject: l zsh: use atuin for shell history --- lass/2configs/zsh.nix | 47 +++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 26 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 6571461ca..ed00068b1 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -1,6 +1,17 @@ { config, lib, pkgs, ... }: { - environment.systemPackages = [ pkgs.fzf ]; + environment.systemPackages = with pkgs; [ + atuin + direnv + fzf + ]; + environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" '' + auto_sync = true + update_check = false + sync_address = "http://green.r:8888" + sync_frequency = 0 + style = "compact" + ''); programs.zsh = { enable = true; shellInit = '' @@ -12,27 +23,9 @@ setopt autocd extendedglob bindkey -e - #history magic - bindkey "" up-line-or-local-history - bindkey "" down-line-or-local-history - up-line-or-local-history() { - zle set-local-history 1 - zle up-line-or-history - zle set-local-history 0 - } - zle -N up-line-or-local-history - down-line-or-local-history() { - zle set-local-history 1 - zle down-line-or-history - zle set-local-history 0 - } - zle -N down-line-or-local-history - - setopt SHARE_HISTORY - setopt HIST_IGNORE_ALL_DUPS - # setopt inc_append_history - bindkey '^R' history-incremental-search-backward + # # setopt inc_append_history + # bindkey '^R' history-incremental-search-backward #C-x C-e open line in editor autoload -z edit-command-line @@ -43,6 +36,13 @@ source ${pkgs.fzf}/share/fzf/completion.zsh source ${pkgs.fzf}/share/fzf/key-bindings.zsh + # atuin distributed shell history + export ATUIN_NOBIND="true" # disable all keybdinings of atuin + eval "$(atuin init zsh)" + bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin + # use zsh only session history + fc -p + #completion magic autoload -Uz compinit compinit @@ -67,11 +67,6 @@ bindkey "Od" emacs-backward-word ''; promptInit = '' - # TODO: figure out why we need to set this here - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - autoload -U promptinit promptinit -- cgit v1.2.3 From 0ee566ac97846e5b67d705882dac9ad24d8db75d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 Nov 2022 01:21:53 +0100 Subject: l zsh: add direnv --- lass/2configs/zsh.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index ed00068b1..a7b0c372c 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -65,6 +65,9 @@ bindkey "[8~" end-of-line bindkey "Oc" emacs-forward-word bindkey "Od" emacs-backward-word + + # direnv integration + eval "$(${pkgs.direnv}/bin/direnv hook zsh)" ''; promptInit = '' autoload -U promptinit -- cgit v1.2.3 From 093dd94a37adec80ed11857f3e70238217a6c969 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 Nov 2022 23:51:05 +0100 Subject: l green.r: setup as atuin-server --- lass/2configs/atuin-server.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 lass/2configs/atuin-server.nix (limited to 'lass/2configs') diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix new file mode 100644 index 000000000..ad959a311 --- /dev/null +++ b/lass/2configs/atuin-server.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + ensureDatabases = [ "atuin" ]; + ensureUsers = [{ + name = "atuin"; + ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES"; + }]; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + users.groups.atuin = {}; + users.users.atuin = { + uid = pkgs.stockholm.lib.genid_uint31 "atuin"; + isSystemUser = true; + group = "atuin"; + home = "/run/atuin"; + createHome = true; + }; + + systemd.services.atuin = { + wantedBy = [ "multi-user.target" ]; + environment = { + ATUIN_HOST = "0.0.0.0"; + ATUIN_PORT = "8888"; + ATUIN_OPEN_REGISTRATION = "true"; + ATUIN_DB_URI = "postgres:///atuin"; + }; + serviceConfig = { + User = "atuin"; + ExecStart = "${pkgs.atuin}/bin/atuin server start"; + }; + }; + networking.firewall.allowedTCPPorts = [ 8888 ]; +} -- cgit v1.2.3 From d6e4afaa99321830f8bf4de482150399decbe1d9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 00:13:11 +0100 Subject: l: use nsxiv --- lass/2configs/baseX.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index d3775ddbe..164569793 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -80,7 +80,10 @@ in { powertop rxvt-unicode sshvnc - sxiv + (pkgs.writers.writeDashBin "sxiv" '' + ${pkgs.nsxiv}/bin/nsxiv "$@" + '') + nsxiv taskwarrior termite transgui -- cgit v1.2.3 From 1079d8ed9b1dc1464619b52496475b1860989f80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 00:14:31 +0100 Subject: l: use iosevka font from kookie --- lass/2configs/alacritty.nix | 12 ++++++----- lass/2configs/baseX.nix | 49 +++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 54 insertions(+), 7 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix index 903ddf6cc..e97db0fc4 100644 --- a/lass/2configs/alacritty.nix +++ b/lass/2configs/alacritty.nix @@ -1,21 +1,23 @@ { config, lib, pkgs, ... }: let alacritty-cfg = extrVals: builtins.toJSON ({ - font = { + font = let + family = "Iosevka"; + in { normal = { - family = "Inconsolata"; + family = family; style = "Regular"; }; bold = { - family = "Inconsolata"; + family = family; style = "Bold"; }; italic = { - family = "Inconsolata"; + family = family; style = "Italic"; }; bold_italic = { - family = "Inconsolata"; + family = family; style = "Bold Italic"; }; size = 8; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 164569793..ea35fd4e8 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -108,10 +108,55 @@ in { enableGhostscriptFonts = true; fonts = with pkgs; [ - hack-font xorg.fontschumachermisc - terminus_font_ttf inconsolata + noto-fonts + (iosevka.override { + privateBuildPlan = { + family = "Iosevka"; + spacing = "normal"; + serifs = "sans"; + no-ligation = true; + + variants.design = { + capital-i = "serifless"; + capital-j = "serifless"; + a = "double-storey-tailed"; + b = "toothless-corner"; + d = "toothless-corner-serifless"; + f = "flat-hook-tailed"; + g = "earless-corner"; + i = "tailed"; + j = "serifless"; + l = "tailed"; + + m = "earless-corner-double-arch"; + n = "earless-corner-straight"; + p = "earless-corner"; + q = "earless-corner"; + r = "earless-corner"; + u = "toothless-rounded"; + y = "cursive-flat-hook"; + + one = "line"; + two = "straight-neck"; + three = "flat-top"; + four = "open"; + six = "open-contour"; + seven = "straight-serifless"; + eight = "two-circles"; + nine = "open-contour"; + tilde = "low"; + asterisk = "hex-low"; + number-sign = "upright"; + at = "short"; + dollar = "open"; + percent = "dots"; + question = "corner-flat-hooked"; + }; + }; + set = "kookiefonts"; + }) ]; }; -- cgit v1.2.3 From d2ae1c5a07af67a4ad8d41e031bae4bab5b0c9c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 00:15:09 +0100 Subject: l alacritty: open alacritty same session if possible --- lass/2configs/alacritty.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix index e97db0fc4..e5e001a4c 100644 --- a/lass/2configs/alacritty.nix +++ b/lass/2configs/alacritty.nix @@ -46,6 +46,7 @@ name = "alacritty"; paths = [ (pkgs.writeDashBin "alacritty" '' + ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml msg create-window "$@" || ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@" '') pkgs.alacritty -- cgit v1.2.3 From 629b4450c265c3d4caaf5d147c7f89dafe69df47 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 00:16:06 +0100 Subject: l: use clipmenu instead of copyq --- lass/2configs/baseX.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ea35fd4e8..73cf7551e 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,7 +7,6 @@ in { ./alacritty.nix ./mpv.nix ./power-action.nix - ./copyq.nix ./urxvt.nix ./xdg-open.nix ./yubikey.nix @@ -222,4 +221,20 @@ in { ''; }; }; + + services.clipmenu.enable = true; + + # synchronize all the clipboards + systemd.user.services.autocutsel = { + enable = true; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "forking"; + ExecStart = pkgs.writers.writeDash "autocutsel" '' + ${pkgs.autocutsel}/bin/autocutsel -fork -selection PRIMARY + ${pkgs.autocutsel}/bin/autocutsel -fork -selection CLIPBOARD + ''; + }; + }; } -- cgit v1.2.3 From 52fcac46303a391fb662934d75b01323d14cbcbc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 09:05:18 +0100 Subject: l: add missing red-host.nix --- lass/2configs/red-host.nix | 167 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 lass/2configs/red-host.nix (limited to 'lass/2configs') diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix new file mode 100644 index 000000000..cbd9c097e --- /dev/null +++ b/lass/2configs/red-host.nix @@ -0,0 +1,167 @@ +{ config, lib, pkgs, ... }: +let + ctr.name = "red"; +in +{ + imports = [ + + ]; + + + lass.sync-containers3.containers.red = { + sshKey = "${toString }/containers/red/sync.key"; + ephemeral = true; + }; + + # containers.${ctr.name} = { + # config = { + # environment.systemPackages = [ + # pkgs.dhcpcd + # pkgs.git + # pkgs.jq + # ]; + # networking.useDHCP = lib.mkForce true; + # systemd.services.autoswitch = { + # environment = { + # NIX_REMOTE = "daemon"; + # }; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' + # if test -e /var/src/nixos-config; then + # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + # fi + # ''; + # unitConfig.X-StopOnRemoval = false; + # }; + # }; + # autoStart = false; + # enableTun = true; + # privateNetwork = true; + # hostBridge = "ctr0"; + # bindMounts = { + # "/etc/resolv.conf".hostPath = "/etc/resolv.conf"; + # "/var/lib/self-state/disk-image" = { + # hostPath = "/var/lib/sync-containers3/${ctr.name}"; + # isReadOnly = true; + # }; + # }; + # }; + + # systemd.services."${ctr.name}_scheduler" = { + # wantedBy = [ "multi-user.target" ]; + # path = with pkgs; [ + # coreutils + # consul + # cryptsetup + # mount + # util-linux + # systemd + # untilport + # ]; + # serviceConfig = { + # Restart = "always"; + # RestartSec = "15s"; + # ExecStart = "${pkgs.consul}/bin/consul lock container_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-start" '' + # set -efux + # trap ${pkgs.writers.writeDash "stop-${ctr.name}" '' + # set -efux + # /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + # umount /var/lib/nixos-containers/${ctr.name}/var/state || : + # cryptsetup luksClose ${ctr.name} || : + # ''} INT TERM EXIT + # consul kv put containers/${ctr.name}/host ${config.networking.hostName} + # cryptsetup luksOpen --key-file /var/src/secrets/containers/${ctr.name}/luks /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} + # mkdir -p /var/lib/nixos-containers/${ctr.name}/var/state + # mount /dev/mapper/${ctr.name} /var/lib/nixos-containers/${ctr.name}/var/state + # ln -frs /var/lib/nixos-containers/${ctr.name}/var/state/var_src /var/lib/nixos-containers/${ctr.name}/var/src + # /run/current-system/sw/bin/nixos-container start ${ctr.name} + # set +x + # until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + # while /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + # ''}"; + # }; + # }; + + # users.groups."container_${ctr.name}" = {}; + # users.users."container_${ctr.name}" = { + # group = "container_${ctr.name}"; + # isSystemUser = true; + # home = "/var/lib/sync-containers3/${ctr.name}"; + # createHome = true; + # homeMode = "705"; + # openssh.authorizedKeys.keys = [ + # config.krebs.users.lass.pubkey + # ]; + # }; + + # systemd.timers."${ctr.name}_syncer" = { + # timerConfig = { + # RandomizedDelaySec = 300; + # }; + # }; + # systemd.services."${ctr.name}_syncer" = { + # path = with pkgs; [ + # coreutils + # rsync + # openssh + # systemd + # ]; + # startAt = "*:0/1"; + # serviceConfig = { + # User = "container_${ctr.name}"; + # LoadCredential = [ + # "ssh_key:${toString }/containers/${ctr.name}/sync.key" + # ]; + # ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" '' + # set -efu + # ! systemctl is-active --quiet container@${ctr.name}.service + # ''; + # ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" '' + # set -efu + # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk-image/disk $HOME/disk + # ''; + # }; + # }; + + # # networking + # networking.networkmanager.unmanaged = [ "ctr0" ]; + # networking.interfaces.dummy0.virtual = true; + # networking.bridges.ctr0.interfaces = [ "dummy0" ]; + # networking.interfaces.ctr0.ipv4.addresses = [{ + # address = "10.233.0.1"; + # prefixLength = 24; + # }]; + # systemd.services."dhcpd-ctr0" = { + # wantedBy = [ "multi-user.target" ]; + # after = [ "network.target" ]; + # serviceConfig = { + # Type = "forking"; + # Restart = "always"; + # DynamicUser = true; + # StateDirectory = "dhcpd-ctr0"; + # User = "dhcpd-ctr0"; + # Group = "dhcpd-ctr0"; + # AmbientCapabilities = [ + # "CAP_NET_RAW" # to send ICMP messages + # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) + # ]; + # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases"; + # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" '' + # default-lease-time 600; + # max-lease-time 7200; + # authoritative; + # ddns-update-style interim; + # log-facility local1; # see dhcpd.nix + + # option subnet-mask 255.255.255.0; + # option routers 10.233.0.1; + # # option domain-name-servers 8.8.8.8; # TODO configure dns server + # subnet 10.233.0.0 netmask 255.255.255.0 { + # range 10.233.0.10 10.233.0.250; + # } + # ''} ctr0"; + # }; + # }; + +} + -- cgit v1.2.3 From c5038e74f56d61b45fc10660d522e79e3e125a6a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 09:10:12 +0100 Subject: l: tweak font a bit --- lass/2configs/baseX.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 73cf7551e..01c6c8aff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -111,10 +111,11 @@ in { inconsolata noto-fonts (iosevka.override { + # https://typeof.net/Iosevka/customizer privateBuildPlan = { family = "Iosevka"; - spacing = "normal"; - serifs = "sans"; + spacing = "term"; + serifs = "slab"; no-ligation = true; variants.design = { @@ -125,7 +126,7 @@ in { d = "toothless-corner-serifless"; f = "flat-hook-tailed"; g = "earless-corner"; - i = "tailed"; + i = "hooky"; j = "serifless"; l = "tailed"; @@ -137,7 +138,7 @@ in { u = "toothless-rounded"; y = "cursive-flat-hook"; - one = "line"; + one = "no-base-long-top-serif"; two = "straight-neck"; three = "flat-top"; four = "open"; -- cgit v1.2.3 From 6858631284ae94fddf30180590c1f38aaf55fa5a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 10:13:13 +0100 Subject: l green-host: use sync-containers3 --- lass/2configs/green-host.nix | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index a83ed0544..1e41e8e02 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -2,32 +2,9 @@ { imports = [ - ]; - krebs.sync-containers.containers.green = { - peers = [ - "echelon" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - "styx" - ]; - hostIp = "10.233.2.15"; - localIp = "10.233.2.16"; - format = "ecryptfs"; - }; - services.borgbackup.jobs.sync-green = { - encryption.mode = "none"; - paths = "/var/lib/sync-containers/green/ecryptfs"; - repo = "/var/lib/sync-containers/green/backup"; - compression = "auto,lzma"; - startAt = "daily"; - prune.keep = { - daily = 7; - weekly = 4; - }; + lass.sync-containers3.containers.green = { + sshKey = "${toString }/green.sync.key"; }; } -- cgit v1.2.3